This happens as a result of the user being provisioned onto the Metacompliance App before their mailbox is set up with licences assigned. Below is a guide to set a rule for the group not to be added until an O365 licence is assigned.
Use group-based licensing with dynamic groups
You can use group-based licensing with any security group, which means it can be combined with Azure AD dynamic groups. Dynamic groups run rules against user resource attributes to automatically add and remove users from groups.
For example, you can create a dynamic group for some set of products you want to assign to users. Each group is populated by a rule adding users by their attributes, and each group is assigned the licences that you want them to receive. You can assign the attribute on-premises, and sync it with Azure AD, or you can manage the attribute directly in the cloud.
Licences are assigned to the user shortly after they are added to the group. When the attribute is changed, the user leaves the groups, and the licences are removed.
Consider the example of an on-premises identity management solution that decides which users should have access to Microsoft web services. It uses extensionAttribute1 to store a string value representing the licences the user should have. Azure AD Connect syncs it with Azure AD.
Users might need one licence, but not another, or might need both. Here's an example in which you are distributing Office 365 Enterprise E5 and Enterprise Mobility + Security (EMS) licences to users in groups:
Office 365 Enterprise E5: base services
Enterprise Mobility + Security: licensed users
For this example, modify one user, and set their extensionAttribute1 to the value of
EMS;E5_baseservices; if you want the user to have both licences. You can make this modification on-premises. After the change syncs with the cloud, the user is automatically added to both groups, and licences are assigned.
Use caution when modifying an existing group’s membership rule. When a rule is changed, the membership of the group will be re-evaluated, and users who no longer match the new rule will be removed. (Users who still match the new rule will not be affected during this process). Those users will have their licences removed during the process, which may result in loss of service, or in some cases, loss of data.
If you have a large dynamic group you depend on for licence assignment, consider validating any major changes on a smaller test group before applying them to the main group.