Automatically remove O365 license from disabled AD user when using Azure AD Sync
When you delete a user in local AD and sync using the Azure AD Sync tool, it removes that user from O365. Nothing happens if you DISABLE a user in local AD. You could remove the O365 license from disabled AD users automatically (or somehow disable the account), as often you cannot delete employees from AD right away and need to leave them for weeks or months. Disabling seems like a good way to make user management easier.
REALLY want this. I also want to be able to have the license in the group automatically purchased if there are not enough.
Rob Bayne commented
I agree, this would be incredibly useful. If you actually delete a user from your AAD (no longer sync them), their mailbox gets flagged for deletion. We have a Retention Policy which preserves the mailbox, but the mailbox cannot be re-attached if the user later rejoins the org, is synced, and re-licensed. This means that if we have a user that is on long-term leave, we have to leave them synced and licensed. This makes makes license management a nightmare.
Anton Pozdnyakov commented
Indeed deleting users in AD is something that is not recommended. Disabling them is a much better option.
In fact, there is a way to automatically revoke Office 365 licenses from deprovisioned users without deleting them. Have a look at this tool, it does exactly what you are asking for: http://www.adaxes.com/office-365_automation_management.htm
Mike Waranowicz commented
Also expired accounts - set to with the "accountExpires" attribute. Users that are leaving get set to expire after their last day and the accounts may need to be kept temporarily, just inactive, but the license remains applied to the account.