The Set-MgUserLicense cmdlet is a powerful tool for managing licenses assigned to users in Microsoft 365. It allows you to add or remove licenses from users based on the license's SKU ID. This approach works well for scenarios where you need to manage licenses for single users or bulk remove them from multiple users using CSV.
Set-MgUserLicense -UserId <String> [-AddLicenses <List>] [-RemoveLicenses <List>] [-WhatIf] [-Confirm]
This command will remove the license corresponding to the specified SkuId from the user john.doe@domain.com.
$removeLicenses = @("6c933073-e02b-4a67-b80f-d733735a2ba2")
Set-MgUserLicense -UserId "john.doe@domain.com" -AddLicenses @() -RemoveLicenses $removeLicenses
This script removes the specified licenses for multiple users by iterating through their UserId and SkuId.
$users = @(
@{UserId = "user1@domain.com"; SkuId = "6c933073-e02b-4a67-b80f-d733735a2ba2"}
@{UserId = "user2@domain.com"; SkuId = "1d1a73c5-bc35-4973-a4e6-f7b0f3a7b3d9"}
)
foreach ($user in $users) {
Set-MgUserLicense -UserId $user.UserId -AddLicenses @() -RemoveLicenses @($user.SkuId)
}
This script will remove licenses for each user as specified in the CSV file.
$csvData = Import-Csv -Path "C:\LicenseRemovals.csv"
foreach ($row in $csvData) {
Set-MgUserLicense -UserId $row.UserId -AddLicenses @() -RemoveLicenses @($row.SkuId)
}
The CSV should have the following structure:
UserId | SkuId |
user1@domain.com | 6c933073-e02b-4a67-b80f-d733735a2ba2 |
user2@domain.com | 1d1a73c5-bc35-4973-a4e6-f7b0f3a7b3d9 |
user3@domain.com | 8e7a13d2-16c9-4e59-830a-3d991a0b19a5 |
Error | Cause | Solution |
InvalidLicenseSku | The SkuId provided does not match any SKU assigned to the user. | Ensure that the correct SkuId is provided by checking the user’s assigned licenses using:Get-MgUser -UserId "john.doe@domain.com" | Select-Object -ExpandProperty AssignedLicenses |
UserNotFound | The UserId specified does not exist or is incorrectly formatted. | Double-check the UserId format or use the Object ID if UPN is failing. |
Insufficient Privileges | The account running the script does not have sufficient privileges to manage licenses for the specified users. | Ensure the account has the appropriate roles (e.g., Global Administrator or License Administrator) to manage licenses. |
Set-MgUserLicense
Requires -RemoveLicenses
to Be Explicitly Defined-RemoveLicenses
parameter must be provided. Skipping it will result in a 400 Bad Request
error. Always specify it with the appropriate SkuId
or use an empty hashtable if you're not removing anything.
Get-MgSubscribedSku
to Retrieve Valid License IDs for RemovalGet-MgSubscribedSku
to get the accurate SkuId
assigned to your tenant.
Avoid using hardcoded GUIDs — tenant-specific license IDs help ensure smooth execution and fewer errors during license updates.
When using Set-MgUserLicense
, Microsoft Graph does not automatically check for service plan conflicts (e.g., assigning overlapping plans like Exchange Online Plan 1 and Plan 2). It’s your responsibility to validate that the assigned license doesn’t conflict with existing service plans—otherwise, the user might end up with broken or incomplete access.
The Remove-MgUserLicenseDetail cmdlet is a powerful tool for managing and optimizing licenses across your Microsoft 365 environment. Whether you are handling a single license removal or performing a bulk operation, this cmdlet provides flexibility and control over your license management processes. By implementing proper error handling and using best practices like the -WhatIf parameter, you can ensure smooth license management across your organization.
This cmdlet helps in maintaining compliance, streamlining offboarding processes, and reducing unnecessary costs associated with unused or expired licenses. Always ensure you have the correct LicenseDetailsId and user details to avoid errors in your scripts.
© m365corner.com. All Rights Reserved. Design by HTML Codex