Using Get-MgUser with Get-MgUserLicenseDetail: To Find License Assignments for Users

Managing license assignments in Microsoft 365 is crucial for ensuring that users have access to the tools they need while optimizing costs. The Get-MgUser cmdlet retrieves user information, while the Get-MgUserLicenseDetail cmdlet provides detailed insights into the licenses and service plans assigned to users. By combining these cmdlets, administrators can efficiently audit license usage, generate detailed reports, and identify optimization opportunities.

This article explains how to pair these cmdlets to manage license assignments effectively.

Usage Examples

Example 1: List All Users with Their Assigned Licenses

# Retrieve all users and their license details
$users = Get-MgUser -All
foreach ($user in $users) {
        $licenses = Get-MgUserLicenseDetail -UserId $user.Id
        foreach ($license in $licenses) {
                [PSCustomObject]@{
                    UserPrincipalName = $user.UserPrincipalName
                    SkuId            = $license.SkuId
                    SkuPartNumber    = $license.SkuPartNumber
                    ServicePlans     = ($license.ServicePlans | Select-Object -ExpandProperty ServicePlanName) -join ", "
                }
        }
}                           

By looping through all users retrieved with Get-MgUser, the script collects license details for each user. This enables administrators to build a comprehensive audit report.

Example 2: Export License Assignments for All Users to a CSV File

# Export user license details to a CSV
$users = Get-MgUser -All
$licenseReport = @()
                                
foreach ($user in $users) {
        $licenses = Get-MgUserLicenseDetail -UserId $user.Id
        foreach ($license in $licenses) {
            $licenseReport += [PSCustomObject]@{
                UserPrincipalName = $user.UserPrincipalName
                DisplayName       = $user.DisplayName
                SkuPartNumber     = $license.SkuPartNumber
                AssignedPlans     = ($license.ServicePlans | Select-Object -ExpandProperty ServicePlanName) -join ", "
                }
        }
}
                                
$licenseReport | Export-Csv -Path "UserLicenseDetails.csv" -NoTypeInformation                 

Exporting data to a CSV allows you to analyze the data further using Excel or share it with stakeholders.

Use Cases

  • Retrieve License Details for Individual Users: As an administrator, you might need to verify which licenses are assigned to a specific user. This includes understanding the SKU (Stock Keeping Unit) details, such as product names and the service plans enabled under the license. For example, you can quickly check if a user has an Exchange Online license or if Microsoft Teams is enabled for them.
  • Audit License Assignments Across the Organization: License audits are essential for ensuring compliance and identifying inefficiencies. By looping through all users in your organization and retrieving their license details, you can build a comprehensive report. This helps you answer key questions such as: who has which license?, which users have specific service plans enabled?, and Are there any discrepancies in license assignments?.
  • Export License Assignment Data for Analysis: Often, you need to share license assignment data with stakeholders or analyze it using tools like Excel. Exporting this data to a CSV file provides an organized and shareable format. This is particularly helpful for presenting insights during budget discussions or license renewal planning.
  • Monitor and Optimize License Usage:Identifying unused or underused licenses is a practical way to optimize costs. For example, if certain licenses are assigned to users who no longer need them, you can reassign these licenses to others or consider downgrading their plans.

Tips and Best Practices

  • Use Filters for Better Performance: If your tenant has many users, apply filters to narrow down the results. For example:
  • $users = Get-MgUser -Filter "Department eq 'IT'" -All
  • Handle Null Values in Service Plans: Some users may not have service plans under their licenses. Add a check to avoid errors:
  • ServicePlans = if ($license.ServicePlans) {
        ($license.ServicePlans | Select-Object -ExpandProperty ServicePlanName) -join ", "
    } else {
        "No Service Plans"
    }
    
  • Ensure Permissions: The account running these scripts must have the User.Read.All and Directory.Read.All permissions assigned.

Possible Errors & Solutions

Error Cause Solution
Insufficient privileges to complete the operation. Missing permissions like User.Read.All or User.ReadWrite.All. Grant the required permissions in Azure AD for the application or account running the script.
The user does not have any licenses assigned. The user doesn’t have a license. Add these users to a "No License Assigned" report for further review.
Request is too large to process. Fetching too much data at once. Retrieve users in smaller batches or apply specific filters to limit the dataset.

Conclusion

Combining Get-MgUser and Get-MgUserLicenseDetail is a powerful way to manage and audit license assignments in Microsoft 365. These cmdlets allow you to identify licensing inefficiencies, export detailed reports, and ensure proper license allocation across your organization. Start using these techniques today to simplify your license management workflows and optimize costs.

© m365corner.com. All Rights Reserved. Design by HTML Codex