Siirry pääsisältöön
Ohita sisällysluettelo

Manage Licenses Based on User Activity

Software licenses represent a significant and growing expense. Unused licenses assigned to inactive users can lead to unnecessary costs. To optimize spending, you can configure rules to automatically manage licenses based on user activity.

This guide explains how to use last logon data from Active Directory to automatically revoke or downgrade licenses for inactive users in systems like Microsoft 365 and Citrix.

How it works: Using last logon attributes

The system can read the last logon timestamp for a user from both on-premises Active Directory (AD) and Azure Active Directory (Azure AD). This information is then stored as an attribute on the user's profile.

  • LastlogonTimestamp: Stores the last logon time from on-premises AD.

  • AzureAdLastLogon: Stores the last logon time from Azure AD.

You can use these attributes in the rules engine to create automated workflows for license management.

Example 1: Automatically manage Microsoft 365 licenses

You can create a rule that automatically downgrades an expensive license (e.g., M365 E3) to a more affordable one (e.g., Exchange Online) if a user has been inactive for a specific period.

The rule in the image below applies to active users with a specific system role. It checks if the user has not logged into Azure AD in the last 60 days or if they have never logged in at all. If these conditions are met, the rule can trigger an action, such as changing the user's license group.

Rule logic breakdown:

  • AND AzureAdLastLogon on Earlier than Now - 60 days

  • TAI AzureAdLastLogon Ei arvoa

This logic identifies users who have been inactive for over 60 days.

Example 2: Automatically manage Citrix licenses

You can apply similar logic to manage other licenses, such as access to Citrix. The goal is to remove licenses from inactive users while allowing a grace period for new employees who may not have logged in yet.

The following workflow describes how to automate this process:

  1. The LastlogonTimestamp attribute is continuously updated from on-premises AD.

  2. The system first checks if the user has ever logged in (LastlogonTimestamp has a value).

    • If yes, it then checks if the last logon was more than 90 days ago.

      • If it was, the Citrix license is removed.

      • If it was not, the user retains access.

    • If no (the user has never logged in), the system checks if the account was created less than 90 days ago.

      • If yes, the user retains access (this is the grace period).

      • If no, the Citrix license is removed.

Best practices and support

As a best practice, licenses should be assigned based on specific needs rather than by default. If a license is not being used, it should be revoked to control costs and enhance security.

Note: Contact support if you need assistance or guidance on configuring rules to optimize your organization's license usage.

JavaScript-virheitä havaittu

Huomaa, että nämä virheet voivat riippua selaimesi asetuksista.

Jos ongelma jatkuu, ota yhteyttä asiakaspalveluumme.

Ota yhteyttä tukeen Sulje