Bulk enable specific services via the Azure AD PowerShell module

In a previous article, we covered the scenario of bulk-enabling a specific Office 365 service/plan to a group of users via the Azure AD PowerShell module. The script is fairly simple – it gets the list of users, iterates over each of them and adjust the licenses based on the list of services/plans you’ve opted to disable. The script supported multiple plan adjustments at a time, by providing an array of plans to disable, designated either by their GUID, or a their human-readable name. And this article in turn gives you a list of (almost)¬†all the SKUs and their corresponding plans.

At the time of writing, I didn’t bother to give an example of how we can do the opposite – bulk enable plans that have been previously disabled. The process of course is very similar, but there are some minor points you need to address. Some additional checks were added as well, in order to make sure we don’t end up enabling all the plans, and not just the desired ones. Without further ado, here’s the code:

Connect-AzureAD

$users = Get-AzureADUser -All:$true | ? {$_.AssignedLicenses}
$SKUs = Get-AzureADSubscribedSku
 
$plansToEnable = @("MICROSOFTBOOKINGS","b737dad2-2f6c-4c65-90e3-ca563267e8b9")
 
foreach ($user in $users) {
    $userLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
    foreach ($license in $user.AssignedLicenses) {
        $SKU =  $SKUs | ? {$_.SkuId -eq $license.SkuId}
        foreach ($planToEnable in $plansToEnable) {
            if ($planToEnable -notmatch "^[{(]?[0-9A-F]{8}[-]?([0-9A-F]{4}[-]?){3}[0-9A-F]{12}[)}]?$") { $planToEnable = ($SKU.ServicePlans | ? {$_.ServicePlanName -eq "$planToEnable"}).ServicePlanId }
            if (($planToEnable -in $SKU.ServicePlans.ServicePlanId) -and ($planToEnable -in $license.DisabledPlans)) {
                $license.DisabledPlans = ($license.DisabledPlans | ? {$_ -ne $planToEnable}| sort -Unique)
                Write-Host "Added plan $planToEnable from license $($license.SkuId)"
            }
        }
        $userLicenses.AddLicenses += $license
    }
    Set-AzureADUserLicense -ObjectId $user.ObjectId -AssignedLicenses $userLicenses
}

It goes without saying, you should test the code before running it in production. Although I have tried to test all scenarios I could think of, it’s more than likely that I have missed some edge cases for which the script might need adjustments. It’s also important to note that the script doesn’t handle any plan dependencies, and will fail if you try to enable a plan that has a dependency on another, currently disabled plan. Do let me know if you run into any issues.

This entry was posted in Azure AD, Office 365, PowerShell. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *