Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Azure License Manager (ALM) is an

licensable

optional module

in

within the EmpowerID Suite

that is

designed to

help organizations inventory

assist organizations in managing and auditing their Azure licenses and expenses across

multiple

various Azure tenants. This module is crucial for cost reporting and effective internal allocation of license expenses

within their organization. To understand how Azure Licensing Manager can help your organization with the costs associated with Azure licenses, it is helpful to review how Azure provides licensing. For each Azure tenant, there exists one Azure Active Directory and in that Active Directory an organization can enable various Microsoft products to license them. Each product includes one or more Service Plans, which are the components or the services that are offered in that product like

.

Understanding Azure Licensing

In Azure, each tenant is associated with an Azure Active Directory, within which various Microsoft products can be enabled and licensed. These products encompass multiple Service Plans detailing the services offered, such as Office 365 Enterprise E3, Visio, and Project.

If your organization chooses to subscribe to

For instance, subscribing to Office Enterprise E3

, that product becomes a subscription with a specified number of licensed users with a

includes a specific number of licenses priced per user per month

cost

.

Image Removed
Image Added

Azure Licensing Challenges

There are multiple challenges with managing license distribution and license reporting for organizations

Organizations face significant challenges in managing and reporting on license distribution when using Microsoft Office 365 and Azure

. One key challenge is that when a company subscribes to licenses with

, primarily because:

  • Azure and Office 365

, it

  • licenses can only

subscribe

  • be subscribed to once per organization.

For large

  • Large organizations with multiple departments or business units

using these licenses, there’s no real way to determine how many licenses are being consumed by which units or to grant responsibility to groups within the organization manage who gets licenses, who can approve license assignments and to report how much of the organization’s license budget is being consumed by the various business units. The below example provides a simple illustration of the challenges associated with determining how much of the total licensing costs spent by an organization can be allocated to individual business units from the information available in Azure. As can be seen, there exists a company consisting of a headquarters department with

  • find tracking license usage difficult and allocating costs accordingly.

  • There is no straightforward method to determine license consumption per unit or to manage license assignments and approvals within different business segments.

Illustrative Scenario

Consider a hypothetical company with headquarters and two business units, one

located

in Germany and

another located

the other in the United States. The company

has one Azure subscription for

subscribes to Office 365 Enterprise E3

and one subscription

for

Visio Online Plan 1. In the case of Office 365 Enterprise E3, there are

10,000 users at

a list price of

$20 per user per month,

which is an annual expense of

totaling $2,400,000 annually.

Some of these licenses are consumed by users in Germany, some are consumed by users in the United States, and some are consumed by users in the headquarters location. The question becomes, How many licenses are being consumed by each unit and how are those licenses being managed? With native Office 365 features, there’s no real way to gather data that is intelligent enough to portion off those licenses to each business unit to allow those units to see how much they are spending or to allow them to manage their own license assignments. Azure Licensing Manager allows organizations to gather the intelligence they view not just the total of their licensing costs, but to see who is driving costs and grant those entities the responsibility for managing license assignments. Image Removed

Allocating these costs and managing licenses per unit is complex without adequate tools. Azure Licensing Manager provides the necessary functionality to view total licensing costs and manage and assign responsibilities for these costs effectively.

Image Added

How Does Azure Licensing Manager Help?

EmpowerID provides a

very

flexible cost and responsibility allocation mechanism within Azure License Manager called "license pools and bundles." License pools and bundles allow an organization to break up

their

its subscriptions to match

their logical organization structure. Image Removed

its logical organizational structure.

Azure Licensing Manager introduces "license pools and bundles," allowing an organization to segment their subscriptions according to their structural hierarchy. This setup enhances visibility and control over licensing allocations and expenditures.

Image Added

License Pools and Bundles

Keeping with

In our previous example of a

fictitious

hypothetical company

consisting of

with a headquarters department and business units in

both Germany and

the United States and Germany,

the above illustration demonstrates how

license pools and bundles were discussed. These tools give organizations

visibility

the ability to see and control

over

licensing.

In the example

For instance, the company has

a total of

10,000 Office 365 Enterprise E3 licenses,

one

with each business unit having its license pool and

license pool owner for each business unit, as well as

owner. There are also several license bundles, each with an

allocated

assigned license count per bundle.

So for

For example, the business unit in Germany has been allocated 6,000 Office 365 Enterprise E3 licenses

distributed to

, which are spread across two license bundles

,

: the

“DE

"DE Standard

Employees” and the “DE Interns” license bundles. The bundles themselves can

Employees" and "DE Interns." The bundles have owners who can manage user and group assignments

to the license bundles. All bundle owners determine who can have

and can determine who has access to a license in the bundle

and

. They also become the default approvers for license access requests

to a license in

for their respective license bundles.

By using

Using license pools and bundles,

the organization

organizations can

set

control license

cost controls,

costs and bundle up the cost for a total expenditure allowed per license pool.

The

below image provides an end-to-end flow of

image below displays how Azure License Manager helps organizations visualize and control licensing costs. Azure

(shown on the left), has a number of subscriptions

has several subscriptions that the organization purchased,

which in this case includes

including 10,000 Office 365 Enterprise E3 licenses and 800 Visio Plan 1 licenses.

In the middle of the image, these

These licenses are

logically

divided into two logically-based license pools for cost allocations and

expenditure—one pool

expenditure, one for the German business unit

in Germany

and another for the US unit

in the United States

. Each license pool has assignable bundles, each with a specified number of user licenses mapped to a single Office or Azure product or

a single

subscription.

 Image Removed

On the right side of the image, in the Azure tenant, each license bundle is mapped to a single Azure Active Directory group for fulfillment. That group has been configured for group-based licensing and

is

mapped to that

same

subscription with service plans enabled or disabled. So, in the Germany example, users in the DE Standard Employees license bundle are fulfilled by a licensed Office 365 Enterprise E-3 full group, which grants all service plans as enabled. In contrast,

whereas

the license bundle for the DE Interns is mapped to a licensed Office 365 E-3 Limited group, which has two of those service plans disabled. The bundles deliver the same subscription

,

but have been configured and mapped to provide different features to their assignees.

Image Added

License Bundles - Key Points

  • License bundles are the assignable policy object you create in EmpowerID

in order

  • to grant

to

  • users a subscription in Azure

  • Each license bundle creates a single Azure subscription and pushes the resultant assignees of the bundle into a single Azure AD group

  • License bundles are mapped to a specific group in Azure that fulfills it

  • License bundles are assignable policy objects that can be assigned to any EmpowerID actor type, including users, groups, Management Roles, Business Roles, and Query-based Collections.

  • License bundles can have exclusion rules to prevent license assignments to certain people

, as well as to

  • and enforce regulatory restrictions. Exclusion rules can be applied to any EmpowerID actor type.

  • License bundles can be requested by self-service users in the

IT

  • IAM Shop

Image Removed
Image Added

License Bundle Assignees

At

the most basic level

its core, license bundle assignees are

the people who have been

individuals assigned to a license bundle

and who should

who, as a result of the assignment, are eligible to receive the license granted by the bundle. As mentioned

in the key points above

, license bundles can be assigned to any EmpowerID actor type.

This gives you the power to make assignments to license bundles using any criteria that makes sense

You can base your assignments on any criteria for your organization.

License

The license bundle assignees can be

diverse as any or all of the following:You can assign user accounts directly

selected from a diverse pool that includes:

  • Directly assigning user accounts to a license bundle

You can assign

  • Assigning a group

in

  • from another system

,

  • (such as

those in an

  • on-premise Active Directory,

those in

  • Amazon AWS, Salesforce, or ServiceNow

, among others You can assign Business Role

  • ) to a license bundle

  • Assigning Business Roles and Locations to a license bundle,

giving

  • which grants all people with that Business Role and Location a license

You can assign

  • Assigning Management Roles to a license bundle,

giving

  • which grants all people with that role a license

You can assign

  • Assigning Query-based Collections (QBC) that return all users with a specific attribute value to a license bundle

so that

  • , which grants every user in each QBC

gets

  • a license

Beyond

In addition to defining who should

get

receive the license bundle, you can apply exclusion rules

to the bundle

to define who should not receive a license.

As with assignments, you

You can use the same actor types in your exclusion rules as in your assignments. Once a license bundle is defined with assignees and exclusion rules,

ALM

Azure License Manager calculates the resultant set of license bundle assignees

, which is everyone who should have

. This set includes everyone eligible for the license

,

bundle minus everyone who

shouldn't

should not have it. The end result is that everyone

who is

eligible for a license bundle will receive it.

Azure License Manager adds each of these assignees to the License Fulfillment Queue and pushes them into the mapped license bundle group in Azure AD, which

, in turn, gives

grants them the actual license.

License Bundle Eligibility

Beyond defining who should receive a license bundle, ALM makes it possible for you to define who should be eligible to receive

a license bundle

one. Returning to the company example

of the fictitious company

mentioned earlier, consider how

the structure of the company can benefit by

defining license bundle eligibility can benefit the company's structure.

As you may remember, the organization

has

comprises:

  • A headquarters department

and two

  • .

  • Two business units, one

located

  • in Germany and another

located

  • in the United States

,One

  • .

This organization manages:

  • An Azure subscription for Office 365 Enterprise E3 with 10,000 users.

One

  • An Azure subscription for Visio Online Plan 1.

Additionally

Using ALM,

using ALM

the organization has strategically created license pools and license bundles to

match their organizational structure and Azure subscriptions. So, they have

align with both its structural and operational frameworks:

  • One license pool

for GermanyOne license pool for

  • is dedicated to Germany, and another to the United States.

  • Four distinct license bundles for Office 365 Enterprise E3 have been established:

A license bundle for

    • For standard employees

in GermanyA license bundle for

    • and interns in

GermanyA license bundle for standard employees in

    • both Germany and the United States

  • A license bundle for interns in the United States

    • Four

      • .

    • Similarly, four license bundles for Visio Online Plan I are allocated:

    A license bundle

      • Also differentiated for standard employees

    in Germany

  • A license bundle for interns in Germany

  • A license bundle for standard employees in the United States

  • A license bundle for interns in the United States

    • It looks like the organization has their licensing situation in a much better position — and they do. However, currently users can see all bundles when shopping for licenses in the IT Shop. And if they are not careful enough, users in one business unit could request licenses meant for users in another business unit, or interns could request licenses meant for standard employees. Further, the organization could inadvertently grant these requests, which would present an inaccurate picture

      • and interns within each geographical location.

    Although the organization's licensing structure is robust, the visibility of all license bundles in the IAM Shop poses potential challenges. Users across different business units could inadvertently or incorrectly request licenses intended for other groups. This could lead to improper allocation, affecting the accuracy of business unit license usage tracking.

    To

    help prevent

    address this

    type of oversight, Azure License Manager uses what is known as Eligible Assignees to control which license bundles users can see when shopping for licenses. This keeps the organization from advertising license bundles to users who should not see those licenses. In this way, standard employees in Germany only see licenses that they can request, standard employees in the United States only see licenses they can request, interns in Germany only see licenses they can request and interns in the United States can only see licenses they can request. Each group only sees the licenses delegated to them by the respective license bundles. Insert excerptIL:External StylesheetIL:External Stylesheetnopaneltrue

    , EmpowerID employs an "Eligible Assignees" feature to refine license visibility and access within the IAM Shop. This feature ensures that:

    • Each user group sees only the appropriate licenses based on their role and location within the organization.

    • Standard employees and interns in Germany and the United States are restricted to viewing and requesting only the bundles designated for them.

    By implementing these eligibility controls, the organization prevents cross-unit license requests and maintains accurate license distribution and usage tracking, aligning license management with organizational policies and structure.

    Conclusion

    Azure License Manager (ALM) within the EmpowerID Suite emerges as a pivotal solution for organizations grappling with the complexities of managing and auditing Azure licenses across diverse Azure tenants. ALM not only aids in the meticulous tracking and allocation of licensing costs but also enhances the strategic management of these assets. By integrating functionalities like license pools and bundles, ALM allows organizations to segment their licenses in alignment with their structural hierarchies, offering a granular level of control and visibility over license allocations and expenses.

    Moreover, ALM's introduction of "Eligible Assignees" and the ability to apply specific eligibility criteria further refine the licensing process. This ensures that only appropriate user groups access specific license bundles, preventing misallocation and optimizing license utilization across departments. ALM supports a more accurate and fair distribution of resources tailored to each unit's needs by effectively preventing unauthorized access and ensuring each business unit only views and requests suitable licenses.

    Ultimately, Azure License Manager is indispensable for enterprises seeking to streamline their license management processes, enforce compliance, and achieve a more accurate financial oversight over their Azure expenditures. This tool simplifies administrative burdens and drives operational efficiency and cost-effectiveness, making it an essential asset for modern digital enterprises.

    Div
    stylefloat: left; position: fixed;padding: 5px;

    IN THIS ARTICLE

    Table of Contents
    maxLevel4
    minLevel2
    stylenone

    See Also

    Azure License Manager Components

    License Fulfillment

    License Optimization

    License Reclamation