Microsoft introduces license management through Azure Active Directory and deploys Slack integration
Microsoft this week announced a new licensing scheme based on the Azure Active Directory group that is in preview, as well as Azure AD integration with Slack.
Slack is a collaboration software maker that rivals Microsoft’s new Teams service. Microsoft has announced that its Teams collaboration service, currently in beta, is expected to launch in the quarter. Despite these implicit competitive tensions between the two companies, the Slack and Microsoft Azure AD teams have found the time to collaborate to enable âfederated single sign-onâ access for Slack users, as well as automated Azure AD provisioning. .
The federated aspect of single sign-on was not described very well in Microsoft’s announcement. Presumably, this means that Slack users can have their local credentials linked to Azure AD, through a federation server, so they don’t have to enter a password twice to access services.
According to Microsoft’s announcement, Azure AD’s automated provisioning capability for Slack will enable the following features:
- Enable provisioning of Slack users based on their Azure AD “group or account membership status” and
- Allow the creation and management of groups in Slack “based on groups in Azure AD and Active Directory”.
Automated provisioning capability enabled through Azure AD will require organizations to have a Slack Plus license, or better, or they will need to be licensed to use Slack’s new Enterprise Grid management product. Azure AD’s automated provisioning capability is enabled through Slack’s SCIM API, which is designed for use by Slack single sign-on partners. However, using this API requires having a Slack Plus plan in place or better, Microsoft’s tutorial document on the subject clarified.
Overview of group license management
Microsoft also released a preview this week of a new way to automatically assign and remove software licenses for end users using Azure AD. This scheme of “Azure AD group-based licensing” is based on the use of a “licensing model”, which is assigned to an Azure AD security group. Once this is configured, “Azure AD will automatically assign and remove licenses when users join and leave the group,” Microsoft’s announcement explained. The feature eliminates the need to use PowerShell to automate this capability.
“This [group-based licensing] eliminates the need to automate license management through PowerShell to reflect changes in organization and departmental structure per user, âMicrosoft explained in its documentation.
Additionally, Microsoft has added the ability to this software licensing scheme to “selectively deactivate service components in product licenses.” For example, educational institutions can use this feature to remove Yammer licenses, which come with some Office 365 subscriptions, Microsoft explained in a blog post. The ability to remove software license components applies to “all Microsoft online services that require user-level licensing,” the Microsoft announcement said.
Automatic license changes using this feature will occur “within minutes of the membership change,” Microsoft’s documentation explained. If a license assignment fails, administrators will have access to this information, Microsoft promised.
The Azure AD group-based management functionality requires the use of the Azure management portal. It will also be tied to the use of the Office 365 Enterprise E3 or higher license when it achieves âgeneral availabilityâ commercial status, according to Microsoft’s announcement.
To use the preview, organizations will need an Azure AD Basic or higher subscription for their tenant. However, license inheritance from groups will only work for organizations that have paid for Azure AD subscriptions, Microsoft documentation says.
Kurt Mackie is Senior News Producer for 1105 Media’s Converge360 Group.