25,230 questions
As long as they have the perms, they can direct assign.
You could always create a scheduled task that removes any direct assignment:
More:
Block ability to assign licenses directly to Azure users
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 71%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Rick Angel
216
Reputation points
We use group-based M365 licensing rather than assigning directly to users, but occasionally an IT admin will incorrectly assign directly to the user. Is it possible to block the ability to directly assign to a user while allowing license assignment to a security group? Thanks.