Azure AD prevent login user without liense

Question

Hello,

users are synchronized with local AD for Exchange hybrid GAL.
We hae users without Office365 or other Cloud license.

this users can login to cloud websites like www.office.com (only myapps are visible).

But we want to prevent that users without license can login to cloud websites.

Only users with active office365 license should be possible to login.

Can we configure this?

thank you

Answer 1

@Mönnikes, Marc Unfortunately, there is no direct way to do this. However, in order to prevent unlicensed users form login to cloud apps, you can use Conditional Access policy. If you are using Group Based Licensing (GBL), you can add the group to Conditional Access policy with rule like All Users except member of the group that you are using for GBL should be blocked for All Cloud Apps.

If you are not using GBL, you may consider using it, as assigning licenses at the individual user level, can make large-scale management difficult. This will help you achieving the requirement that you have described.

Note: Conditional Access is a premium feature and would require Azure AD Premium P1/P2 license.

-----------------------------------------------------------------------------------------------------------

Please "Accept as answer" wherever the information provided helps you to help others in the community.

Answer 2

Why don't you simply block those users via the corresponding controls in the portal (or the BlockCredential parameter in PowerShell)? It's easy enough to list them...

Answer 3

Hello michev,

thank you for your answer.
Which controls do you mean in the portal?

The "sign in blocked" was overwritten after next Azure AD synchronisation, when i remember correctly.

Regards