Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version 2

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Azure License Manager (ALM) is an licensable optional module in available within the EmpowerID Suite that is designed to help organizations inventory assist organizations in managing and auditing their Azure licenses and expenses across multiple various Azure tenants. This module is crucial for cost reporting and effective internal allocation of license expenses within their organization. To understand how Azure Licensing Manager can help your organization with the costs associated with Azure licenses, it is helpful to review how Azure provides licensing. For each Azure tenant, there exists one Azure Active Directory and in that Active Directory an organization can enable various Microsoft products to license them. Each product includes one or more Service Plans, which are the components or the services that are offered in that product like .

Understanding Azure Licensing

In Azure, each tenant is associated with an Azure Active Directory, within which various Microsoft products can be enabled and licensed. These products encompass multiple Service Plans detailing the services offered, such as Office 365 Enterprise E3, Visio, and Project. If your organization chooses to subscribe For instance, subscribing to Office Enterprise E3 , that product becomes a subscription with a specified number of licensed users with a includes a specific number of licenses priced per user per month cost.

Azure Licensing Challenges

There are multiple challenges with managing license distribution and license reporting for organizations Organizations face significant challenges in managing and reporting on license distribution when using Microsoft Office 365 and Azure. One key challenge is that when a company subscribes to licenses with , primarily because:

  • Licenses for Azure and Office 365

, it

  • can only

subscribe

  • be subscribed to once per organization.

For large

  • Large organizations with multiple departments or business units

using these licenses, there’s no real way to determine how many licenses are being consumed by which units or to grant responsibility to groups within the organization manage who gets licenses, who can approve license assignments and to report how much of the organization’s license budget is being consumed by the various business units. The below example provides a simple illustration of the challenges associated with determining how much of the total licensing costs spent by an organization can be allocated to individual business units from the information available in Azure. As can be seen, there exists a company consisting of a headquarters department with two business units, one located in Germany and another located in the United States. The company has one Azure subscription for Office 365 Enterprise E3 and one subscription for Visio Online Plan 1. In the case of Office 365 Enterprise E3, there are 10,000 users at a list price of $20 per month, which is an annual expense of $2,400,000. Some of these licenses are consumed by users in Germany, some are consumed by users in the United States, and some are consumed by users in the headquarters location. The question becomes, How many licenses are being consumed by each unit and how are those licenses being managed? With native Office 365 features, there’s no real way to gather data that is intelligent enough to portion off those licenses to each business unit to allow those units to see how much they are spending or to allow them to manage their own license assignments. Azure Licensing Manager allows organizations to gather the intelligence they view not just the total of their licensing costs, but to see who is driving costs and grant those entities the responsibility for managing license assignments

  • find it difficult to track license usage and allocate costs accordingly.

  • There is no straightforward method to determine license consumption per unit or to manage license assignments and approvals within different business segments.

Illustrative Scenario

Consider a hypothetical company with headquarters and two business units in Germany and the United States, respectively. The company subscribes to Office 365 Enterprise E3 for 10,000 users at $20 per user per month, totaling $2,400,000 annually. Allocating these costs and managing licenses per unit is complex without adequate tools. Azure Licensing Manager provides the necessary functionality to not only view total licensing costs but also manage and assign responsibilities for these costs effectively.

How Does Azure Licensing Manager Help?

EmpowerID provides a very flexible cost and responsibility allocation mechanism within Azure License Manager called "license pools and bundles." License pools and bundles allow an organization to break up their its subscriptions to match their logical organization structureits logical organizational structure.

Azure Licensing Manager introduces "license pools and bundles," allowing an organization to segment their subscriptions according to their structural hierarchy. This setup enhances visibility and control over licensing allocations and expenditures.

License Pools and Bundles

Keeping with In our previous example of a fictitious hypothetical company consisting of with a headquarters department and business units in both Germany and the United States and Germany, the above illustration demonstrates how license pools and bundles were discussed. These tools give organizations visibility the ability to see and control over licensing. In the exampleFor instance, the company has a total of 10,000 Office 365 Enterprise E3 licenses, one with each business unit having its license pool and license pool owner for each business unit, as well as owner. There are also several license bundles, each with an allocated assigned license count per bundle. So In Germany, for example, the business unit in Germany has been allocated 6,000 Office 365 Enterprise E3 licenses distributed to , which are spread across two license bundles, : the “DE "DE Standard Employees” and the “DE Interns” license bundles. The bundles themselves can Employees" and "DE Interns." The bundles have owners who can manage user and group assignments to the license bundles. All bundle owners determine who can have and can determine who has access to a license in the bundle and . They also become the default approvers for license access requests to a license in for their respective license bundles. By using Using license pools and bundles, the organization organizations can set control license cost controls, costs and bundle up the cost for a total expenditure allowed per license pool.

The below image provides an end-to-end flow of image below displays how Azure License Manager helps organizations visualize and control licensing costs. Azure (shown on the left), has a number of subscriptions has several subscriptions that the organization purchased, which in this case includes including 10,000 Office 365 Enterprise E3 licenses and 800 Visio Plan 1 licenses. In the middle of the image, these These licenses are logically divided into two logically-based license pools for cost allocations and expenditure—one pool expenditure, one for the German business unit in Germany and another for the US unit in the United States. Each license pool has assignable bundles, each with a specified number of user licenses mapped to a single Office or Azure product or a single subscription. 

Image Removed

On the right side of the image, in the Azure tenant, each license bundle is mapped to a single Azure Active Directory group for fulfillment. That group has been configured for group-based licensing and is mapped to that same subscription with service plans enabled or disabled. So, in the Germany example, users in the DE Standard Employees license bundle are fulfilled by a licensed Office 365 Enterprise E-3 full group, which grants all service plans as enabled. In contrast, whereas the license bundle for the DE Interns is mapped to a licensed Office 365 E-3 Limited group, which has two of those service plans disabled. The bundles deliver the same subscription , but have been configured and mapped to provide different features to their assignees.

Image Added

License Bundles - Key Points

  • License bundles are the assignable policy object you create in EmpowerID in order to grant to users a subscription in Azure

  • Each license bundle creates a single Azure subscription and pushes the resultant assignees of the bundle into a single Azure AD group

  • License bundles are mapped to a specific group in Azure that fulfills it

  • License bundles are assignable policy objects that can be assigned to any EmpowerID actor type, including users, groups, Management Roles, Business Roles, and Query-based Collections.

  • License bundles can have exclusion rules to prevent license assignments to certain people , as well as to and enforce regulatory restrictions. Exclusion rules can be applied to any EmpowerID actor type.

  • License bundles can be requested by self-service users in the IT IAM Shop

License Bundle Assignees

At the most basic levelits core, license bundle assignees are the people individuals who have been assigned to a license bundle and who should are eligible to receive the license granted by the bundle. As mentioned in the key points above, license bundles can be assigned to any EmpowerID actor type. This gives you the power to make assignments to license bundles using , which means that you can base your assignments on any criteria that makes make sense for your organization. License

The license bundle assignees can be diverse as any or all of the following:

You can assign user accounts directly

selected from a diverse pool that includes:

  • Directly assigning user accounts to a license bundle

  • You can assign Assigning a group in from another system , (such as those in an on-premise Active Directory, those in Amazon AWS, Salesforce, or ServiceNow, among others You can assign ) to a license bundle

  • Assigning Business Role and Locations to a license bundle, giving which grants all people with that Business Role and Location a license

  • You can assign Assigning Management Roles to a license bundle, giving which grants all people with that role a license

  • You can assign Assigning Query-based Collections (QBC) that return all users with a specific attribute value to a license bundle so that , which grants every user in each QBC gets a license

Beyond In addition to defining who should get receive the license bundle, you can also apply exclusion rules to the bundle to define who should not receive a license. As with assignments, you You can use the same actor types in your exclusion rules as you do in your assignments. Once a license bundle is defined with assignees and exclusion rules, ALM Azure License Manager calculates the resultant set of license bundle assignees, which is . This set includes everyone who should have is eligible for the license , bundle minus everyone who shouldn't should not have it. The end result is that everyone who is eligible for a license bundle will receive it.

Azure License Manager adds each of these assignees to the License Fulfillment Queue and pushes them into the mapped license bundle group in Azure AD, which , in turn, gives grants them the actual license.

License Bundle Eligibility

Beyond defining who should receive a license bundle, ALM makes it possible for you to define who should be eligible to receive a license bundle. Returning to the example of the fictitious company mentioned earlier, consider how the structure of the company can benefit by defining license bundle eligibility. As you may remember, the organization has:

  • A headquarters department and two business units, one located in Germany and another located in the United States,

    • One

    Azure License Manager (ALM) not only facilitates the assignment of license bundles but also enables organizations to define who is eligible to access these bundles. This capability is particularly useful for structuring license distribution according to organizational needs and ensuring that licenses are only available to appropriate user groups.

    Overview of the Organization's Structure and License Configuration

    The example organization comprises:

    • A headquarters department.

    • Two business units, one in Germany and another in the United States.

    This organization manages:

    • An Azure subscription for Office 365 Enterprise E3 with 10,000 users.

    • One An Azure subscription for Visio Online Plan 1.

    AdditionallyUsing ALM, using ALM the organization has strategically created license pools and license bundles to match their organizational structure and Azure subscriptions. So, they havealign with both its structural and operational frameworks:

    • One license pool for GermanyOne license pool for is dedicated to Germany, and another to the United States.

    • Four distinct license bundles for Office 365 Enterprise E3 have been established:

      • A license bundle for For standard employees in GermanyA license bundle for and interns in GermanyA license bundle for standard employees in both Germany and the United States

      • A license bundle for interns in the United States

      Four

      • .

    • Similarly, four license bundles for Visio Online Plan I are allocated:

      • A license bundle Also differentiated for standard employees in Germany

      • A license bundle for interns in Germany

      • A license bundle for standard employees in the United States

      • A license bundle for interns in the United States

    It looks like the organization has their licensing situation in a much better position — and they do. However, currently users can see all bundles when shopping for licenses in the IT Shop. And if they are not careful enough, users in one business unit could request licenses meant for users in another business unit, or interns could request licenses meant for standard employees. Further, the organization could inadvertently grant these requests, which would present an inaccurate picture

      • and interns within each geographical location.

    Challenges and Solutions in License Distribution

    Although the organization's licensing structure is robust, the visibility of all license bundles in the IAM Shop poses potential challenges. Users across different business units could inadvertently or incorrectly request licenses intended for other groups. This could lead to improper allocation, affecting the accuracy of business unit license usage tracking.

    To help prevent address this type of oversight, Azure License Manager uses what is known as Eligible Assignees to control which license bundles users can see when shopping for licenses. This keeps the organization from advertising license bundles to users who should not see those licenses. In this way, standard employees in Germany only see licenses that they can request, standard employees in the United States only see licenses they can request, interns in Germany only see licenses they can request and interns in the United States can only see licenses they can request. Each group only sees the licenses delegated to them by the respective license bundles. Insert excerptIL:External StylesheetIL:External Stylesheetnopaneltrue, EmpowerID employs a feature called "Eligible Assignees" to refine license visibility and access within the IAM Shop. This feature ensures that:

    • Each user group sees only the licenses appropriate for them based on their role and location within the organization.

    • Standard employees and interns in Germany and the United States are restricted to viewing and requesting only the bundles designated for them.

    By implementing these eligibility controls, the organization prevents cross-unit license requests and maintains accurate license distribution and usage tracking, aligning license management with organizational policies and structure.

    See Also

    Azure License Manager Components

    License Fulfillment

    License Optimization

    License Reclamation