RM Logo
Technical Rating: 
Support Home PageSupport
Print This PagePrint This Page
Add to 'My Library' Add to 'My Library'

Unlicensed Microsoft 365 accounts provisioned by RM Unify remain in their role specific security group
Published Date : 20 Apr 2018   Last Updated : 16 Apr 2024   Content Ref: TEC6097040  


Operating System(none)
Part No(none)
SummaryDetails the expected behaviour in Microsoft 365 when a federated RM Unify account is deleted.



Symptoms

You have federated Microsoft® 365™ to RM Unify. Your RM Unify users are put into Microsoft 365 security groups based on their RM Unify role, e.g. Students, Teaching Staff etc.

When an RM Unify account is first deleted, we first remove the Microsoft 365 licence assigned to that user. The user's Microsoft 365 account remains and therefore the account also remains as a member of the relevant Microsoft 365 security group.

If an RM Unify account remains deleted for nine months or longer, we send a housekeeping task to Microsoft 365 to delete the user account. At this point, the account will be removed from all Microsoft 365 security groups it was a member of. Further details of our data retention policy can be found here.



Cause

Deleting an unlicensed Microsoft 365 account will remove it from any Microsoft 365 groups it is a member of. RM Unify-federated Microsoft 365 accounts are automatically deleted if the RM Unify account remains deleted for nine months or longer. The deletion of unlicensed RM Unify-federated Microsoft 365 accounts prior to this nine months period is the responsibility of the Microsoft 365 administrator.



Requirements

If you intend to use the Windows® PowerShell® commands in this article, here are the requirements:

* You can use the following versions of Windows:

  • Windows 10
  • Windows Server® 2016, 2019


Procedure

Deleting unlicensed Microsoft 365 accounts
  1. Log on to https://portal.office.com/AdminPortal/Home#/users as a Microsoft 365 global administrator.
  2. From the Users menu (left-hand side), select 'Active users'.
  3. From the Views drop-down menu, select 'Unlicensed users'.
  4. Tick the boxes of all the users you wish to delete and from the 'Bulk actions' menu (right-hand side), select 'Delete users'.
  5. Read the information and warning that is displayed and click 'Delete to continue'.

Removing unlicensed users from a security group
  1. Log on to https://portal.office.com/AdminPortal/Home#/users as a Microsoft 365 global administrator.
  2. From the Groups menu (left-hand side), select Groups.
  3. From the View drop-down menu, select 'Security group'.
  4. In the Members section of the next window, click Edit and click the X icon for each user you wish to remove from the group.
  5. When you have finished, click Save and then Close.

Use PowerShell to remove numbers of unlicensed users from a Microsoft 365 security group

When RM Unify provisions users into Microsoft 365, it will populate the 'Job title' field with the RM Unify role appropriate to that user. RM Unify also provisions security groups for each RM Unify role, populating the Description field of that group.
Note: The following example PowerShell script will remove all unlicensed users from the specified group. The script uses the user's 'Job title' field and the group's Description field in Microsoft 365. If these have been altered from the RM Unify supported defaults, then you will need to adjust the script accordingly.

  1. Open PowerShell, type Connect-MsolService and connect to your tenancy using your Microsoft 365 global administrator account.
  2. Find the Microsoft 365 security group that you wish to clear of unlicensed users. Make a note of its Description. In the following example, we will remove unlicensed Student users from the Students (1234567) security group in the SchoolA.com domain.
  3. Run the following commands, one at a time:

    $domain=<SchoolA.com>
    $securityGroup = Get-MsolGroup -GroupType "Security" | Where-Object {$_.DisplayName -eq "<Students (1234567)>"}

    $members = Get-MsolUser -domainname $domain -All -UnlicensedUsersOnly | Where {$_.title -eq "Student"}

    foreach($member in $members){
      Remove-MsolGroupMember -GroupObjectId $securityGroup.ObjectId -GroupMemberType User -Groupmemberobjectid $member.ObjectId
    }
  4. Repeat steps 2 and 3 for any additional users and groups.
  5. The script will display errors for any users that were not members of the chosen security group. This is expected:
    "Remove-MsolGroupMember : The member you are trying to delete is not in this group".


FEEDBACK
Did the information in this article help answer your question?
 Yes
 No
Please add any comments about this article in the box below. If you answered No then it is important you tell us why so that we can change the article if required. We can only respond if you log in to the RM Support website or provide your contact details. Note: If you need help with a technical query, please log a call online or telephone our support team.
Thank you for your feedback, which is sent directly to the RM Knowledge team. We address every message received with the intention of improving our Knowledge Library articles. If you have an unresolved technical issue, please contact RM Support.


If this article has not helped provide a solution then it is also possible to log a call...



Document Keywords: o365, delete user, remove user o365, TEC6097040, m365


Please read - important disclaimer information.
http://www.rm.com/_RMVirtual/Includes/csredirect.asp?cref=&title=Standard Content Disclaimer


Top Of PageTop of page