Assigning Office 365 Licenses Automatically

Hello World, Daniel Lucas and Eroilton Borges is here, with a special thanks to Rodrigo Fonseca to helping about Hybrid Identity and review and contribute for this one, to talk about how to automatically assign Office 365 licenses in Azure AD, without need to run Powershell commands.

Nowadays, when a new user needs to have Office 365 License, it is necessary run a Powershell command to set a location (Some Microsoft services are not available in all locations. Before a license can be assigned to a user, the administrator should specify the Usage location property on the user.) and assign a license.

But now, it is possible to assign license in Azure AD based on groups, and it´s extremally helpful, because you don´t need to run script for every new user in your organization.

To complete this task, it´s necessary complete two steps:

1 – Add a AAD Connect Synchronization rule, to populate the attribute UsageLocation in Azure AD.

2 – Select Office 365 Products to assign license based on groups.

AAD Connect Sync Rules:

We´ll create two rules in AAD Connect:

1 – If the attribute “UsageLocation” is Null or Empty, we´ll populate with an unique country code (In my example “US”).

2 – Populate the ADDS Attribute with the Country Code

1st rule:

  1. Launch the Synchronization Rules Editor.
  2. Under Rule Types, click Inbound, and create a new rule.
  3. Set the precedence to 108.


  4. In the Transformations tab, Add Transformation “Expression” target: Usage Location – Source: IIF(IsNullOrEmpty([c]),”US”,[c]), Merge Type: Update.


  5. Click in Save.

2nd rule:

  1. Launch the Synchronization Rules Editor.
  2. Under Rule Types, click Outbound, and create a new rule.
  3. Set the precedence to 110.
  4. In the Transformations tab, Add Transformation “Direct” target: C – Source: UsageLocation, Merge Type: Update.


  5. Run the Sync Cycle and check if the Attribute is Populated.

    Start-ADSyncSyncCycle -PolicyType Delta

  6. Open the Windows Azure Active Directory Module for Windows Powershell
  7. Run the command: Connect-MsolService
  8. Check the user: Get-MsolUser -UserPrincipalName user@domain.com | fl UserPrincipalName, UsageLocation


Assign Office 365 License based on Groups:

First, in this example, I created in my on-premises Active Directory, 3 security groups to select different Office 365 products:

1 – Outlook_License

2 – Skype_License

3 – Sharepoint_License

After created, force a new Sync Cycle, and check in the Azure Portal if the Groups are populated.

In the Azure Portal portal.azure.com , select the Azure Active Directory, then select “Licenses“.

Under All Products, select Office 365 Enterprise E3.

Under Licensed Groups, select the Group that you want to assign

Under Assignment Option, select which Products will be available for the Group.

Now, you just need to populate your groups, and wait the Azure AD to assign the Licenses.

Note: When a user is a part of two or more groups, the user will inherit the licenses combined and all products will be available for the user.

If you want to know, how is the correct country code for my user, here is the information:

https://en.wikipedia.org/wiki/ISO_3166-2

For more examples in how to assign group licenses using Powershell: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-ps-examples

Hope that this article helps you.

Daniel Lucas.