Identities and Licenses in Microsoft Teams


The course is part of this learning path

Start course

In this course, we will look at Microsoft Teams and how to plan a Teams Deployment within an Organization.

Learning Objectives

  • Preparing your organization for a Microsoft Teams Deployment
  • The lifecycle of a Team and how that affects your userbase
  • How to manage identities and authentication within Microsoft Teams
  • What Hybrid connectivity is and how it plays a part in the transition to Microsoft Teams
  • Managing organizational settings within Microsoft Teams
  • And understand what coexistence means and the different modes which can be used during a Teams deployment

Intended Audience

  • Users looking to learn about deployments and coexistence in Microsoft 365.


  • Have a basic understanding of device management in Microsoft 365

To understand authentication, we must first have an understanding of the identity models available and supported by Microsoft Teams. There are three possible identity models, which are: Cloud Identity, Synchronized Identity, and Federated Identity. The cloud identity is an example of a cloud only model, where users are created and managed in Azure Active Directory.

Since there is no need for hybrid connectivity to an on-premises server, everything from users to licenses are all managed through the Microsoft 365 Admin Center. Synchronized and Federated Identity, on the other hand, are both examples of hybrid models.

Within the synchronized identity model, the user is managed by an on-premises server. The password hash and the account are both synchronized to the cloud utilizing Azure Active Directory connect. This enables users to use the same password for both the on-premises server and cloud resources as everything is synced through Azure AD. The Federated Identity is similar, as it requires a synchronized identity. However, that synchronized identity is verified by third-party identity provider rather than Azure Active Directory. Similarly, the password hash doesn't sync with Azure AD as it is utilizing the third-party provider to authenticate against the on-premises Active Directory rather than Azure AD. Whatever authentication method your organization decides to use decides where users are managed. However, one thing remains the same and that is the management of user licenses.

Regardless of your identity model, the license management can be managed directly through the Microsoft 365 Admin Center. These permissions are restricted to administrators with the Microsoft 365 Global Administrator or user management administrator privileges. Administrators with these privileges have granular control over the purchased licenses they have available across the organization. For example, if an organization purchased and assigned a Microsoft 365 E5 license that includes Microsoft Teams but also includes many other licenses, an administrator could go into that E5 license and enable teams, but also disable any other license provided by the E5 license depending on their needs. Microsoft 365 admins can also utilize PowerShell to assign or remove licenses among users. For more information on license management with PowerShell, I have linked related documentation in the course material section down below.


About the Author
Learning Paths

Lee has spent most of his professional career learning as much as he could about PC hardware and software while working as a PC technician with Microsoft. Once covid hit, he moved into a customer training role with the goal to get as many people prepared for remote work as possible using Microsoft 365. Being both Microsoft 365 certified and a self-proclaimed Microsoft Teams expert, Lee continues to expand his knowledge by working through the wide range of Microsoft certifications.