Office365 service plan and subscription V7.1

Hello community,

I Would like some clarification concerning the Azure AD connector, we are on 1IM v7.1.

I don't tested yet the Azure AD connector but I understand that 1IM is able to retrieve azure AD user account and the asssigned 0365 service plan / subscription OOTB. My question is does the version 7.1 is also able to assign/provision 0365 service plan and subscription to user ? If not which 1IM version is able to do this?

FYI : The AAD Administration guide v7.1 state the following 

Information about subscriptions and service plans within a tenant is loaded into One Identity Manager during synchronization. Asisgned subscriptions and active service plans are deteremined for the user accounts. You can assign subscriptions to the user accounts. In this way, user accounts obtain the service plans, which are connected to a subscription. You can disable individual service plans. You cannot edit any other subscription and service plan master data.

The green part let me think that yes 1IM is able to provision O365 SKU/COMPONENT, could you confirm me the information?

 

Regards,

Alain K.

  • Hi Alain,

    yes, the connector is able to assign SKUs to a Azure users. You are also able to disable certain services during this process as you can do in the management portal of office 365.

    Regards,
    Stefan
  • In reply to Stefan.Boerner:

    Many thanks Stefan,

    So if I understood well, correct me if i am wrong :
    1IM is able to assign a SKU to a Azure user (e.g : office 365 entreprise e3) so all the service plans assciated to the sku are also assigned (Skype / Yammer / Office ...) automatically without assigning each service plan to the user in 1IM.
    If we want to only add the service plan "Office pro +" for example, we need a 2nd step in order to remove Yammer / Skype ... ?

    Or does 1IM is able to provision only "Office pro +" service plan from a SKU in only one step ?

    I am a little bit confused with the Azure AD connector and o365.

    Alain K.
  • In reply to alain.kong-pouzol:

    alain.kong-pouzol

    1IM is able to assign a SKU to a Azure user (e.g : office 365 entreprise e3) so all the service plans assciated to the sku are also assigned (Skype / Yammer / Office ...) automatically without assigning each service plan to the user in 1IM.

    Correct. The services contained i.e. in Office 365 Enterprise E3 change over time as Microsoft adds new services. I think this is the reason, why they implemented the "disabled services" as a blacklist so that new services are active automatically. Otherwise the admin would have to enable a newly added service for each user once those new services go live. 1IM implements this behavior as follows:

    When you assign a License/SKU to a User a new record in AADUserHasSubSku is created. This table holds the license assignments for Azure. It also has a DenyList field that is empty by default during creation and also cannot be directly modified by the user. If you want to disable certain services, you create a new record in the AADUserHasDeniedService table. The DB will automatically search for a license assignment AADUserHasSubSku and add the service id to the DenyList attribute. All modifications to AADUserHasSubSku will trigger a provisioning process, that adds/deletes/updates the license assignment in Azure/Office365.

    Hope that helps,
    Stefan

  • In reply to Stefan.Boerner:

    Stefan,

    Thank you for your time and your detailed explanation, it is now more clear for me.

    Alain K.