Hey everyone! I'm facing a challenge with creating dynamic groups based on licensing requirements, particularly for users who don't have Business Basic. The dynamic group query for user.assignedLicense is pretty complex, and I'm finding the documentation on service plan IDs quite confusing. For instance, Business Basic has a GUID, but what I really need are the specific services associated with that license, like Intune. It's frustrating because I don't even know what it's called in this context; it might be labeled as 'exchange' or something similar. I'm looking for effective ways to decipher these IDs, especially since the official Microsoft table doesn't seem to correlate well with what I need. My ultimate goal is to exclude users with Business Basic or those assigned Intune licenses. I've already tried multiple Intune IDs but couldn't find 'Intune' in my User's service plan IDs using Graph. Any suggestions?
2 Answers
I get what you’re saying! I came across a .csv file from the resource that makes tracking this stuff much easier. According to that, it looks like the Intune ID you’re looking for is indeed c1ec4a95-1f05-45b3-a911-aa3fa01094f5.
Creating dynamic groups based on licensed products can be a pain. I had a similar issue distinguishing between A3 staff and A3 student licenses and had to use GUIDs for differentiating features that weren't available on the student plan. You might find that looking at service plan IDs gives you a better clue about what to use, like INTUNE_O365 or INTUNE_A.
I've seen that too! Here’s a workaround: You might need to manually exclude some IDs while including others in your expression. For excluding accounts without Intune, you can use a filter like this: (user.accountEnabled -eq true) and (user.assignedPlans -all assignedPlan.servicePlanId -notContains "c1ec4a95-1f05-45b3-a911-aa3fa01094f5"). Just a heads up, keep adjusting your filters to make sure you're avoiding unlicensed users!