Azure - assign license with MsGraph

chocodeea
March 16, 2023
130 views
0 votes
2 Answers

I need to assign license using MsGraph-if you are here, you know it will be obsolete by the end of March.

So far, I found this.
$AddLicense = @(
@{SkuID = $license DisabledPlans = $DisabledPlans})
Set-MgUserLicense -UserID $upn -AddLicenses $AddLicense -RemoveLicenses @()
Where:
$license is only the AccountSkuId, cuz you don’t need the domain anymore
$DisabledPlans is in this case MFA_PREMIUM (This is tested for EMSPREMIUM license)

The error I get:
Set-MgUserLicense : Cannot convert the literal ‘EMSPREMIUM’ to the expected type ‘Edm.Guid’.
At line:5 char:15

… Set-MgUserLicense -UserID $upn -AddLicenses $AddLicense – …
```
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : InvalidOperation: ({ UserId = jneb…ionJsonSchema }:<>f__AnonymousType82) [Set-MgUserLicense_AssignExpanded1], RestException1
- FullyQualifiedErrorId : Request_BadRequest,Microsoft.Graph.PowerShell.Cmdlets.SetMgUserLicense_AssignExpanded1
  I think the problem is teh $license variable.

Thank you in advance for your help!

Answers

- VenkatV
- March 17, 2023 at 6:10 am
- 0 votes
0
I tried to reproduce the same in my environment and below is the result

Thanks to @jdweng for suggesting same point.
SkuPartNumber = "EMSPREMIUM"

I have used below PowerShell code to assign the EMS E5 license to user.
```
Install-Module -Name Microsoft.Graph.Authentication -Force
Import-Module -Name Microsoft.Graph.Authentication -Force
Connect-MgGraph -Scopes User.ReadWrite.All, Organization.Read.All
$upn           = "upnname"
$EMSE5 = Get-MgSubscribedSku -All | Where SkuPartNumber -eq 'EMSPREMIUM'
 Set-MgUserLicense -UserId $upn -AddLicenses @{SkuId = $EMSE5.SkuId} -RemoveLicenses @()
```
Output:

When I check the same in portal, license got assigned to user successfully.

Refer: Assigning licenses to user accounts for details about license assignment using Msgraph PowerShell.
Login or Signup to reply.

Hello if you need to use rest api requests instead of the cmdlets, below is how i would assign a single user office365 license.

# your app registration details
$tenantId = ""
$appId = ""
$appSecret = ""

$authUrl = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
$body = @{
    client_id     = $appId
    scope         = "https://graph.microsoft.com/.default"
    client_secret = $appSecret
    grant_type    = "client_credentials"
}
$response = Invoke-RestMethod -Method POST -Uri $authUrl -Body $body
$accessToken = $response.access_token

# user email address to assign the license
$userId = "[email protected]"

# you need to know the [license SKUID][1]
# api get request for licenses can be returned using
# $apiUrl = "https://graph.microsoft.com/v1.0/subscribedSkus"
$licenseSkuId = ""
$apiUrl = "https://graph.microsoft.com/v1.0/users/$userId/assignLicense"
$headers = @{
    "Authorization" = "Bearer $accessToken"
    "Content-Type" = "application/json"
}

# Set license assignment properties
$data = @{
    "addLicenses" = @(
        @{
            "skuId" = $licenseSkuId
        }
    )
    "removeLicenses" = @()
}

$body = $data | ConvertTo-Json

# API request
Invoke-RestMethod -Method post -Uri $apiUrl -Headers $headers -Body $body

# Check response
if ($response -ne $null) {
    Write-Output "License assigned successfully"
} else {
    Write-Output "Failed to assign license"
}

Please signup or login to give your own answer.

Click here to cancel reply.

Azure – assign license with MsGraph

Answers