M365Corner
PowerShell

Using Get-MgUser with Get-MgUserLicenseDetail: To Find License Assignments for Users

Managing license assignments in Microsoft 365 is crucial for ensuring that users have access to the tools they need while optimizing costs. The Get-MgUser cmdlet retrieves user information, while the Get-MgUserLicenseDetail cmdlet provides detailed insights into the licenses and service plans assigned to users. By combining these cmdlets, administrators can efficiently audit license usage, generate detailed reports, and identify optimization opportunities.

This article explains how to pair these cmdlets to manage license assignments effectively.

Usage Examples

Example 1: List All Users with Their Assigned Licenses

# Retrieve all users and their license details
$users = Get-MgUser -All
foreach ($user in $users) {
        $licenses = Get-MgUserLicenseDetail -UserId $user.Id
        foreach ($license in $licenses) {
                [PSCustomObject]@{
                    UserPrincipalName = $user.UserPrincipalName
                    SkuId            = $license.SkuId
                    SkuPartNumber    = $license.SkuPartNumber
                    ServicePlans     = ($license.ServicePlans | Select-Object -ExpandProperty ServicePlanName) -join ", "
                }
        }
}

By looping through all users retrieved with Get-MgUser, the script collects license details for each user. This enables administrators to build a comprehensive audit report.

Example 2: Export License Assignments for All Users to a CSV File

# Export user license details to a CSV
$users = Get-MgUser -All
$licenseReport = @()
                                
foreach ($user in $users) {
        $licenses = Get-MgUserLicenseDetail -UserId $user.Id
        foreach ($license in $licenses) {
            $licenseReport += [PSCustomObject]@{
                UserPrincipalName = $user.UserPrincipalName
                DisplayName       = $user.DisplayName
                SkuPartNumber     = $license.SkuPartNumber
                AssignedPlans     = ($license.ServicePlans | Select-Object -ExpandProperty ServicePlanName) -join ", "
                }
        }
}
                                
$licenseReport | Export-Csv -Path "UserLicenseDetails.csv" -NoTypeInformation

Exporting data to a CSV allows you to analyze the data further using Excel or share it with stakeholders.

Use Cases

  • Retrieve License Details for Individual Users: As an administrator, you might need to verify which licenses are assigned to a specific user. This includes understanding the SKU (Stock Keeping Unit) details, such as product names and the service plans enabled under the license. For example, you can quickly check if a user has an Exchange Online license or if Microsoft Teams is enabled for them.
  • Audit License Assignments Across the Organization: License audits are essential for ensuring compliance and identifying inefficiencies. By looping through all users in your organization and retrieving their license details, you can build a comprehensive report. This helps you answer key questions such as: who has which license?, which users have specific service plans enabled?, and Are there any discrepancies in license assignments?.
  • Export License Assignment Data for Analysis: Often, you need to share license assignment data with stakeholders or analyze it using tools like Excel. Exporting this data to a CSV file provides an organized and shareable format. This is particularly helpful for presenting insights during budget discussions or license renewal planning.
  • Monitor and Optimize License Usage:Identifying unused or underused licenses is a practical way to optimize costs. For example, if certain licenses are assigned to users who no longer need them, you can reassign these licenses to others or consider downgrading their plans.

Tips and Best Practices

  • Use Filters for Better Performance: If your tenant has many users, apply filters to narrow down the results. For example:
    • $users = Get-MgUser -Filter "Department eq 'IT'" -All
  • Handle Null Values in Service Plans: Some users may not have service plans under their licenses. Add a check to avoid errors:
    • ServicePlans = if ($license.ServicePlans) {
    ($license.ServicePlans | Select-Object -ExpandProperty ServicePlanName) -join ", "
} else {
    "No Service Plans"
}
  • Ensure Permissions: The account running these scripts must have the User.Read.All and Directory.Read.All permissions assigned.

Possible Errors & Solutions

Error Cause Solution
Insufficient privileges to complete the operation. Missing permissions like User.Read.All or User.ReadWrite.All. Grant the required permissions in Azure AD for the application or account running the script.
The user does not have any licenses assigned. The user doesn’t have a license. Add these users to a "No License Assigned" report for further review.
Request is too large to process. Fetching too much data at once. Retrieve users in smaller batches or apply specific filters to limit the dataset.

Frequently Asked Questions

  • Can I retrieve license details for all users in one go using Get-MgUserLicenseDetail?
    No, Get-MgUserLicenseDetail requires a specific UserId. To retrieve license details for all users, you must first fetch users using Get-MgUser -All, then loop through each user to retrieve their license details.
  • What’s the difference between Get-MgUser and Get-MgUserLicenseDetail?
    Get-MgUser returns general user account properties like Display Name, UPN, and AccountEnabled status. Get-MgUserLicenseDetail provides detailed license and service plan information for each user.
  • Is there a way to correlate license SKUs to friendly names?
    Yes, use the Get-MgSubscribedSku cmdlet to get all available SKU IDs and their corresponding friendly names like "Office 365 E3", which can help interpret the raw license data from Get-MgUserLicenseDetail.
Use assignedLicenses/$count Filter to List User Licenses

To list users with assigned licenses, use the following filter with Get-MgUser: -Filter "assignedLicenses/$count ne 0" This allows you to retrieve licensed users directly without needing to query license details separately.
Use Get-MgUserLicenseDetail to See Service Plans Under Each License

This cmdlet provides detailed information about which Microsoft 365 services — like Exchange, Teams, or SharePoint — are included in each license assigned to a user. It’s ideal for auditing or troubleshooting license-based access issues.
💡 Combine with Export-Csv for License Auditing

The output of Get-MgUser -Property Id,DisplayName,UserPrincipalName | ForEach-Object { Get-MgUserLicenseDetail -UserId $_.Id } can be enhanced by piping the results into Select-Object and Export-Csv to generate comprehensive license audit reports.

This is especially useful for compliance reviews or quarterly audits.

Conclusion

Combining Get-MgUser and Get-MgUserLicenseDetail is a powerful way to manage and audit license assignments in Microsoft 365. These cmdlets allow you to identify licensing inefficiencies, export detailed reports, and ensure proper license allocation across your organization. Start using these techniques today to simplify your license management workflows and optimize costs.

Table of Contents

X

Table of Contents

© m365corner.com. All Rights Reserved. Design by HTML Codex