Manage licenses in Microsoft Entra ID
There are a few different license types available with Entra ID:
- Microsoft Entra ID Free
- Microsoft Entra ID Premium P1
- Microsoft Entra ID Premium P2
- Microsoft Entra ID Governance
Note that either P1 or P2 licenses are included with other bundles and suites of licenses, such as the Enterprise Mobility + Security suite. To be able to assign a license to a user account, two things must first occur.
First, the license must be purchased and associated with the tenant. For small and medium businesses, you might be able to do this by using the Entra or Microsoft 365 admin portals.
For Cloud Solution Providers and Enterprise Agreement organizations, you most likely need to speak with an account representative to get the licenses added to your contract.
Second, the user account that you plan to assign a license to must have their Usage Location property configured. The Usage Location property defines the primary country or region that the user resides or works in and can determine if certain features of a license can actually be used.
After purchasing the licenses and ensuring that your user accounts have their Usage Loca- tion defined, you can associate the licenses with users, or you can assign a license based on group membership. Using Dynamic Groups is a great way to automate license management based on user properties.
To create guest users from the Azure portal, browse to your Entra tenant as a user with rights to create users, select the Users blade, choose New User, and then select Invite External User. An example of this blade is shown in Figure 1-10. A guest user can be anyone who is invited to collaborate with your organization. Once created, the guest user should receive an invitation in their mailbox.
Creating and managing guest users is similar to creating and managing normal user accounts. Guest users can be invited to the directory, group, or application. As soon as you invite the guest user, that account is created in Entra ID with the User Type set to Guest. The guest user will receive an email invitation immediately after creation. The guest user must accept the invitation along with the first-time consent process in order to access the assigned resources.
By default, all users and admins can invite guests. You can restrict the way guest users can be invited by selecting Manage External Collaboration Settings on the Users blade under User Settings. The External Collaboration Settings blade is shown in Figure 1-11. You can also access these settings from the Entra tenant by clicking User Settings on the left, and then choosing Manage External Collaboration Settings in the External Users section.
FIGURE 1-10 Invite External User blade in the Azure portal
FIGURE 1-11 External Collaboration Settings blade in the Azure portal
When a guest user is added, the Consent Status for the guest user (viewable in PowerShell) is PendingAcceptance. This value will be changed to Accepted immediately after the guest user accepts the invitation. The guest user will appear as an “invited user” in the Azure portal until the user accepts the invitation.