Removing M365 User License Using Set-MgUserLicense

The Set-MgUserLicense cmdlet is a powerful tool for managing licenses assigned to users in Microsoft 365. It allows you to add or remove licenses from users based on the license's SKU ID. This approach works well for scenarios where you need to manage licenses for single users or bulk remove them from multiple users using CSV.

Syntax

Set-MgUserLicense -UserId <String> [-AddLicenses <List>] [-RemoveLicenses <List>] [-WhatIf] [-Confirm] 
  • -UserId: The unique identifier (Object ID or UPN) of the user whose license you want to modify.
  • -AddLicenses: The list of SKU IDs to be added to the user.
  • -RemoveLicenses: The list of SKU IDs to be removed from the user.
  • -WhatIf: Simulates the command without executing any changes.
  • -Confirm: Prompts for confirmation before executing the command.

Usage Examples

Example 1: Single License Removal

This command will remove the license corresponding to the specified SkuId from the user john.doe@domain.com.

$removeLicenses = @("6c933073-e02b-4a67-b80f-d733735a2ba2")
Set-MgUserLicense -UserId "john.doe@domain.com" -AddLicenses @() -RemoveLicenses $removeLicenses

Example 2: Removing Multiple Licenses for Different Users

This script removes the specified licenses for multiple users by iterating through their UserId and SkuId.

$users = @(
    @{UserId = "user1@domain.com"; SkuId = "6c933073-e02b-4a67-b80f-d733735a2ba2"}
    @{UserId = "user2@domain.com"; SkuId = "1d1a73c5-bc35-4973-a4e6-f7b0f3a7b3d9"}
)

foreach ($user in $users) {
    Set-MgUserLicense -UserId $user.UserId -AddLicenses @() -RemoveLicenses @($user.SkuId)
}

Example 3: Bulk Removal via CSV

This script will remove licenses for each user as specified in the CSV file.

$csvData = Import-Csv -Path "C:\LicenseRemovals.csv"

foreach ($row in $csvData) {
    Set-MgUserLicense -UserId $row.UserId -AddLicenses @()  -RemoveLicenses @($row.SkuId)
}

The CSV should have the following structure:

UserId SkuId
user1@domain.com 6c933073-e02b-4a67-b80f-d733735a2ba2
user2@domain.com 1d1a73c5-bc35-4973-a4e6-f7b0f3a7b3d9
user3@domain.com 8e7a13d2-16c9-4e59-830a-3d991a0b19a5

Cmdlet Tips

  • Use -WhatIf First: Before making changes, especially in bulk operations, use the -WhatIf parameter to simulate the command and review its impact.
  • License SKU IDs: Always ensure you are working with the correct SkuId. You can retrieve the available SKUs using the Get-MgSubscribedSku cmdlet.
  • Error Handling: Use error-handling techniques such as Try-Catch blocks in large scripts to ensure the script continues even if an error occurs for a specific user.

Possible Errors and Solutions

Error Cause Solution
InvalidLicenseSku The SkuId provided does not match any SKU assigned to the user. Ensure that the correct SkuId is provided by checking the user’s assigned licenses using:Get-MgUser -UserId "john.doe@domain.com" | Select-Object -ExpandProperty AssignedLicenses
UserNotFound The UserId specified does not exist or is incorrectly formatted. Double-check the UserId format or use the Object ID if UPN is failing.
Insufficient Privileges The account running the script does not have sufficient privileges to manage licenses for the specified users. Ensure the account has the appropriate roles (e.g., Global Administrator or License Administrator) to manage licenses.

Use Cases

  • License Management During Offboarding: When offboarding users, it's essential to remove unnecessary licenses to free up resources and avoid unnecessary costs. This cmdlet allows you to easily remove specific licenses from a user account.
  • Ensuring License Compliance: If a user no longer requires a particular license for an application or service, the cmdlet can be used to ensure that the organization's licenses are being utilized efficiently.
  • Bulk Cleanup of Expired or Unnecessary Licenses: For organizations that manage licenses for a large user base, this cmdlet can automate the cleanup process. You can use it to remove licenses in bulk via CSV, making it easier to manage large environments.

Frequently Asked Questions

  • Can I remove a license without using -AddLicenses?
    Yes. If you're only removing a license, you can skip -AddLicenses, but you must include -RemoveLicenses with the appropriate SkuId.
  • What happens if I omit -RemoveLicenses?
    The command will fail with a 400 Bad Request or similar error. This parameter is mandatory, even when you’re not adding any licenses.
  • How do I find the correct SkuId to remove?
    Use the Get-MgSubscribedSku cmdlet. It lists all licenses in your tenant along with their SkuId values, which you can use for removal or assignment.
  • Can I remove multiple licenses at once?
    Yes. Pass multiple SkuId values as a comma-separated array inside -RemoveLicenses. This allows you to revoke several licenses in a single operation.
⚠️ Set-MgUserLicense Requires -RemoveLicenses to Be Explicitly Defined

The -RemoveLicenses parameter must be provided. Skipping it will result in a 400 Bad Request error. Always specify it with the appropriate SkuId or use an empty hashtable if you're not removing anything.
🧠 Use Get-MgSubscribedSku to Retrieve Valid License IDs for Removal

Before removing a license, use Get-MgSubscribedSku to get the accurate SkuId assigned to your tenant. Avoid using hardcoded GUIDs — tenant-specific license IDs help ensure smooth execution and fewer errors during license updates.
License Assignment Doesn’t Validate Service Plan Conflicts

When using Set-MgUserLicense, Microsoft Graph does not automatically check for service plan conflicts (e.g., assigning overlapping plans like Exchange Online Plan 1 and Plan 2). It’s your responsibility to validate that the assigned license doesn’t conflict with existing service plans—otherwise, the user might end up with broken or incomplete access.


Conclusion

The Remove-MgUserLicenseDetail cmdlet is a powerful tool for managing and optimizing licenses across your Microsoft 365 environment. Whether you are handling a single license removal or performing a bulk operation, this cmdlet provides flexibility and control over your license management processes. By implementing proper error handling and using best practices like the -WhatIf parameter, you can ensure smooth license management across your organization.

This cmdlet helps in maintaining compliance, streamlining offboarding processes, and reducing unnecessary costs associated with unused or expired licenses. Always ensure you have the correct LicenseDetailsId and user details to avoid errors in your scripts.


Additional Resources:

Graph PowerShell Set-MgUserLicense Cmdlet Documentation
Microsoft Graph PowerShell Module Documentation
Microsoft Graph API Documentation

Related Articles:

Using Get-MgDirectoryRole in Graph PowerShell
Using Get-MgUserLicenseDetail in Graph PowerShell
Using Find-GraphMgCommand in Graph PowerShell
Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Using Powershell Graph Filter Query
Using Where-Object In Graph PowerShell
Using Expand Property In Graph PowerShell
Using Select Object In Graph PowerShell
Using -Contains Operator In Graph PowerShell
Add User to Multiple Microsoft 365 Groups Using Graph PowerShell
Get Microsoft 365 User Location Using Graph PowerShell
Import Microsoft 365 Groups from CSV File Using Graph PowerShell
Microsoft 365 Group User Import Using Graph PowerShell

© m365corner.com. All Rights Reserved. Design by HTML Codex