- A
Configure Azure AD Connect
Why wrong: Not required for cloud-only groups.
- B
Add members to the group
Members inherit license.
- C
Create a security group
Group must exist to assign license.
- D
Ensure group is mail-enabled
Why wrong: Not required.
- E
Assign a license to the group
License is assigned to group.
Quick Answer
The answer is to assign a license to the group, add members to the security group, and verify the license assignment status. This is correct because group-based licensing in Azure AD automates license distribution by linking a product license directly to a security group; once the license is assigned to the group, any user added as a member automatically receives that license, eliminating the need for per-user manual assignments. On the Microsoft 365 Administrator MS-102 exam, this topic tests your understanding of identity management automation, often appearing in scenario-based questions where you must choose the correct sequence of steps. A common trap is forgetting that simply assigning a license to an empty group does nothing—members must be present for the license to take effect. To remember, think of the three-step chain: license to group, members to group, then verify—if any link is missing, the automation fails.
MS-102 Manage users, groups, licensing, and support Practice Question
This MS-102 practice question tests your understanding of manage users, groups, licensing, and support. Match the stated requirement to the specific cloud service, access model, or configuration option — many options are valid in isolation but not for this scenario. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
Which THREE steps are required to enable group-based licensing?
Answer choices
Why each option matters
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
Add members to the group
Option B is correct because group-based licensing in Azure AD requires that you add members to the security group that will have the license assigned. Without members, the license assignment has no effect, as the license is applied to all users in the group. This step ensures that the intended users receive the license automatically based on group membership.
Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
- ✗
Configure Azure AD Connect
Why it's wrong here
Not required for cloud-only groups.
- ✓
Add members to the group
Why this is correct
Members inherit license.
Related concept
Read the scenario before looking for a memorised answer.
- ✓
Create a security group
Why this is correct
Group must exist to assign license.
Related concept
Read the scenario before looking for a memorised answer.
- ✗
Ensure group is mail-enabled
Why it's wrong here
Not required.
- ✓
Assign a license to the group
Why this is correct
License is assigned to group.
Related concept
Read the scenario before looking for a memorised answer.
Common exam traps
Common exam trap: answer the scenario, not the keyword
The trap here is that candidates often think Azure AD Connect is required for any group-based operation, but group-based licensing is a cloud-native feature that does not require hybrid synchronization; the only prerequisites are an Azure AD tenant, a security group, and a valid license SKU.
Detailed technical explanation
How to think about this question
Group-based licensing uses Azure AD’s license assignment engine, which evaluates group membership and applies the specified license SKU to each member. The engine processes changes in near real-time, but for large groups (e.g., >20,000 members), it may take up to 24 hours to fully propagate. A subtle behavior is that if a user is a member of multiple groups with conflicting license assignments (e.g., different service plans), Azure AD will attempt to merge them but may fail if the plans are mutually exclusive, leaving the user in an error state.
KKey Concepts to Remember
- Read the scenario before looking for a memorised answer.
- Find the constraint that changes the correct option.
- Eliminate answers that are true in general but not in this case.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Real-world example
How this comes up in practice
A healthcare organisation deploys an application with a public-facing web tier and a private database tier. The database subnet has no public IP and only accepts connections from the web tier's security group. Questions like this test whether you can design cloud network isolation using VNets/VPCs, subnets, and security group rules.
What to study next
Got this wrong? Here's your next step.
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
- →
Manage users, groups, licensing, and support — study guide chapter
Learn the concepts, then practise the questions
- →
Manage users, groups, licensing, and support practice questions
Targeted practice on this topic area only
- →
All MS-102 questions
975 questions across all exam domains
- →
Microsoft 365 Administrator MS-102 study guide
Full concept coverage aligned to exam objectives
- →
MS-102 practice test guide
How to use practice tests most effectively before exam day
Related practice questions
Related MS-102 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
Deploy and manage a Microsoft 365 tenant practice questions
Practise MS-102 questions linked to Deploy and manage a Microsoft 365 tenant.
Implement and manage Microsoft Entra identity and access practice questions
Practise MS-102 questions linked to Implement and manage Microsoft Entra identity and access.
Manage security and threats by using Microsoft Defender XDR practice questions
Practise MS-102 questions linked to Manage security and threats by using Microsoft Defender XDR.
Manage compliance by using Microsoft Purview practice questions
Practise MS-102 questions linked to Manage compliance by using Microsoft Purview.
Manage users, groups, licensing, and support practice questions
Practise MS-102 questions linked to Manage users, groups, licensing, and support.
Implement and manage identity and access in Microsoft Entra ID practice questions
Practise MS-102 questions linked to Implement and manage identity and access in Microsoft Entra ID.
MS-102 fundamentals practice questions
Practise MS-102 questions linked to MS-102 fundamentals.
MS-102 scenario practice questions
Practise MS-102 questions linked to MS-102 scenario.
MS-102 troubleshooting practice questions
Practise MS-102 questions linked to MS-102 troubleshooting.
Practice this exam
Start a free MS-102 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this MS-102 question test?
Manage users, groups, licensing, and support — This question tests Manage users, groups, licensing, and support — Read the scenario before looking for a memorised answer..
What is the correct answer to this question?
The correct answer is: Add members to the group — Option B is correct because group-based licensing in Azure AD requires that you add members to the security group that will have the license assigned. Without members, the license assignment has no effect, as the license is applied to all users in the group. This step ensures that the intended users receive the license automatically based on group membership.
What should I do if I get this MS-102 question wrong?
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
What is the key concept behind this question?
Read the scenario before looking for a memorised answer.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Same concept, more angles
2 more ways this is tested on MS-102
These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.
Variation 1. A multinational company uses Microsoft 365 E5 licenses for all employees. Due to a recent cost optimization initiative, the IT department must remove Microsoft Entra ID Plan 2 and Microsoft Defender for Office 365 Plan 2 from a subset of users, while retaining the core Microsoft 365 E5 functionality (Exchange Online, SharePoint Online, Teams, and Microsoft 365 Apps). The company uses group-based licensing with dynamic groups. You need to recommend a licensing strategy that minimizes administrative effort and avoids service disruption. Which three of the following steps should you include in your strategy? (Choose three.)
medium- .Create a new Microsoft 365 E5 license SKU that excludes the add-on services and assign this custom SKU to the affected users via a dynamic group.
- ✓ .Identify the GUIDs of the service plans to be disabled (Microsoft Entra ID Plan 2 and Defender for Office 365 Plan 2) and use the Set-MgUserLicense cmdlet with the -RemoveLicenses parameter to remove specific service plans from existing licenses.
- ✓ .Use a dynamic group to assign the standard Microsoft 365 E5 license but configure the group’s license assignment to disable the unwanted service plans by specifying the disabled service plan GUIDs in the license assignment configuration.
- .Remove the Microsoft 365 E5 license from all users in the affected group and then assign a new, lower-cost license such as Microsoft 365 E3 to those users.
- .Use Microsoft Entra ID Governance’s Access Reviews to automatically remove the unwanted service plans from the affected users’ licenses on a recurring basis.
- ✓ .Use Microsoft Graph PowerShell to bulk-update the existing group-based licensing assignment for the affected dynamic group, specifying the service plans to disable in the -DisabledServicePlans parameter.
Why : The correct approach is to keep the existing Microsoft 365 E5 license but disable specific service plans (Microsoft Entra ID Plan 2 and Defender for Office 365 Plan 2) within the license assignment. This is done by identifying the service plan GUIDs and using either the Set-MgUserLicense cmdlet with the -RemoveLicenses parameter, configuring the dynamic group’s license assignment to disable those service plans, or using Microsoft Graph PowerShell with the -DisabledServicePlans parameter. These methods minimize administrative effort by leveraging group-based licensing and avoid service disruption because the core E5 functionality remains intact.
Variation 2. A company is deploying Microsoft 365 and wants to ensure that users in the finance department have access to only the apps they need. You need to recommend a licensing strategy that minimizes administrative overhead while enforcing access restrictions. What should you do?
medium- A.Create a security group with explicit membership and assign licenses to the group.
- ✓ B.Create a dynamic Azure AD group based on department attribute and assign licenses using group-based licensing.
- C.Assign licenses to users one by one in the Microsoft 365 admin center.
- D.Use PowerShell to assign licenses based on user department attribute.
Why B: Option B is correct because using a dynamic Azure AD group based on the department attribute automates membership updates as users change departments, and group-based licensing assigns the appropriate licenses to all members without manual intervention. This minimizes administrative overhead by eliminating the need to manually add or remove users from the group or assign licenses individually, while enforcing access restrictions by ensuring only finance users receive the licensed apps.
Last reviewed: Jun 11, 2026
This MS-102 practice question is part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the MS-102 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.