0

By using msal in Python to create a token, I'm attempting to assign a license to the user.

import msal

client_id = xxx
client_secret= xxx
tenant_id = xxx
authority = f"https://login.microsoftonline.com/{tenant_id}"
scopes = ['https://graph.microsoft.com/.default']

app = msal.ConfidentialClientApplication(client_id, client_secret, authority=authority)

result = app.acquire_token_for_client(scopes)
access_token = result['access_token']
print(access_token)

Where can I find license SKU Id? Nowhere in Portal can I find it. Or is there a way to get it from graph call or powershell?

Once I have the SkuId, I want to assign that license to the user. This is the license assignment document that I've managed to obtain so far, but lost at SkuId part:

https://learn.microsoft.com/en-us/graph/api/user-assignlicense?view=graph-rest-1.0&tabs=http

Sridevi
  • 10,599
  • 1
  • 4
  • 17
Shiv
  • 3
  • 2

1 Answers1

0

To get the value of SKU IDs of Office 365 licenses, you can make use of below Graph API call:

GET https://graph.microsoft.com/v1.0/subscribedSkus?$select=skuPartNumber,skuId

I registered one Azure AD application and granted API permissions:

enter image description here

I used below python code to get access token and print SKU IDs of existing licenses in organization:

import msal
import requests

client_id = "appID"
client_secret= "secret"
tenant_id = "tenantID"
authority = f"https://login.microsoftonline.com/{tenant_id}"
scopes = ['https://graph.microsoft.com/.default']

app = msal.ConfidentialClientApplication(client_id, client_secret, authority=authority)

result = app.acquire_token_for_client(scopes)
access_token = result['access_token']
print(access_token)

url = "https://graph.microsoft.com/v1.0/subscribedSkus?$select=skuPartNumber,skuId"
headers = {
    "Authorization": "Bearer " + access_token
}

response = requests.get(url, headers=headers)
data = response.json()

for sku in data['value']:
    print("\nSKU Part Number:", sku['skuPartNumber'])
    print("SKU ID:", sku['skuId'])
    print()

Response:

enter image description here

You can assign license to user with below python code by adding few lines:

import msal
import requests

client_id = "appID"
client_secret= "secret"
tenant_id = "tenantID"
authority = f"https://login.microsoftonline.com/{tenant_id}"
scopes = ['https://graph.microsoft.com/.default']

app = msal.ConfidentialClientApplication(client_id, client_secret, authority=authority)

result = app.acquire_token_for_client(scopes)
access_token = result['access_token']
print(access_token)

url = "https://graph.microsoft.com/v1.0/users/xxxxxxxxx/assignLicense"
headers = {
    "Authorization": "Bearer " + access_token,
    "Content-type": "application/json"
}

payload = {
    "addLicenses": [
        {
            "skuId": "c7df2760-2c81-4ef7-b578-5b5392b571df"
        }
    ],
    "removeLicenses": []
}

response = requests.post(url, headers=headers, json=payload)
print(response.status_code)
print(response.json())

Response:

enter image description here

To confirm that, I checked the same in Portal where Office 365 E5 license assigned successfully to user:

enter image description here

Reference: List subscribedSkus - Microsoft Graph v1.0

Sridevi
  • 10,599
  • 1
  • 4
  • 17
  • Thanks for the response, it helped me to go one step further. But how can I identify the license is Office 365 only with sku part number? It's a bit confusing. – Shiv Aug 07 '23 at 00:11
  • You can find the **license name** by searching `SKU part number` in this [MS Document](https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-service-plan-reference) – Sridevi Aug 07 '23 at 03:09
  • For some users throwing error 400 {'error': {'code': 'Request_BadRequest', 'message': 'License assignment cannot be done for user with invalid usage location.', 'innerError': {'date': '2023-08-12T02:38:00', 'request-id': '067f6a9c-a39a-47aa-a320-dcf3a49e0c94', 'client-request-id': '067f6a5c-a39a-47aa-a320-dcf3a49e0c94'}}} – Shiv Aug 12 '23 at 03:04
  • Could you include what usage location user has configured with, by checking user's profile properties? – Sridevi Aug 12 '23 at 03:09
  • Infact those users don't have any location configured in the past. You want me to set that property now, mandatory? – Shiv Aug 12 '23 at 04:12
  • Yes, you have to set **usage location** property for users that is required to assign licenses. After setting location, rerun the code. – Sridevi Aug 12 '23 at 04:19