RISHAssign EMS licenses to all licensed users
Azure conditional access provides amazingly flexible control over access to Office 365 resources and services based on location/user group membership/device etc. Leveraging it to block access generally requires EMS (Enterprise Mobility + Security) licenses for all users. This short script will assign EMS licenses to all users in your tenant who are licensed but do not have EMS yet.
$VerbosePreference = "Continue"
$SKU = get-msolaccountSKU | ?{$_.accountskuid -match ':EMS$'} | select -expand AccountSKUID
if ($SKU) {
$LicensingFailures = @{}
$allUsersThatNeedEMS = get-msoluser -all | ?{$_.islicensed -and !($_.licenses | ?{$_.accountskuid -eq $SKU})}
$allusersThatNeedEMS | %{
$u = $_;
try{
Set-MsolUserLicense -UserPrincipalName $u.userprincipalname -AddLicenses $SKU -ErrorAction Stop
Write-verbose "Successfully added $SKU to $($u.userprincipalname)"
} catch {
Write-Error "Failed to add $SKU to $($u.userprincipalname) because: $_"
$LicensingFailures."$($u.userprincipalname)" = $_
}
}
Write-host "The following failures occurred"
$LicensingFailures
} else {
Write-host "No EMS license SKU found"
}