Dex

๐Ÿ’ณ Recipe ยท Licensing & Cost Optimization

Bulk Remove All Licenses from Multiple M365 Users via Microsoft Graph

Reclaim Microsoft 365 SKUs from a list of users by looking up their current license assignments and calling assignLicense with a removeLicenses payload

Complexity

Intermediate

Impact

licensing + cost-optimization + offboarding + bulk-operation + graph-api

Context

Why This Matters

Removing licenses from users is a routine but high-impact task. Common triggers include offboarding, role changes, cost optimization reviews, converting users to shared mailboxes, or reclaiming unused SKUs flagged in a license utilization report.

The Microsoft 365 Admin Center supports this one user at a time, but when you have a list of 5, 50, or 500 users, a scripted approach against Microsoft Graph is far faster and auditable. This recipe walks through the full pattern: resolve each UPN to a user ID, enumerate currently assigned SKUs via licenseDetails, then POST to /users/{id}/assignLicense with the SKUs in removeLicenses.

Run this when you have a confirmed list of UPNs and you intend to remove all direct license assignments from those users. Licenses inherited from group-based licensing cannot be removed with this call โ€” you must remove the user from the licensing group instead.

Expected Outcomes

After completing this recipe you will have:

  • Verified each target user exists and resolved their object ID
  • A snapshot of every SKU assigned directly to each user (for rollback if needed)
  • All direct license assignments removed from the specified users
  • Released SKU seats returned to your tenant's available pool
  • A log/report of successes and failures per user

Risks & Considerations

Warnings and gotchas

  • Data loss risk: Removing an Exchange Online license starts a 30-day grace period, after which the mailbox is permanently deleted. Removing OneDrive licenses similarly triggers retention timers. Do not run against active users without a plan.
  • Group-based licenses: assignLicense with removeLicenses only removes direct assignments. If the user inherits the same SKU via a group, it will be reassigned immediately. Check assignedByGroup on each licenseDetails entry.
  • Teams and SharePoint access: Users will lose access to Teams, SharePoint, and most M365 services immediately after license removal.
  • Always capture a before-state of assigned SKUs so you can re-add them if removal was in error.
  • Test with one user first before running against the full list.
  • $expand=licenseDetails on /users is not supported by Graph โ€” you must fetch licenseDetails per user in a separate call or via $batch.

Required Permissions

PermissionWhy It's Needed
User.ReadWrite.AllRequired to call assignLicense and modify user license assignments
Directory.Read.AllRequired to read user objects and licenseDetails for each target user
Organization.Read.AllRecommended to resolve SKU IDs to friendly SKU part numbers in your reports

The fastest way to get this done โ€” just ask Dex. Copy the prompt below and paste it into your Dex conversation.

For IT Admins

Paste into Dex CoAdmin

Remove all licenses from the following M365 users: {user1}, {user2}, {user3}. First show me their current license assignments, then remove them and confirm.
Try in Dex CoAdmin