Microsoft 365 Licensing: Optimization and Subscription Management

param()

Write-Host "Retrieving Microsoft 365 license inventory..." -ForegroundColor Cyan

Get all subscribed SKUs

$skus = Get-MgSubscribedSku

$inventory = foreach ($sku in $skus) { # SKU cost mapping (list pricing - adjust for EA discounts) $monthlyCost = switch ($sku.SkuPartNumber) { "SPE_E3" { 36 } # M365 E3 "SPE_E5" { 57 } # M365 E5 "SPE_F1" { 8 } # M365 F3 "O365_BUSINESS_PREMIUM" { 22 } # M365 Business Premium "ENTERPRISEPACK" { 23 } # Office 365 E3 "ENTERPRISEPREMIUM" { 35 } # Office 365 E5 "POWER_BI_PRO" { 10 } # Power BI Pro "PROJECTPROFESSIONAL" { 30 } # Project Plan 3 "VISIOONLINE_PLAN1" { 5 } # Visio Plan 1 default { 0 } }

$assignedCount = $sku.ConsumedUnits $availableCount = $sku.PrepaidUnits.Enabled - $sku.ConsumedUnits $totalCost = $assignedCount * $monthlyCost

[PSCustomObject]@{ SkuPartNumber = $sku.SkuPartNumber SkuDisplayName = $sku.SkuId TotalLicenses = $sku.PrepaidUnits.Enabled AssignedLicenses = $assignedCount AvailableLicenses = $availableCount MonthlyCostPerLicense = $monthlyCost MonthlyTotalCost = $totalCost AnnualTotalCost = $totalCost * 12 UtilizationPercent = [math]::Round(($assignedCount / $sku.PrepaidUnits.Enabled) * 100, 2) } }

Architecture Decision and Tradeoffs

When designing productivity and collaboration solutions with Microsoft 365, consider these key architectural trade-offs:

Recommendation: Start with the managed approach for most workloads and move to custom only when specific requirements demand it.

Validation and Versioning

• Last validated: April 2026
• Validate examples against your tenant, region, and SKU constraints before production rollout.
• Keep module, CLI, and SDK versions pinned in automation pipelines and review quarterly.

Security and Governance Considerations

• Apply least-privilege access using RBAC roles and just-in-time elevation for admin tasks.
• Store secrets in managed secret stores and avoid embedding credentials in scripts or source files.
• Enable audit logging, data protection policies, and periodic access reviews for regulated workloads.

Cost and Performance Notes

• Define budgets and alerts, then monitor usage and cost trends continuously after go-live.
• Baseline performance with synthetic and real-user checks before and after major changes.
• Scale resources with measured thresholds and revisit sizing after usage pattern changes.

Official Microsoft References

• https://learn.microsoft.com/microsoft-365/
• https://learn.microsoft.com/exchange/
• https://learn.microsoft.com/microsoftteams/

Public Examples from Official Sources

• These examples are sourced from official public Microsoft documentation and sample repositories.
• Documentation examples: https://learn.microsoft.com/microsoft-365/
• Sample repositories: https://github.com/pnp
• Prefer adapting these examples to your tenant, subscriptions, and governance requirements before production use.

Summary

$totalMonthly = ($inventory | Measure-Object -Property MonthlyTotalCost -Sum).Sum $totalAnnual = $totalMonthly * 12

Write-Host "`n=== License Inventory Summary ===" -ForegroundColor Green Write-Host "Total Monthly Cost: $([math]::Round($totalMonthly, 2))" -ForegroundColor Yellow Write-Host "Total Annual Cost: $([math]::Round($totalAnnual, 2))" -ForegroundColor Yellow Write-Host "Total SKUs: $($inventory.Count)" -ForegroundColor Yellow

return $inventory``` }

function Get-DormantLicensedUsers {

<#
.SYNOPSIS
    Identify users with licenses who haven't signed in for 90+ days
.PARAMETER DormantDays
    Number of days without sign-in to consider dormant (default: 90)
#>
[CmdletBinding()]
param(
    [int]$DormantDays = 90
)

Write-Host "Identifying dormant licensed users (no sign-in for $DormantDays days)..." -ForegroundColor Cyan

$dormantDate = (Get-Date).AddDays(-$DormantDays)

## Get all licensed users
$licensedUsers = Get-MgUser -All -Filter "assignedLicenses/`$count ne 0" -ConsistencyLevel eventual -CountVariable licensedCount -Property Id,DisplayName,UserPrincipalName,AssignedLicenses,SignInActivity





Write-Host "Found $licensedCount total licensed users" -ForegroundColor Yellow

$dormantUsers = @()
$progress = 0

foreach ($user in $licensedUsers) {
    $progress++
    Write-Progress -Activity "Analyzing users" -Status "$progress of $licensedCount" -PercentComplete (($progress / $licensedCount) * 100)
    
    # Check last sign-in date
    $lastSignIn = $null
    if ($user.SignInActivity.LastSignInDateTime) {
        $lastSignIn = [DateTime]$user.SignInActivity.LastSignInDateTime
    }
    
    # User is dormant if no sign-in or last sign-in before dormant date
    if (-not $lastSignIn -or $lastSignIn -lt $dormantDate) {
        $daysSinceSignIn = if ($lastSignIn) { 
            (New-TimeSpan -Start $lastSignIn -End (Get-Date)).Days 
        } else { 
            999  # Never signed in
        }
        
        # Get license details
        $skus = Get-MgSubscribedSku
        $userLicenses = @()
        $monthlyCost = 0
        
        foreach ($assignedLicense in $user.AssignedLicenses) {
            $sku = $skus | Where-Object { $_.SkuId -eq $assignedLicense.SkuId }
            $skuCost = switch ($sku.SkuPartNumber) {
                "SPE_E3" { 36 }
                "SPE_E5" { 57 }
                "SPE_F1" { 8 }
                "O365_BUSINESS_PREMIUM" { 22 }
                default { 0 }
            }
            $monthlyCost += $skuCost
            $userLicenses += $sku.SkuPartNumber
        }
        
        $dormantUsers += [PSCustomObject]@{
            DisplayName = $user.DisplayName
            UserPrincipalName = $user.UserPrincipalName
            LastSignInDate = if ($lastSignIn) { $lastSignIn.ToString("yyyy-MM-dd") } else { "Never" }
            DaysDormant = $daysSinceSignIn
            Licenses = $userLicenses -join ", "
            MonthlyCost = $monthlyCost
            AnnualCost = $monthlyCost * 12
        }
    }
}

Write-Progress -Activity "Analyzing users" -Completed

## Sort by cost (highest first)
$dormantUsers = $dormantUsers | Sort-Object -Property MonthlyCost -Descending





$totalSavings = ($dormantUsers | Measure-Object -Property AnnualCost -Sum).Sum

Write-Host "`n=== Dormant User Analysis ===" -ForegroundColor Green
Write-Host "Dormant Users Found: $($dormantUsers.Count)" -ForegroundColor Yellow
Write-Host "Potential Annual Savings: $$([math]::Round($totalSavings, 2))" -ForegroundColor Green

return $dormantUsers```
}

function Remove-DormantUserLicenses {
```powershell
<#
.SYNOPSIS
    Remove licenses from dormant users after validation
.PARAMETER DormantUsers
    Array of dormant user objects from Get-DormantLicensedUsers
.PARAMETER WhatIf
    Simulate license removal without making changes
#>
[CmdletBinding()]
param(
    [Parameter(Mandatory)]
    [array]$DormantUsers,
    
    [switch]$WhatIf
)

Write-Host "Processing license removal for $($DormantUsers.Count) dormant users..." -ForegroundColor Cyan

$removed = 0
$failed = 0

foreach ($dormantUser in $DormantUsers) {
    try {
        if ($WhatIf) {
            Write-Host "  [WhatIf] Would remove licenses from: $($dormantUser.UserPrincipalName) (Licenses: $($dormantUser.Licenses), Monthly Cost: $$($dormantUser.MonthlyCost))" -ForegroundColor Yellow
            $removed++
        }
        else {
            # Get user's assigned license SKU IDs
            $user = Get-MgUser -UserId $dormantUser.UserPrincipalName -Property AssignedLicenses
            $licenseIds = $user.AssignedLicenses.SkuId
            
            # Remove all licenses
            Set-MgUserLicense -UserId $dormantUser.UserPrincipalName -AddLicenses @() -RemoveLicenses $licenseIds
            
            Write-Host "  Removed licenses from: $($dormantUser.UserPrincipalName)" -ForegroundColor Green
            $removed++
        }
    }
    catch {
        Write-Host "  ERROR removing licenses from $($dormantUser.UserPrincipalName): $_" -ForegroundColor Red
        $failed++
    }
}

Write-Host "`n=== License Removal Summary ===" -ForegroundColor Green
Write-Host "Successfully processed: $removed users"
Write-Host "Failed: $failed users"```
}

function New-EnterpriseGroupBasedLicensing {
```powershell
<#
.SYNOPSIS
    Configure group-based licensing for department-based SKU assignments
.DESCRIPTION
    Creates security groups mapped to baseline SKUs with automatic license assignment
#>
[CmdletBinding()]
param()

Write-Host "Configuring group-based licensing structure..." -ForegroundColor Cyan

## Define license groups
$licenseGroups = @(
    @{
        Name = "LIC-M365-E3-Standard"
        Description = "Microsoft 365 E3 - Standard knowledge workers"





        SkuPartNumber = "SPE_E3"
    },
    @{
        Name = "LIC-M365-E5-Executive"
        Description = "Microsoft 365 E5 - Executives and analysts"
        SkuPartNumber = "SPE_E5"
    },
    @{
        Name = "LIC-M365-E5-Security-Addon"
        Description = "Microsoft 365 E5 Security add-on for E3 users"
        SkuPartNumber = "IDENTITY_THREAT_PROTECTION"  # E5 Security
    },
    @{
        Name = "LIC-M365-F3-Frontline"
        Description = "Microsoft 365 F3 - Frontline workers"
        SkuPartNumber = "SPE_F1"
    },
    @{
        Name = "LIC-PowerBI-Pro"
        Description = "Power BI Pro - Data analysts"
        SkuPartNumber = "POWER_BI_PRO"
    }
)

foreach ($group in $licenseGroups) {
    Write-Host "`nCreating license group: $($group.Name)" -ForegroundColor Cyan
    
    try {
        # Check if group exists
        $existingGroup = Get-MgGroup -Filter "displayName eq '$($group.Name)'" -ErrorAction SilentlyContinue
        
        if ($existingGroup) {
            Write-Host "  Group already exists. Skipping..." -ForegroundColor Yellow
            continue
        }
        
        # Create security group
        $newGroup = New-MgGroup -DisplayName $group.Name `
            -Description $group.Description `
            -MailEnabled:$false `
            -SecurityEnabled:$true `
            -MailNickname $group.Name.Replace("-", "")
        
        Write-Host "  Created group: $($newGroup.DisplayName) (ID: $($newGroup.Id))" -ForegroundColor Green
        
        # Get SKU ID
        $sku = Get-MgSubscribedSku | Where-Object { $_.SkuPartNumber -eq $group.SkuPartNumber }
        
        if ($sku) {
            # Assign license to group (requires Azure AD Premium)
            # Note: Actual group license assignment requires Azure AD Premium P1+
            # Use Set-MgGroupLicense cmdlet or Azure Portal for group-based licensing setup
            Write-Host "  SKU found: $($sku.SkuPartNumber) (ID: $($sku.SkuId))" -ForegroundColor Green
            Write-Host "  [Manual Step Required] Assign SKU $($sku.SkuPartNumber) to group $($newGroup.DisplayName) via Azure Portal > Groups > Licenses" -ForegroundColor Yellow
        }
        else {
            Write-Host "  WARNING: SKU $($group.SkuPartNumber) not found in tenant" -ForegroundColor Yellow
        }
    }
    catch {
        Write-Host "  ERROR: $_" -ForegroundColor Red
    }
}

Write-Host "`n=== Group-Based Licensing Configuration Complete ===" -ForegroundColor Green
Write-Host "Next Steps:"
Write-Host "  1. Assign licenses to groups via Azure Portal > Azure AD > Groups > [GroupName] > Licenses"
Write-Host "  2. Add users to groups based on department/role"
Write-Host "  3. Licenses will auto-assign within 30 minutes"```
}

## Example execution




## Get-EnterpriseLicenseInventory | Export-Csv -Path "LicenseInventory.csv" -NoTypeInformation




## $dormant = Get-DormantLicensedUsers -DormantDays 90




## $dormant | Export-Csv -Path "DormantUsers.csv" -NoTypeInformation




## Remove-DormantUserLicenses -DormantUsers $dormant -WhatIf  # Test first




## Remove-DormantUserLicenses -DormantUsers $dormant  # Actual removal




## New-EnterpriseGroupBasedLicensing

Monitoring and Telemetry Framework

Key Performance Indicators (KPIs)

Daily KPI Collection Script

<#
.SYNOPSIS
```text
Collect Microsoft 365 licensing KPIs daily```
#>

function Collect-LicensingKPIs {
```powershell
[CmdletBinding()]
param(
    [string]$OutputPath = "C:\LicenseReports\KPIs-$(Get-Date -Format 'yyyyMMdd').csv"
)

Connect-MgGraph -Scopes "Organization.Read.All","User.Read.All","AuditLog.Read.All"

$kpiData = @()

## KPI 1: License Utilization Rate
Write-Host "Collecting License Utilization Rate..." -ForegroundColor Cyan
$skus = Get-MgSubscribedSku
$totalLicenses = ($skus | Measure-Object -Property PrepaidUnits.Enabled -Sum).Sum
$assignedLicenses = ($skus | Measure-Object -Property ConsumedUnits -Sum).Sum
$utilizationRate = if ($totalLicenses -gt 0) { ($assignedLicenses / $totalLicenses) * 100 } else { 0 }





$kpiData += [PSCustomObject]@{
    KPI = "License Utilization Rate"
    Value = [math]::Round($utilizationRate, 2)
    Unit = "%"
    Target = "85-95"
    Status = if($utilizationRate -ge 85 -and $utilizationRate -le 95){"PASS"}elseif($utilizationRate -lt 80 -or $utilizationRate -gt 98){"FAIL"}else{"WARNING"}
    Timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
}

## KPI 2: Dormant Account Rate
Write-Host "Collecting Dormant Account Rate..." -ForegroundColor Cyan
$licensedUsers = (Get-MgUser -All -Filter "assignedLicenses/`$count ne 0" -ConsistencyLevel eventual -CountVariable licensedCount).Count




## Simplified - actual implementation requires sign-in activity analysis
$dormantUsers = 45  # 
$dormantRate = ($dormantUsers / $licensedUsers) * 100





$kpiData += [PSCustomObject]@{
    KPI = "Dormant Account Rate"
    Value = [math]::Round($dormantRate, 2)
    Unit = "%"
    Target = "<5"
    Status = if($dormantRate -le 5){"PASS"}elseif($dormantRate -le 10){"WARNING"}else{"FAIL"}
    Timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
}

## KPI 3: Cost Per Active User
Write-Host "Collecting Cost Per Active User..." -ForegroundColor Cyan




## Get active user count from Graph reports API




## calculation
$totalMonthlyCost = 125000  #  - calculate from SKU inventory
$activeUsers = 3500  #  - from Graph API getOffice365ActiveUserCounts
$costPerActiveUser = $totalMonthlyCost / $activeUsers





$kpiData += [PSCustomObject]@{
    KPI = "Cost Per Active User"
    Value = [math]::Round($costPerActiveUser, 2)
    Unit = "USD"
    Target = 35
    Status = if($costPerActiveUser -le 38.5){"PASS"}elseif($costPerActiveUser -le 40.25){"WARNING"}else{"FAIL"}
    Timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
}

## Export and alert
$kpiData | Export-Csv -Path $OutputPath -NoTypeInformation
Write-Host "KPI data exported to $OutputPath" -ForegroundColor Green





$failedKPIs = $kpiData | Where-Object { $_.Status -eq "FAIL" }
if ($failedKPIs) {
    Write-Host "`nFailed KPIs:" -ForegroundColor Red
    $failedKPIs | Format-Table
}

return $kpiData```
}

## Collect-LicensingKPIs

Expected output:

Welcome to Microsoft Graph!

Cost Optimization Strategies

Optimization Levers (Ranked by Impact)

ROI Calculation Example

Scenario: 5,000-user organization, 80% E3, 20% E5, 10% dormant accounts

Current State:

• 4,000 E3 @ $36 = $144,000/month
• 1,000 E5 @ $57 = $57,000/month
• Total: $201,000/month = $2.412M/year

Optimized State (after reclamation + rightsizing):

• Reclaim 10% dormant (500 users) = $18,000/month saved
• Downgrade 200 E5→E3 (over-licensed analysts) = 200 × ($57-$36) = $4,200/month saved
• Deploy 500 F3 for frontline = 500 × ($36-$8) = $14,000/month saved
• Total Savings: $36,200/month = $434,400/year (18% reduction)

Maturity Model

Microsoft 365 licensing maturity progression across 6 levels:

Progression Path: Most enterprises operate at Level 2-3. Target Level 4 for enterprise maturity (proactive monitoring, optimization). Level 5-6 require advanced analytics platforms and ML integration.

Troubleshooting Matrix

Common Microsoft 365 licensing issues with diagnostic steps and resolutions:

Best Practices

DO ✅

• Conduct quarterly license reconciliation comparing portal assignments vs invoice vs actual usage
• Implement group-based licensing for all user provisioning (avoid direct assignments)—enables consistent application and automated inheritance
• Use SKU part numbers in documentation (e.g., SPE_E3, SPE_E5) instead of display names for scripting clarity
• Deploy dormant account reclamation automation running weekly to identify users inactive >90 days
• Maintain SKU strategy document mapping business roles to appropriate licenses (e.g., Executive→E5, Knowledge Worker→E3, Frontline→F3)
• Enable usage analytics via Graph API and Power BI dashboards tracking feature adoption (Teams, Exchange, OneDrive utilization)
• Configure alerts for license quota <10% available to prevent assignment failures
• Implement chargeback/showback for department cost allocation using Azure AD extensionAttributes
• Review new service plan rollouts monthly (Loop, Viva modules, Copilot) to understand entitlement changes
• Use E5 Security/Compliance add-ons for targeted users instead of full E5 upgrades (save 40-60% for users not needing analytics)

DON'T ❌

• Don't assign licenses directly to users—use group-based licensing for automation and consistency
• Don't purchase all E5 licenses for entire org—implement tiered SKU strategy (80% E3, 15% E5, 5% F3 typical)
• Don't ignore dormant accounts—10% dormancy rate = 10% wasted budget (e.g., $240K/year on $2.4M spend)
• Don't skip true-up reconciliation—EA contract overages incur 115-125% overage penalties
• Don't assign overlapping SKUs to same user (E3 + E5)—E5 includes all E3 features (consolidate to single SKU)
• Don't forget to reclaim licenses from terminated users—automate offboarding with license removal
• Don't over-license contractors/temps—use time-bound licensing with automated expiration
• Don't ignore feature utilization—users with <50% feature adoption are rightsizing candidates
• Don't assign F3 to users requiring desktop Office—F3 includes web/mobile-only (upgrade to E3 if needed)
• Don't purchase Power BI Pro separately if user has E5—E5 includes Power BI Pro (avoid redundant spend)

Frequently Asked Questions (FAQ)

Q1: What's the difference between E3 and E5, and when should we use each?
A: E3 ($36): Core productivity (Office apps, Exchange 100GB, Teams, SharePoint, OneDrive 1TB, Intune, Azure AD P1, basic eDiscovery). Use for: Standard knowledge workers (80-85% of workforce). E5 ($57): E3 + advanced security (Defender for O365 P2, Cloud App Security), Phone System, Audio Conferencing, Power BI Pro, Advanced eDiscovery, Insider Risk, 10-year audit retention. Use for: Executives, compliance teams, analysts, security teams. Cost-effective alternative: E3 + E5 Security add-on ($36 + $12 = $48) for users needing security without analytics.

Q2: How do we identify which users should be downgraded from E5 to E3?
A: Use feature utilization analysis: Query Graph API for usage patterns (Power BI report views, Advanced eDiscovery case membership, Audio Conferencing minutes). Downgrade candidates: Users with E5 assigned but zero usage of: Power BI Pro (no report publishing), Phone System (no PSTN calls), Audio Conferencing (no dial-in meetings), Advanced eDiscovery (not assigned to cases). Typical finding: 30-40% of E5 users only use E3-level features = $252/year savings per downgraded user.

Q3: What's the ROI of implementing group-based licensing automation?
A: Direct savings: Prevents over-provisioning during onboarding (5-10% of orgs assign E5 to all users by default when E3 sufficient). Efficiency gains: Eliminates manual license assignment (50-100 hours/year for 500-user org). Compliance: Reduces audit findings for license misalignment. Typical ROI: 3-8% cost reduction + 40-60 hours admin time saved monthly for 1,000+ user org.

Q4: How do we handle seasonal workers (contractors, interns) to avoid paying for unused licenses?
A: Strategy 1: Use Azure AD B2B guest accounts for short-term contractors (free, limited features). Strategy 2: Implement time-bound licensing with PowerShell automation: Assign license on start date, schedule removal on end date via Azure Automation Runbook. Strategy 3: Maintain license pool for contractors (e.g., 50 E3 licenses for rotating 200 contractors across year = 75% savings vs 200 full-time licenses).

Q5: Can we use Microsoft 365 licenses purchased under one tenant in another tenant?
A: No—licenses are tenant-specific and cannot be transferred between Azure AD tenants. Exception: Enterprise Agreement (EA) customers may request license reassignment between tenants during annual true-up via Microsoft account manager (subject to approval). Alternative: For M&A scenarios, use Azure AD B2B collaboration for cross-tenant access without license transfer, or consolidate tenants via tenant-to-tenant migration.

Q6: What happens if we exceed our Enterprise Agreement (EA) license commitment?
A: Overage charges: Purchases beyond EA commitment incur 15-25% premium over committed pricing (e.g., E3 @ $36 EA price becomes $41-$45 for overages). True-up process: Annual true-up reconciles actual usage vs commitment; overages billed at premium rate. Mitigation: Monitor utilization quarterly, forecast growth, purchase additional commitments before exceeding (avoids overage penalty).

Q7: How do we measure the true cost of Microsoft 365 including hidden costs?
A: Direct costs: SKU subscriptions ($36/user × 5,000 = $180K/month). Indirect costs: Training ($50-$150/user one-time), migration services ($10K-$500K project-based), third-party tools (backup, security = $2-$5/user/month), admin overhead (2-5 FTEs for 5,000 users = $200K-$500K/year), change management ($50K-$200K/year). Total Cost of Ownership (TCO): Direct + Indirect typically 1.3-1.5× license cost (e.g., $180K licenses → $234K-$270K total monthly).

Q8: Can we audit license assignments to ensure compliance with Microsoft licensing terms?
A: Yes—use License Compliance Reports: M365 Admin Center > Billing > Licenses > Download report. PowerShell audit: Get-MgUser -All -Property AssignedLicenses | Export-Csv. Third-party tools: License audit tools (e.g., CoreView, Quadrotech) provide detailed compliance reports. Microsoft SAM: Software Asset Management engagement with Microsoft for formal license review (available for EA customers). Best practice: Quarterly internal audit + annual external audit for orgs >1,000 users.

Key Takeaways

• Implement tiered SKU strategy (80% E3, 15% E5, 5% F3 typical) instead of uniform E5 licensing—achieves 30-40% cost reduction while maintaining productivity
• Deploy group-based licensing automation via Azure AD security groups mapped to departments/roles—eliminates manual assignments and ensures consistent provisioning
• Execute quarterly dormant account reclamation for users inactive >90 days—typical finding 8-15% dormancy rate = 8-15% budget waste ($192K-$360K annually on $2.4M spend)
• Use E5 Security/Compliance add-ons ($12-$10) for targeted users instead of full E5 ($57)—saves $25-$35/user/month for security/compliance teams not requiring analytics
• Implement feature utilization scoring via Graph API to identify E5→E3 downgrade candidates—users with <50% E5 feature adoption are rightsizing targets
• Monitor 7 licensing KPIs daily: Utilization rate (85-95% target), dormant account rate (<5%), cost per active user, feature utilization score (>70%), reclamation rate (>95%), forecast accuracy (±5%), true-up variance (<3%)
• Achieve Level 4 maturity (Monitored) with proactive telemetry, KPI dashboards, usage analytics, and monthly forecasting—target 15-25% cost optimization with automated lifecycle management
• Automate license lifecycle with PowerShell frameworks for inventory management, dormant detection, group-based provisioning, and cost reporting—reduce admin overhead by 40-60 hours/month for 1,000+ user orgs

References

• Group-Based Licensing in Azure AD
• Microsoft 365 Licensing Documentation
• Microsoft Graph API - Licensing
• Microsoft 365 Admin Center - License Reports
• Microsoft 365 SKU Comparison
• Azure AD Premium Licensing
• Enterprise Agreement (EA) Licensing