Using the Work 365 Self-Service portal end-users are able to manage the Office 365 licenses. This capability is setup an App in your Azure AD. This article describes how you can disable the capability to manage licenses through the Work 365 application.
Pre-requisites
Performing this task will require the following:
- Portal Owner privileges
- Global Admin privileges on the tenant
Time required
The steps outlined in this task will take approximately 10 minutes.
Procedure
1) Login to ‘Azure Portal’ using the Global administrator account and click on the ‘Azure Active Directory’ icon within the ‘Azure Services’ section. In case you don’t find the ‘Azure Active Directory’ icon click on ‘More Services’ to the right to enable the same.
2) Open the Application which you had created initially to enable ‘Azure AD’ authentication for the Portal.
The application name should probably be ‘Dynamics 365 Portals Customer Login’ if you have followed the naming convention mentioned in our ‘Azure AD’ integration article.
Click on the ‘Authentication’ menu on the left-hand side navigation.
You will find some URL’s configured on the right-hand pane.
Delete all the URL records which have the below format by clicking the bin icon to the right of the record.
[PORTAL URL]/managelicenses
[PORTAL URL]/licenses
[PORTAL URL]/[LANG]/licenses
E.g.: In the screen below, we would delete the 2 records highlighted in yellow.
Ensure that the check-boxes below are still checked and hit ‘Save’.
3) Now Click on ‘API Permissions’ on the left-hand side navigation.
You should see the list of permissions assigned to the app on the right-hand pane.
Select the one labelled ‘Direcotory.ReadWrite.All’ and click the ‘…’ button on the right.
Then click ‘Remove permission’
Click on ‘Yes, Remove’ when you are prompted with the confirmation message below.
4) Congratulations! You has successfully disabled Office 365 License management on your Portal.