Find Shared Mailboxes with License using PowerShell
In an organization, shared mailboxes are created when multiple people need to access the same mailbox, such as product feedback, reception desk, etc. Users who can access a shared mailbox are called shared mailbox members. They can access the shared mailbox based on the permission given to them.
When Does Shared Mailboxes Need License?
Users must have an ‘Exchange Online license’ to access the shared mailbox, but shared mailbox do not require a license. However, Shared mailboxes require an ‘Exchange Online Plan 2’ license in the following scenarios.
- When the shared mailbox size is more than 50 GB
- To place a shared mailbox under litigation hold
- To use in-place archiving
If the shared mailboxes are not fallen under anyone of the above cases, you can remove the license from the shared mailboxes. So, you can reduce the license cost or make them available for onboarding users.
How to Get Shared Mailboxes with License:
Finding and removing unnecessary licenses on Shared mailboxes are always a tedious task for admins. Since the admin center has no direct way to find the ‘licensed shared mailboxes,’ PowerShell is the only solution. So, I considered writing a script that reduces Admin’s time in accessing license requirements for shared mailboxes.
By referring to the ‘Licensed shared mailboxes report,’ you can remove unnecessary license assignments from the shared mailboxes.
Download Script: FindLicensedSharedMailboxes.ps1
Script Highlights:
- The script uses modern authentication to connect to Exchange Online.
- The script can be executed with MFA enabled account too.
- Exports report results to CSV file.
- Automatically installs the EXO V2 (if not installed already) upon your confirmation.
- The script is scheduler-friendly. I.e., Credential can be passed as a parameter instead of saving inside the script.
Shared Mailboxes with License Report – Sample Output:
The script retrieves shared mailboxes’ UPN, Storage Size, Litigation Hold Status, In-place Archiving Status, and Assigned Licenses.
Script Execution Steps:
You can choose any one of the below methods based on your requirement.
Method 1: Execute the script with an MFA account
1 |
.\FindLicensedSharedMailboxes.ps1 |
Method 2: Execute the script using a non-MFA account
1 |
.\FindLicensedSharedMailboxes.ps1 -NoMFA |
Method 3: Execute the script by explicitly mentioning credentials (Scheduler-friendly).
To schedule the script in the Windows Task Scheduler, you can follow the below format,
1 |
.\FindLicensedSharedMailboxes.ps1 -NoMFA –UserName admin@contoso.com -Password XXX |
If the admin account has MFA, you need to disable MFA using the Conditional Access policy to use them in scheduling.
Remove License from Shared Mailbox using PowerShell:
Once you run the script, you will get a list of shared mailboxes with licenses. By using the report, you can identify the licensed shared mailboxes and remove them, if needed.
To remove the license from a shared mailbox, use the following code snippet.
1 2 |
$Licenses= (Get-MsolUser –UserPrincipalName <UPN>).licenses.accountSkuId Set-MsolUserLicense -UserPrincipalName <UPN> -RemoveLicenses $Licenses |
To remove license(s) from a list of shared mailboxes (I.e., input csv), run the following script.
1 2 3 4 5 6 7 |
$SMBs=Import-CSV -Header 'UPN' <CSVFilePath> foreach($SMB in $SMBs) { $UPN=$SMB.UPN $Licenses=(Get-MsolUser -UserPrincipalName $UPN).licenses.accountSkuId Set-MsolUserLicense -UserPrincipalName $UPN -RemoveLicenses $Licenses } |
I hope this blog will help you to find and remove/revoke unnecessary licenses on shared mailboxes. Which method do you use in your organization to find unused licenses? Share your experience in the comment section.