Customers have reported there are a few intermittent occurrences where the Office365 push profile update will fail with HTTP 400 error message: "License assignment cannot be done for user with invalid usage location." This is reported by the Microsoft Graph API remote server. It does not occur to all app user profile update pushes and occurs for only a few isolated app users.
 

Troubleshooting steps performed by Okta Admin/Azure AD Admin: 
 

1. In the Okta Admin Console, please check the impacted user's Office365 app user assignment and confirm whether the 'Usage Location' field is set to a valid usage location in the Okta app user profile, e.g., 'US'.
2. In the Azure AD Admin Console, please check on the target provisioned Azure AD user object, edit properties, and confirm whether the Usage Location is set to a valid usage location (matching Okta's O365 app user profile). 

In general, when this error occurs for a few specific impacted users, the Okta Admin can confirm from the Okta side if the user's Office365 app assignment has a valid Usage Location value set/mapped. However, when checked in the Azure AD Admin Console, it is noticed that the target provisioned Azure AD user's Usage Location was not being set (normally empty) based on Okta's app user assignment's Usage Location value. 
 

• Universal Sync method is selected but without any OnPrem AD integration created in Okta.
• Okta's Office365 app assignment has the correct Usage Location value, e.g., 'US' being set/mapped.
• The target Azure AD user does not already have a valid 'Usage Location' set in Azure AD.

• Okta Integration Network (OIN)
• Microsoft Office 365 Provisioning
• Universal Sync

As the error indicates, Microsoft has failed to detect the target AAD user object has the required valid Usage Location field value during the Okta -> Office365's push user profile update task while making the below API call: 
POST https://graph.microsoft.com/v1.0/users/{AAD user id}/microsoft.graph.assignLicense 

As a result, the Microsoft Graph API request will fail with an HTTP 400 bad request error, with the error message "License assignment cannot be done for user with invalid usage location." usageLocation is a required property field that Microsoft uses for the license assignment validation check. 

This is explained by the following Microsoft documentation: 

• Microsoft Entra licensing
• UsageLocation

Please have the Okta Administrator work with the Azure AD Administrator to ensure a valid usage location has been configured for the corresponding impacted Azure AD user (or all active Azure AD users) found in the Azure AD user directory. 

1. Set Usage Location in the Azure AD user object Manually in Azure AD Admin Console page:

2. Click on Edit Properties, locate the Usage Locale field, and make sure a valid value is listed/selected. If it is not currently set, please set it as necessary.

3. To perform a bulk update of the usage location for Azure AD users, please read:​​​​​​​
   • How to update Usage Location for users in Entra ID in Bulk, based on On-Premises Organizational Unit
4. After it has been confirmed a valid Azure AD usage location, e.g., 'US' was updated in the target Azure AD user object, please then navigate back to Okta Admin Console > Dashboard > Tasks > locate the previous failed profile update sync task, select and click on Retry selected task. The push profile update to Office365 will be completed successfully this time.