[GH-ISSUE #4090] [Feature Request]: Allow License Removal Workflow to Handle Inherited Licenses from Group Membership #1854

New issue

Closed

opened 2026-03-02 13:47:39 +03:00 by kerem · 1 comment

kerem commented

2026-03-02 13:47:39 +03:00

Owner

Originally created by @AbsaconIT on GitHub (May 14, 2025).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/4090

Please confirm:

I have searched existing feature requests (open and closed) and found no duplicates.
**me or my organization is currently an active sponsor of the product at the $99,- level.

Problem Statement

During user offboarding, we encounter an issue where certain licenses cannot be removed due to inheritance from group membership. Specifically, we receive the error:

"Could not remove the license for user@example.com. Error: User license is inherited from group membership and cannot be removed directly from the user."

This occurs because an Entra ID P2 license is assigned via a dynamic group (Exchange_License_Holders). We would like the offboarding workflow to handle this scenario more gracefully.

Benefits for MSPs

Reduces manual intervention during offboarding.
Improves automation and consistency in license cleanup.
Prevents confusion or errors caused by inherited license assignments.
Saves time by avoiding the need to manually adjust group memberships or license dependencies.

Value or Importance

This feature is important because it addresses a common edge case in automated offboarding. Without this, MSPs must manually identify and remove licenses that include an Exchange license. Once the Exchange license is removed, the inherited Entra ID P2 license is automatically revoked. Automating this step would streamline the offboarding process, reduce manual effort, and minimize the risk of errors.

PowerShell Commands (Optional)

No response

Originally created by @AbsaconIT on GitHub (May 14, 2025). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/4090 ### Please confirm: - [x] **I have searched existing feature requests** (open and closed) and found no duplicates. - [x] **me or my organization is currently an active sponsor of the product at the $99,- level. ### Problem Statement During user offboarding, we encounter an issue where certain licenses cannot be removed due to inheritance from group membership. Specifically, we receive the error: "Could not remove the license for user@example.com. Error: User license is inherited from group membership and cannot be removed directly from the user." This occurs because an Entra ID P2 license is assigned via a dynamic group (Exchange_License_Holders). We would like the offboarding workflow to handle this scenario more gracefully. ### Benefits for MSPs - Reduces manual intervention during offboarding. - Improves automation and consistency in license cleanup. - Prevents confusion or errors caused by inherited license assignments. - Saves time by avoiding the need to manually adjust group memberships or license dependencies. ### Value or Importance This feature is important because it addresses a common edge case in automated offboarding. Without this, MSPs must manually identify and remove licenses that include an Exchange license. Once the Exchange license is removed, the inherited Entra ID P2 license is automatically revoked. Automating this step would streamline the offboarding process, reduce manual effort, and minimize the risk of errors. ### PowerShell Commands (Optional) _No response_

kerem

2026-03-02 13:47:39 +03:00

closed this issue
added the
enhancement

no-priority

not-assigned
labels

kerem commented

2026-03-02 13:47:39 +03:00

Author

Owner

@KelvinTegelaar commented on GitHub (May 15, 2025):

To do this, set the checkbox to remove the user from their groups - we'll still skip the removal but when teh user is removed from groups it resolves the issue on its own.

@KelvinTegelaar commented on GitHub (May 15, 2025): To do this, set the checkbox to remove the user from their groups - we'll still skip the removal but when teh user is removed from groups it resolves the issue on its own.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/CIPP#1854

No description provided.

Rows
Columns