Bulk enable specific services via the Azure AD PowerShell module

In a previous article, we covered the scenario of bulk-disable a specific Office 365 service/plan for a group of users via the Azure AD PowerShell module. The script is fairly simple – it gets the list of users, iterates over each of them and adjust the licenses based on the list of services/plans you’ve opted to disable. The script supported multiple plan adjustments at a time, by providing an array of plans to disable, designated either by their GUID, or a their human-readable name. And this article in turn gives you a list of (almost) all the SKUs and their corresponding plans.

At the time of writing, I didn’t bother to give an example of how we can do the opposite – bulk enable plans that have been previously disabled. The process of course is very similar, but there are some minor points you need to address. Some additional checks were added as well, in order to make sure we don’t end up enabling all the plans, and not just the desired ones. Without further ado, here’s the code:

Connect-AzureAD

$users = Get-AzureADUser -All:$true | ? {$_.AssignedLicenses}
$SKUs = Get-AzureADSubscribedSku

$plansToEnable = @("MICROSOFTBOOKINGS","b737dad2-2f6c-4c65-90e3-ca563267e8b9")

foreach ($user in $users) {
    $userLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
    foreach ($license in $user.AssignedLicenses) {
        $SKU =  $SKUs | ? {$_.SkuId -eq $license.SkuId}
        foreach ($planToEnable in $plansToEnable) {
            if ($planToEnable -notmatch "^[{(]?[0-9A-F]{8}[-]?([0-9A-F]{4}[-]?){3}[0-9A-F]{12}[)}]?$") { $planToEnable = ($SKU.ServicePlans | ? {$_.ServicePlanName -eq "$planToEnable"}).ServicePlanId }
            if (($planToEnable -in $SKU.ServicePlans.ServicePlanId) -and ($planToEnable -in $license.DisabledPlans)) {
                $license.DisabledPlans = ($license.DisabledPlans | ? {$_ -ne $planToEnable}| sort -Unique)
                Write-Host "Added plan $planToEnable from license $($license.SkuId)"
            }
        }
        $userLicenses.AddLicenses += $license
    }
    Set-AzureADUserLicense -ObjectId $user.ObjectId -AssignedLicenses $userLicenses
}

It goes without saying, you should test the code before running it in production. Although I have tried to test all scenarios I could think of, it’s more than likely that I have missed some edge cases for which the script might need adjustments. It’s also important to note that the script doesn’t handle any plan dependencies, and will fail if you try to enable a plan that has a dependency on another, currently disabled plan. Do let me know if you run into any issues.

7 thoughts on “Bulk enable specific services via the Azure AD PowerShell module

  1. lcor says:

    I previously ran this script to enable Power Apps for O365 for users in my org with the following script successfully:

    Connect-AzureAD

    $users = Get-AzureADUser -All:$true | ? {$_.AssignedLicenses}
    $SKUs = Get-AzureADSubscribedSku

    $plansToEnable = @(“POWERAPPS_O365_P2″,”c68f8d98-5534-41c8-bf36-22fa496fa792”)

    foreach ($user in $users) {
    $userLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
    foreach ($license in $user.AssignedLicenses) {
    $SKU = $SKUs | ? {$_.SkuId -eq $license.SkuId}
    foreach ($planToEnable in $plansToEnable) {
    if ($planToEnable -notmatch “^[{(]?[0-9A-F]{8}[-]?([0-9A-F]{4}[-]?){3}[0-9A-F]{12}[)}]?$”) { $planToEnable = ($SKU.ServicePlans | ? {$_.ServicePlanName -eq “$planToEnable”}).ServicePlanId }
    if (($planToEnable -in $SKU.ServicePlans.ServicePlanId) -and ($planToEnable -in $license.DisabledPlans)) {
    $license.DisabledPlans = ($license.DisabledPlans | ? {$_ -ne $planToEnable}| sort -Unique)
    Write-Host “Added plan $planToEnable from license $($license.SkuId)”
    }
    }
    $userLicenses.AddLicenses += $license
    }
    Set-AzureADUserLicense -ObjectId $user.ObjectId -AssignedLicenses $userLicenses
    }

    However when It tried running again today I received this error:

    Set-AzureADUserLicense : Error occurred while executing SetUserLicenses
    Code: Request_BadRequest
    Message: License 1908916a-464c-44c1-8f86-55f260ed9643 does not correspond to a valid company License.
    RequestId: d51d2658-4e37-4b12-955f-c9d124d69cd4
    DateTimeStamp: Mon, 11 Mar 2024 15:01:12 GMT
    HttpStatusCode: BadRequest
    HttpStatusDescription: Bad Request
    HttpResponseStatus: Completed
    At line:21 char:5
    + Set-AzureADUserLicense -ObjectId $user.ObjectId -AssignedLicenses …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [Set-AzureADUserLicense], ApiException
    + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.SetUser
    Licenses

    Any ideas as to why? Not sure where this comes from:

    Message: License 1908916a-464c-44c1-8f86-55f260ed9643 does not correspond to a valid company License.

    Reply
  2. Carlos says:

    10/10
    did everything I needed it to do, much appreciated

    Reply
  3. Sunil says:

    Hi,

    I was looking this article to enable specific Office 365 service/plan to a group of users via the Azure AD PowerShell module.

    You have mentioned on this article that previously you had shared the steps to achieve this.

    Could you please share the script on this.

    Reply
  4. Troy says:

    What about perviously disabled Services/Products from the same SKU? If we already have Yammer disabled and then we use this script to disable Flow will this scrip account for that?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.