Rule description
This rule queries Microsoft 365 accounts, filters them by the specified licensing criteria, and returns the resulting accounts and their licensing details.
When to use this rule
Use this rule to get a report with Microsoft 365 users filtered by licensing criteria.
Rule Settings
Query Section
Setting name | Description |
---|---|
Limit scope to this Azure AD Administrative Unit |
You can select Azure AD Administrative Unit to limit the Web Query scope. By default, the value is taken from the Virtual Admin Unit setting. Important: To test rule configuration, you can limit the rule scope to an Azure AD AU that contains test accounts or objects.
|
Query criteria |
Query criteria are sent with the query and may improve query performance. Tip: For different samples on the criteria builder, see KB20180410-1.
|
User state |
Specify the user state to include in the query:
|
Include licensed users |
This setting allows for the inclusion of only licensed or unlicensed users or all users. |
MS365 user mailbox type |
Specify the user mailbox type to include in the query:
|
User type |
Specify the user type to include in the query:
|
Filter by licenses |
You can filter users by assigned licenses and apps/services:
Also, you can add filtering by inheritance of assigned applications and services:
|
Show license assignment paths |
If set to Yes the output report will include the license assignment paths: direct or inherited (GBL-assigned). |
Show service plan details |
If set to Yes the output report will include the names of all apps assigned to the user instead of the aggregate count. If Yes, show service plans in separate columns is selected service plans in separate columns will be displayed. |
Show service plan status |
If set to Yes the output report will include the names and statuses of all apps assigned to the user. |
License details separator character |
The separator is used when displaying multiple licenses or app names in a single output column. Possible separators are:
|
Include only filtered licenses in output |
If set to Yes the output report will only list those assigned licenses explicitly included in the filter above. |
Other Query Settings |
|
Properties to Display |
To display additional Microsoft 365 properties for each object found by the query, add those properties to the list. |
System properties |
List of properties required for this rule to be executed correctly. |
Sort by |
Sort result objects list. |
Post-query filter |
To hide unwanted data based on criteria, not supported by the target system in the query criteria, set the filtering conditions here. Example: filter by the found object Distinguished Name. Tip: For optimal performance, use the Query criteria above to filter objects whenever possible.
|
Sort by |
Sort result objects list. |
Limit result set |
The maximum number of users returned from Microsoft 365 by default is 2000. Tip: It is possible to change the default value in Microsoft Microsoft 365 extension settings.
|
MS Graph query condition (OData) |
By default, Query criteria are used. But when the MS Graph query condition is specified, it overrides the Query criteria setting. Example: find all Microsoft 365 user accounts with displayname starting with 'Adam.' (startswith(displayName,'Adam')) |
Initialization script |
|
Script |
Usually, rules use query criteria to limit the query search scope. It improves the performance of the executed rule. Due to PowerShell limitations, using calculated expressions in query criteria is impossible. That is the point where the initialization script can help. You can initialize a global variable in this setting and then use it in query criteria. Important: To use a variable, declared in the initialization script, in the query scope, it must be global: $global:<variable name>.
Example: Update AD users, created in the last ten days.
{$global:DatePeriod = (Get-Date).AddDays(-10)}
|
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Enforce/Schedule section article.
Change History
Version | Notes |
---|---|
11.3.0 | The Show service plan details setting is updated with a new Yes, show service plans in separate columns value. |
9.3.0 | The rule has been added to the product. |
Comments
0 comments
Please sign in to leave a comment.