Find Shared Mailboxes with License using PowerShell

Users must have an ‘Exchange Online license’ to access the shared mailbox, but shared mailbox do not require a license. However, Shared mailboxes require an ‘Exchange Online Plan 2’ license in the following scenarios.

• When the shared mailbox size is more than 50 GB
• To place a shared mailbox under litigation hold
• To use in-place archiving
• Sign-in enabled shared mailboxes

Note – If a shared mailbox has sign-in enabled but lacks an Exchange Online license, it violates Microsoft’s licensing terms, thereby becoming a non-complaint shared mailbox. To avoid compliance violations, ensure that all sign-in-enabled shared mailboxes are appropriately licensed.

If the shared mailboxes are not fallen under anyone of the above cases, you can remove the license. So, you can reduce the license cost or make them available for onboarding users.

Finding and removing unnecessary licenses on Shared mailboxes are always a tedious task for admins. Since the admin center has no direct way to find the ‘licensed shared mailboxes,’ PowerShell is the only solution. So, I considered writing a script that reduces Admin’s time in accessing license requirements for shared mailboxes.

By referring to the ‘Licensed shared mailboxes report,’ you can remove unnecessary license assignments from the shared mailboxes.

Download Script: FindLicensedSharedMailboxes.ps1

• The script uses modern authentication to connect to Exchange Online.
• The script can be executed with MFA enabled account too.
• Exports report results to CSV file.
• Automatically installs the EXO V2 (if not installed already) upon your confirmation.
• The script is scheduler-friendly. I.e., Credential can be passed as a parameter instead of saving inside the script.

The script retrieves shared mailboxes’ UPN, Storage Size, Litigation Hold Status, In-place Archiving Status, and Assigned Licenses.

You can choose any one of the below methods based on your requirement.

Method 1: Execute the script with an MFA account

Tip – You can use the PowerShell script to get all types of mailboxes in Microsoft 365.

Method 2: Execute the script using a non-MFA account

Method 3: Execute the script by explicitly mentioning credentials (Scheduler-friendly).

To schedule the script in the Windows Task Scheduler, you can follow the below format,

If the admin account has MFA, you need to disable MFA using the Conditional Access policy to use them in scheduling.

Once you run the script, you will get a list of shared mailboxes with licenses. By using the report, you can identify the licensed shared mailboxes and remove them, if needed. In addition to the above script, checking the shared mailbox size, including both the full capacity and the current filled size, also makes sense when optimizing licenses.

Before running the below script, you must connect to MS Graph PowerShell.

To remove the license from a shared mailbox, use the following code snippet.

To remove license(s) from a list of shared mailboxes (I.e., input csv), run the following script.

Since the Set-MsolUserLicense cmdlet is deprecated, we have used MS Graph PowerShell cmdlets like Get-MgUser, Set-MgUserLicense.

Not a fan of PowerShell? No worries! We have an alternative solution to meet your needs.

AdminDroid gives you detailed reports on Microsoft 365 shared mailboxes from which you can get the license details of each mailbox. You can also find other details listed below.

• In-place hold
• Litigation hold
• Archive status
• Shared mailbox members
• Shared mailbox size
• Shared mailbox permission
• Shared mailbox forwarding
• Inbox rules in Shared mailboxes, etc.

Additionally, you can visualize crystal-clear email analytics in Shared mailboxes, including but not limited to

• Shared mailbox daily / hourly / monthly traffic
• Total mails received per hour & per day
• Overall external & internal shared mailbox traffic
• Daily peak hours by mails sent & received
• Daily peak hours by internal & external mails sent
• Daily peak hours by internal & external mails received
• Peak days based on mails sent & received
• Peak days by internal & external mails sent
• Peak days by internal & external mails received

Likewise, you will get slack hours and slack days analysis too.

Apart from shared mailbox details, AdminDroid Exchange Online reporting tool provides detailed reports and valuable insights on user mailboxes, mailbox configurations, mailbox auditing, mailbox permissions, and more.

• You don’t need to play hard with different PowerShell cmdlets to retrieve data.
• Take advantage of scheduling the report to monitor data anywhere at any time through your email.
• Stay informed of crucial activities that need instant monitoring and response using the ‘Alerting’ feature.
• Dig out the report data to get the desired results and save your filtered data for future use using ‘Views’.
• Don’t provide global admin roles to view data. Delegate admin roles to users based on their tasks to achieve the least privileged access.

Utilize AdminDroid’s tremendous feature and elevate your Exchange Online management as never before!

Want to unlock the full potential of AdminDroid’s 1600+ reports with interactive visualizations? Stop thinking and explore AdminDroid Microsoft 365 reporting tool today!

I hope this blog will help you to find and remove/revoke unnecessary licenses on shared mailboxes as well as to monitor shared mailbox details using AdminDroid. Which method do you use in your organization to find unused licenses? Share your experience in the comment section.