RM Logo
Technical Rating: 
Support Home PageSupport
Print This PagePrint This Page
Add to 'My Library' Add to 'My Library'

Microsoft 365 user licence assignments with RM Unify
Published Date : 31 Mar 2021   Last Updated : 04 Oct 2024   Content Ref: TEC7711832  


Operating System(none)
Part No(none)
SummaryDetails the Microsoft 365 user licensing options available when federated to RM Unify.



Symptoms

When federating a Microsoft® 365™ domain to RM Unify, it is possible to choose how the Microsoft 365 (M365) user licences will be managed.


Cause

There are two options:
  1. Opt in to RM Unify licensing (default)
    Opt-in and let RM Unify automatically assign the most appropriate user-level licence subscription when provisioning user accounts to M365, and remove user-level licences when deprovisioning accounts. Typically the most common licence subscription is the free 'Office 365 A1 for faculty' or 'Office 365 A1 for students'.
  2. Opt out of RM Unify licensing
    Opt-out and leave the M365 global administrator to manually configure and manage the assignment of user-level and group-level licences to users, including use of Microsoft Azure AD group-based licence assignments.

The RM Unify superadmin makes this choice at step 3 of the federation wizard when first installing Microsoft 365 apps to RM Unify.

The default setting is to opt in to RM Unify licence assignments.

To opt out of RM Unify licensing, the RM Unify superadmin is required to tick the box "Tick if you manage Microsoft 365 user licences yourself e.g. via Azure AD group-based licensing":

Image showing the box to be ticked


Requirements

What happens to licences if I opt in?

When an RM Unify user is provisioned to Microsoft 365, RM Unify will:

  1. Create a linked M365 user account
  2. Get a list of all licences in the Microsoft 365 tenancy.
  3. Filter the list to those where the AccountSkuId contains STANDARD.
  4. Find the one containing the word STUDENT for student users and FACULTY for all the other users.
  5. If there are still multiple options remaining, RM Unify chooses the licence with the highest number of total licences (including free and assigned licences).
  6. Check if 'IsLicensed' = True on the M365 account i.e. check if the account already has the chosen licence applied: 
    • If True, then do nothing.
    • If False, apply the chosen licence.

When an RM Unify user is deleted, RM Unify will:

  1. Find the linked M365 user account
  2. Check if the the user has received a group-level licence from Azure AD group-based licensing i.e. has the user inherited a licence because it is a member of an Azure AD group?
      • If yes, retain the group-level inherited licence*, but remove all user-level licences from the user including any additional licences that may have been assigned directly to the user account via Microsoft 365 admin center or Azure AD.
      • If no, remove all licences from the user.
  3. An unlicensed user account is deleted from M365 if their RM Unify user account remains deleted for nine months or longer. Please see TEC5900881 in the Other Useful Articles section below for more information.

*Important note: If an M365 user account has additional group-based licences applied via Azure AD, i.e. an inherited licence assignment, the account remains licensed with group-level licences when the RM Unify user is deleted. RM Unify is unable to remove group-level licences as these are managed by Azure AD. For this reason, we do not recommend opting in to RM Unify licensing and using Azure AD group-based licence assignments at the same time.


What happens to licences if I opt out?
When opting out of RM Unify licensing, the M365 global administrator is wholly responsible for:
  • Assigning user-level and group-level licences to M365 user accounts provisioned by RM Unify.
  • Unassigning those licences when users leave the establishment.

    This is important, not only to ensure that the establishment is meeting the Microsoft terms of service, which entitles it to the free use of Microsoft 365, but also to ensure that access to the Microsoft 365 domain is removed for those users when no longer employed by, or matriculated at, the establishment.
When provisioning accounts in Microsoft 365, RM Unify creates and populates a security group for each role type. When users leave the RM Unify establishment, they are also automatically removed from their role group. As such, it is advised that you base your Azure AD group-based licence assignments on the below role groups to assist with the correct assigning and unassigning of licences:
  • Students (DfE_code)
  • Teaching Staff (DfE_code)
  • Non-Teaching Staff (DfE_code)
  • Governors (DfE_code)
  • Others (DfE_code)
  • Administrators (DfE_code)

To reiterate, when opting out of RM Unify licensing, the M365 global administrator is considered solely responsible for ongoing licence management. Further support and information on how to assign licences to users by group membership in Azure AD can be found here



Checks

It is possible for an RM Unify super admin to see if an establishment has chosen to opt out of RM Unify licensing:

  1. Log on to RM Unify and open the App Library.
  2. Search for any Microsoft 365 app, click the tile and view the Support Info.
  3. View the yellow banner with a message "You have opted to manage Microsoft 365 user licences yourself, e.g. via Azure AD group-based licensing.".

If there is no banner/message (as shown in the image below), then the default RM Unify licensing is in place.

Image showing the yellow banner


More Information

If your RM Unify establishment is already federated to Microsoft 365 using the default licence assignments, it is still possible to opt out and move to using Azure AD Group assignments. Please log a call with RM Support to request to opt out.


Deleted RM Unify accounts
Whether you have opted out of RM Unify licensing or not, any M365 account connected to a deleted RM Unify account will still be deleted after nine months when the RM Unify hard-delete housekeeping task runs. For further information on this process and how to prevent M365 accounts from being deleted, please see TEC5900881 in the Other Useful Articles section below.


Other Useful Articles

RM Unify and data retention - how we manage users deleted from RM Unify (TEC5900881)

FEEDBACK
Did the information in this article help answer your question?
 Yes
 No
Please add any comments about this article in the box below. If you answered No then it is important you tell us why so that we can change the article if required. We can only respond if you log in to the RM Support website or provide your contact details. Note: If you need help with a technical query, please log a call online or telephone our support team.
Thank you for your feedback, which is sent directly to the RM Knowledge team. We address every message received with the intention of improving our Knowledge Library articles. If you have an unresolved technical issue, please contact RM Support.


If this article has not helped provide a solution then it is also possible to log a call...



Document Keywords: office 365, license, licenses, licensing, licences, licencing, azure ad, TEC7711832, m365


Please read - important disclaimer information.
http://www.rm.com/_RMVirtual/Includes/csredirect.asp?cref=&title=Standard Content Disclaimer


Top Of PageTop of page