Office 365 Users License Optimization
Rule description
This rule returns a list of Microsoft 365-licensed users and their recommended optimization scenario according to the selected model.
When to use this rule
Use this rule when you need to get a list of Microsoft 365-licensed users and their recommended optimization scenario according to the selected model.
Rule settings
Query section
| Setting name | Description |
|---|---|
|
Limit scope to this Entra ID administrative unit
|
This setting defines the search query scope. To improve query performance, limit the scope to a specific Entra ID administrative unit. IMPORTANT: To test the rule configuration, limit the rule scope to an administrative unit that contains test accounts or objects. |
| Query criteria |
Query criteria are sent with the query and may improve query performance. TIP: For additional information on the criteria builder, see the How to use Query Builder dialog for Query Criteria and Filter rule settings. |
| Post-query filter |
To hide unwanted data based on criteria, not supported by the Microsoft 365 query criteria above, set the filtering conditions here. TIP: For optimal performance, use the Query criteria above to filter objects whenever possible. |
| Properties to display |
Each object property defined in this setting matches the column that will be displayed in the Web Portal for this web query. To display additional columns, add the required properties to the Properties to display list. To add extension attribute 1 that is synchronized from AD, you need to use a value like:
Copy
|
| Optimization model | Select an optimization model for the optimization scenario calculation. |
| User account properties | |
| Account state |
Specify the account state:
|
| User type |
Specify the user type:
|
| Account sync status |
Specify the account sync status:
|
| Modern MFA status |
Specify the modern MFA status:
|
| Administrator role |
Specify the administrator role assigned to the user:
NOTE: Use the ... picker to define a custom filter by using existing roles in your organization. |
| Date-time properties | |
| Minimum account age (hours) | Specify the minimum account age for the Microsoft 365 user accounts. |
| Maximum account age (hours) | Specify the maximum account age for the Microsoft 365 user accounts. |
| Last Microsoft 365 sign-in (days ago) |
Set a minimum number of days passed since a user sign-in to Microsoft 365. Use 0 to disable the setting. NOTE: Using this parameter requires an Entra ID Premium P1/P2 license in the tenant. |
| Last password change (days ago) | Set a minimum number of days since the user changed the password. |
| Last sync time (days ago) | Set a minimum number of days since the last sync time. |
| Extension attributes | |
| ExtensionAttribute1-15 |
If you use Microsoft 365 extension attributes to store additional information for user accounts, you could select these attributes and map them to Other Attributes. Learn more in: How to add custom attributes to New Object and Object Properties wizards in Web Portal. |
| Mailbox and licensing filters | |
| Mailbox type |
Specify the mailbox type:
|
| Include licensed users |
Specify the users to be included:
|
| Filter by licenses |
You can filter users by assigned licenses and apps/services: License filter conditions are split into two groups: filter by licenses and filter by apps/services. Licenses can be filtered by ALL, ANY, and NOT:
Apps/services filter conditions:
Also, you can add filtering by inheritance of assigned applications and services:
|
| Organization properties | |
|
Specify the organization properties to query. |
| Map to text file | |
| Select data source |
Specify the text file to be imported. The […] (three dots) button allows the user to browse for the file and the Create/Edit button allows the creation or editing of the existing file in the built-in Data Source editor. |
| Separator used in file | Specify the separator that is used in the CSV file. |
| Data source anchor attribute | Select a column in the data source that contains the attribute value for identifying and mapping a user. |
| System anchor attribute | Specify the user anchor attribute. |
| Other query settings | |
| System properties | Specify the properties required in target users to run the report. |
| Sort by | Specify the property to sort the resulting list. |
| Limit result set |
Specify the maximum number of users returned from Microsoft 365. The default limit is 2000. TIP: It is possible to change the default value in the Microsoft 365 extension settings. |
| MS Graph query condition (OData) |
By default, Query criteria are used. But when the MS Graph query condition is specified, it overrides the Query criteria setting. See this article for examples: How to use Query Builder dialog for Query Criteria and Filter rule settings. |
| MS Graph advanced queries | Enables consistency level eventually which uses an index that might not be up-to-date with recent changes to the object. |
| Initialization script | |
| Script |
Usually, rules use query criteria to limit the query search scope. It improves the performance of the executed rule. Due to the PowerShell limitations, it is not possible to use calculated expressions in query criteria. That is the point where the initialization script can help. You can initialize a global variable in this setting and then use it in query criteria. IMPORTANT: To use a variable, declared in the initialization script, in the query scope, it must be global: Example: Update AD users, created in the last ten days.
|
Output section
This section defines the output format of this rule.
To get more information about this section, please see the Rule Output section article.
Comments
0 comments
Please sign in to leave a comment.