I'm trying to find out how I can distribute an app with licenses for a group, preferably using Azure.
The flow I'm envisioning is an installer for the application only allows X number of users and has to verify this with a server somewhere, ie if a group has bought 100 copies of the software they are restricted to using only 100 installs.
Will Azure AD do this, or is this something that I would need to develop myself?
• You can surely distribute an app and monitor the licenses for that application that is deployed for a group of users by ensuring that you have Microsoft 365 license with you. With Microsoft 365, the management of licenses for an ISV app, i.e., Independent Software Vendor app (software vendor other than Microsoft) can be easily done by adding that application as a custom application in the Microsoft 365 admin centre through the ‘Integrated Apps’ option as shown below: -
• Similarly, after adding an app to the Microsoft 365 admin centre as shown above, you can assign licenses to the added application as below by going to the ‘Licenses’ section in ‘Billing’ part of the M365 portal. Also, while assigning licenses, you can select a group of users, select multiple users, or only select a single user for assigning the software license for the added app from ISV.
In this way, through Microsoft 365, you can surely manage the distribution of licenses for an app for which the installation on a specific number of users and their devices needs to be managed through it.
For more detailed information regarding the addition of apps for an ISV in the Microsoft 365 portal, kindly refer to the below link: -
https://learn.microsoft.com/en-us/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps?source=recommendations&view=o365-worldwide
Related
Good afternoon,
I am confused about licensing in Azure and I am hoping someone here can help me understand. Regrettably, Microsoft was not particularly helpful when I contacted sales.
I have an on-prem AD synced with Azure AD cloud (free edition). We have a number of guests (for purposes of this question, 10) for Teams access, and I would like to implement an MFA requirement for them. It appears Azure AD premium licensing may be required to do this. If it is, does each guest user need an Azure AD Premium P1 or P2 license assigned (so 10 Azure AD Px licenses)? Or do I just need one for the administrator?
I'm finding the licensing portion confusing.
Thank you.
The licensing agreement requires that every user using Azure MFA needs at least a Premium P1 license. (See related discussion.)
If you are using the free version with security defaults enabled, then you can use a subset of the MFA features and the users can only authenticate using the Authenticator app. But you won't be able to use conditional access or have MFA turned on for some users and not others.
Given situation
I have two Azure AD directories in one Azure portal tenant.
AD_1 - A directory that got automatically created when signed up for Azure cloud the first time
AD_2 - A directory that I have manually created for managing a different set of users.
I also have an office365 account, that got created using the same Azure account. In it first I purchased a subscription.
SUBSCRIPTION_1 - only office apps. The licenses are attached to users in AD_1
Later I purchased another subscription purely for non-office products for different set of users.
SUBSCRIPTION_2 - exchange, yammer etc apps - A new subscription.
Questions
Is it possible to associate SUBSCRIPTION_2 to only users in directory AD_2?
If above is YES, how to do?
Disclaimer: I am a noob to whole Azure AD, Office 365, for that matter Microsoft products. Please forgive my naivety.
No matter the originating subscription access to services or apps only depends on licenses. So just navigate to Office 365 Portal > Administration > Users > Active, there select a user and assign the appropriate license, no matter from which AD user comes from, in fact it is also possible to assign licenses to users created in a local AD that is synchronized to Azure AD (administration privileges are needed for this procedure)
This is a licensing related question for Azure Active Directory.
We would like to use Azure AD as a SAML identity provider for our own applications, using the available method in the Azure AD Premium subscription, i.e. by creating a new custom application in the 'enterprise applications' list. Now do I need to assign a Premium license to every user that is going to login to this application via SAML? Or does it suffice to assign this license to the users that are administering the application?
The former case seems more plausible to me, however it would be way too expensive for us, and during testing the custom applications seems to work also for users which do not have the license.
https://azure.microsoft.com/en-us/pricing/details/active-directory/
I am not a licesing expert, that said, Azure AD licenses are per user. Read the doc above. If the app is pre-integrated in the gallery, Azure AD users with the free tier can connect to 10 apps at no cost. If the app is on-premises, that requires Azure Application Proxy which would require Azure AD Basic.
If it's a custom application not in the gallery AD Premium is required. Keep in mind AD premium has a ton more functionality. Conditional Access is a Game Changer. Very powerful. Multifactor Authentication, self service password reset, MIM, SCCM CALs, are all included.
Being able to simplify identity for users and link All applications they use to their AD account is important. Ems gives you the ability to monitor identity with Advanced Threat Analytics etc. It's actually a very useful suite of services and not drastically different in price than stand alone AD premium.
There is an interesting point on license page too
Blockquote
With Azure AD Free and Azure AD Basic, end users who have been assigned access to SaaS apps can get SSO access to up to 10 apps. Admins can configure SSO and change user access to different SaaS apps, but SSO access is only allowed for 10 apps per user at a time. All Office 365 apps are counted as one app.
I have a MS company account using Office 365 (so myname#mydomain.com is my account), and I use Office, Azure, and Visual Studio Team Services.
However, I cannot find anywhere how to enable 2FA for this account. I can set up 2FA for my normal, personal, windows live Id using this page:
http://windows.microsoft.com/en-US/windows/two-step-verification-faq.
But that doesnt work for company accounts.
Anyone knows if this is possible? thanks!
What you need is Multi-Factor Authentication for Azure Active Directory. It is part of AAD Premium features.
You can read how to enable and configure it here. And more info on it here.
UPDATE
As per documentation:
Multi-Factor Authentication is now included with Premium and can help
you to secure access to on-premises applications (VPN, RADIUS, etc.),
As well as per this documentation:
Azure Multi Factor Authentication is included in Azure Active
Directory Premium and as a result it is also included with the
Enterprise Mobility Suite
Note: MFA is (at least was) possible with the free AAD but only for the Global Admins in the directory, or for Subscription Administrators within an Azure Subscription.
I have a portal through which I resell different vendor's software licenses. I have a question on Office 365 provisioning and selling user licenses to my clients.
My requirement is as follows:
User should be able to log in through my portal and create their Office 365 user account and choose plans as per their need
Through Single sign on (SSO) activity, I need to get the SSO Url, so Office 365 users already logged in to my portal do not require to log in again to their Office 365 account again
Users can update, cancel their Office 365 user accounts through my portal
I have researched on internet regarding Office 365 provisioning and found following ways to integrate Office 365 client application in my portal
Using ‘https://provisioningapi.microsoftonline.com/ProvisioningWebService.svc?wsdl’ WebService, this WebService has got all required APIs to provision Office 365. could not find any documentation for this WebService on the web. It would be nice if I can get documentation of this webservice.
Using PowerShell Cmdlets. Most blog users suggest this as the best way for provisioning Office 365. I tried this but need a Partner account or Tenant Administrator account who can actually provision users
Am I moving towards the right direction? If I need to test how to provision Office 365 users within my environment can I get any test/dummy tenant administrator/partner user account? It would be nice if you can answer my questions little fast.
If you're interested in reselling Office 365 subscriptions, what you want is probably to become part of the Microsoft Partner Network. There is currently no method to programmatically provision Office 365 accounts (except for -maybe- Microsoft resellers/partners)
If the Office 365 account exists already, you can programmatically provision users, groups, subscriptions, etc., but as you've seen, you either need to be a partner (who provisioned that account in the first place), or a tenant administrator.
As far as programmatic access to Azure Active Diretory (the underlying identity system that Office 365 accounts use), I strongly recommend staying away from the web service you mention (it's simply the web service used by the AAD cmdlets). You can use the PowerShell cmdlets (from .NET code if needed), or even better, the Azure Active Directory Graph API for a web-friendly RESTful interface.