How to automate inactive license management for Microsoft Entra ID users
Effectively managing user licenses in Microsoft Entra ID can save your organization a lot of time and investment costs. By thoroughly understanding user requirements before assigning licenses—and regularly monitoring for inactive users and unused licenses—organizations can optimize their license usage. However, overlooking this important task could result in significant, avoidable costs.
Why should you automate license management for your Entra ID users?
Managing licenses for multiple Microsoft services—such as Outlook, PowerBI, SharePoint Online, OneDrive for Business, and Office applications—is crucial for Microsoft Entra ID users across various departments and levels. As users transition between departments or change organizational levels, their access needs will evolve, necessitating adjustments to the services they are authorized to use.
For administrators, manually adjusting settings for thousands of users with diverse needs is not only cumbersome but also prone to errors. Mistakes such as assigning incorrect licenses or failing to revoke unnecessary ones can hinder productivity and inadvertently provide access to unauthorized resources. Moreover, this will also drive up the expenses of your organization, as you will end up paying for licenses that your team does not even require or use frequently. Automating this process ensures accuracy, enhances security, and reduces unnecessary expenses, making it an essential strategy for efficient organizational management.
Automate inactive license management for Microsoft Entra ID users
To automate inactive license management for your Microsoft Entra ID users, you will need to automate two major processes.
Track Microsoft Entra ID users with stale licenses using M365 Manager Plus
You can track which users have inactive licenses by identifying the service that they rarely use or haven't used at all. If they haven't logged in to a service for a long period of time, it's reasonable to consider removing their license, as they aren't utilizing it. You can obtain the data on your users' last logins to services like Exchange Online, SharePoint Online, OneDrive for Business, and others using Microsoft Graph API. However, this process can be complex, error-prone, and challenging to filter through effectively.
ManageEngine M365 Manager Plus—a comprehensive tool used for reporting, managing, monitoring, auditing, and creating alerts for critical activities in your Microsoft 365 environments—can also be used to track Microsoft Entra ID users with stale licenses.
Here are the steps to automate tracking Microsoft Entra ID users with stale licenses using M365 Manager Plus.
- Log in to M365 Manager Plus, navigate to Reports, and select Schedule Report. Convert download
- Click Create Schedule.
- Type in a Scheduler Name and select the tenant for which you want to generate and schedule this report.
- Select Azure Active Directory in the Microsoft 365 Service drop-down and select the Stale Microsoft 365 Licenses report.
- In the pop-up that opens, you can decide the Service Licenses that you want to run the check for, the Matching Criteria (whether you want to match all selected licenses, or any of the licenses selected), and the Inactive Period for which data will be generated. You can click More Options to filter the report further and customize the Export File Name with macros.
- Configure the schedule using the Scheduled to Run drop-downs.
- Select the format in which you want the report to be emailed using the Export As drop-down. We will select CSV for this example. You can also configure the Storage Path to download the reports locally.
- In the Notification Settings drop-down, select Notify all reports.
- If you want the reports emailed to you, use the Select Notification Template option to select a format for your emails. This option will be accessible once you configure your email server.
- Click Save to create a scheduler that automates tracking Microsoft Entra ID users with stale licenses.
Remove stale licenses of Microsoft Entra ID users with M365 Manager Plus
Once the inactive services of users have been identified, you will have to remove the respective services from their assigned list of services. However, doing the same assignment for individual users in the Microsoft 365 admin center is a mundane and exhausting task for administrators with huge work loads.
Unlike the Microsoft 365 admin center, M365 Manager Plus helps add, remove, and change Microsoft 365 licenses in bulk—without having to use a single PowerShell script. And the best thing is, you can automate this just like how you automated the process of generating the list of inactive licenses. Here are the steps to automate removing stale licenses of Microsoft Entra ID users with M365 Manager Plus.
- Log in to M365 Manager Plus and navigate to Automation.
- Click Create New Automation and assign a name for your schedule. We will be using Stale License Cleanup-Exchange Online for this example.
- Select License Modification from the Select Task/Policy field.
- Fill the following fields accordingly:
- Select Remove selected licenses from the Assign / remove licenses dropdown.
- Select all the Exchange Online licenses in the Select Licenses field.
- Select your preferred location from the Usage Location dropdown. We have used None selected here as we did not want to limit the automation only to certain locations.
- Select CSV File in the Import Objects from field.
- Paste the file path of the report exported in Step 2 in the Location of CSV field, and check the Select only the appended objects from the file box.
- Set your desired Frequency using the adjacent drop-boxes and click Save.
Limitations of using native tools to automate inactive license management for Entra ID users
- Admins need to spend a lot of time executing complex Microsoft GraphAPI scripts.
- Administrators must be assigned at least the Reports Reader role to fetch results using Microsoft GraphAPI.
- Reports generated using Microsoft GraphAPI cannot be exported.
Benefits of using M365 Manager Plus to automate inactive license management for Entra ID users
- Effortlessly identify groups with disabled users without the need to memorize or execute complex PowerShell scripts.
- Delegate granular permissions to technicians without elevating their Microsoft 365 privileges, and create custom roles with any combination of reporting, management, and auditing tasks.
- Filter your reports just once and save them as custom reports that you can access in just a few clicks.
- Gain a thorough understanding of your environment in Microsoft Entra ID, Exchange Online, SharePoint Online, OneDrive for Business, and other Microsoft 365 services with detailed reports from a single console.
- Keep tabs on even the most granular user activities in your Microsoft 365 environment.
- Manage users, mailboxes, groups, sites, and contacts effortlessly in bulk without PowerShell scripting.
- Monitor the health and performance of Microsoft 365 features and endpoints around the clock.
Effortlessly schedule and export reports on your Microsoft 365 environment.
Try now for freeStreamline your Microsoft 365 governance and administration with M365 Manager Plus
Get Your Free TrialRelated Resources
-
Entra ID administration
- How to create custom roles in Microsoft Entra ID
- How to setup SSO in Microsoft Entra ID
- How to configure Conditional Access in Microsoft Entra ID
- What is Microsoft Entra ID?
- What are Microsoft Entra ID administrative units
- How to configure external authentication methods in Microsoft Entra ID
- How to set up self-service group management in Entra ID
- How to takeover unmanaged directory as administrator
- How to change authentication type of subdomain
- What is self-service signup in Entra ID
- Delete a tenant in Microsoft Entra ID
- Manage custom domain names in Microsoft Entra ID
- Multi-tenant organization interaction
-
Entra ID auditing and reporting
-
Entra ID bulk user management
-
Entra ID dynamic groups
-
Entra ID group management
- How to enforce naming policy on Microsoft 365 groups in Entra ID
- How to clean up resources related to all user groups
- How to create basic groups and add members in Entra ID
- Group management cmdlets
- How to add group to another group in Entra ID
- How to delete a group in Entra ID
- How to remove a group from another group in Entra ID
- Check import status
- Edit group settings in Entra ID
- Migrate users with individual licenses to groups
- Restore deleted groups in Microsoft Entra ID
- Set expiration for Microsoft 365 groups in Entra ID
-
Entra ID group membership
- How to utilize Microsoft Entra groups in Entra ID
- How to add group members in Entra ID
- How to add group owners in Microsoft Entra ID
- How to add or remove group member automatically in Entra ID
- How to create group of guest users using native admin center
- How to manage groups and group memberships in Entra ID
- How to remove guests from all user groups in Entra ID
- How to utilize groups and administrator roles in Entra ID
- Add or remove a group from another group in Entra ID
- Bulk group members addition in Entra ID
- Bulk remove group members from Entra ID groups
- How to remove members/owners of a group in Entra ID
-
Entra ID group reports
-
Entra ID license management
- How to automate inactive license management for Entra ID users
- How to change license assignments for user in Entra ID
- How to assign licenses to groups in Entra ID
- How to leverage group-based licensing for optimizing license management in Entra ID
- License assignment troubleshooting
- Assign licenses in Microsoft Entra ID
- Azure AD license membership modification
- Remove licenses in Microsoft Entra ID
- View license plans and details in Microsoft Entra ID
-
Entra ID User management
- How to manage permissions using access reviews in Microsoft Entra ID
- How to restrict guest access permissions in Entra ID
- How to clean up unmanaged Microsoft Entra accounts
- How to assign custom security attributes to users in Entra ID
- How to clean up stale accounts using access reviews
- How to share accounts with Entra ID
- How to update custom security attributes to users in Entra ID
- Add guest users
- Add users to Azure AD
- Assign user roles with Entra ID
- Close user account in an unmanaged Microsoft Entra organization
- How to revoke user access in Microsoft Entra ID using PowerShell
- Microsoft 365 delete users
- Remove custom security attribute assignments from users
-
Entra ID user reports
- How to monitor risky sign-ins in Microsoft Entra ID
- License usage reports in Microsoft Entra ID
- How to get the last logon date of users in Microsoft Entra ID
- How to view Microsoft 365 login attempts using PowerShell and Microsoft Entra ID
- How to report the MFA status for users in Microsoft Entra ID
- How to monitor recently created users in Entra ID
- Track password changes by admins in Microsoft Entra ID
- How to monitor user role changes in Entra ID
- How to track self-service password resets in Microsoft Entra ID
- How to create custom sign-in reports in Entra ID
- How to find deleted users in Entra ID
- How to verify deleted users in Entra ID
- Filter users based on custom security attributes
- Download Microsoft 365 user list
-
Entra ID workbooks
- How to create custom Microsoft Entra ID workbooks
- What are Microsoft Entra ID workbooks
- How to handle privilege escalation in Microsoft Entra ID
- How to monitor risky sign-ins using Microsoft Entra ID workbooks
- How to monitor your Microsoft 365 MFA setup using Entra ID workbooks
- How to audit for app permission threats with Microsoft Entra workbooks
- Conditional Access Gap Analyzer workbook in Microsoft Entra ID
-
Exchange Online administration
- How to change deleted items retention for Exchange Online mailboxes
- How to change the branding of clutter notifications in Exchange Online
- How to configure message delivery restrictions for Exchange Online mailboxes
- How to configure moderated recipients in Exchange Online
- How to create user mailboxes in Exchange Online
- How to enable and disable MAPI for a mailbox in Exchange Online
- How to enable or disable Outlook on the web for a mailbox in Exchange Online
- How to manage mail contacts in Exchange Online
- How to manage permissions for recipients in Exchange Online
- How to manage resource mailbox in Exchange Online
- How to save sent items in a delegators mailbox in Exchange Online
- How to create and edit shared mailboxes in Exchange Online
- How to add or remove email address for a mailbox in Exchange Online
- How to configure email forwarding for a mailbox in Exchange Online
- How to convert a mailbox in Exchange Online
- How to delete or restore user mailboxes in Exchange Online
- How to manage user mailboxes in Exchange Online
-
Exchange Online groups
- Create and manage groups in Exchange admin center in Exchange Online
- How to create and manage distribution list groups in Exchange Online
- How to create and manage dynamic distribution list groups in Exchange Online
- How to create distribution group naming policy in Exchange Online
- How to manage guest access to Microsoft 365 groups in Exchange Online
- How to manage role groups in Exchange Online
- How to override the distribution group naming policy in Exchange Online
- How to view members of a distribution group in Exchange Online
-
Microsoft Teams
-
Public Folders
- Create public folder calendar in Exchange Online
- How to restore deleted public folder in Exchange Online
- How to setup public folders in new organization
- Migrate public folders to Microsoft 365 groups in Exchange Online
- Recover deleted public folder mailbox in Exchange Online
- How to mail-enable and mail-disable public folders in Exchange Online