Remove Yammer, Power Apps and Flow licenses from all users in Office365

There are organizations that don’t need or are not allowed to use certain services provided by Office365, such as:

  • FLOW_O365_P3
  • POWERAPPS_O365_P3
  • TEAMS1
  • ADALLOM_S_O365
  • EQUIVIO_ANALYTICS
  • LOCKBOX_ENTERPRISE
  • EXCHANGE_ANALYTICS
  • SWAY
  • ATP_ENTERPRISE
  • MCOEV
  • MCOMEETADV
  • BI_AZURE_P2
  • INTUNE_O365
  • PROJECTWORKMANAGEMENT
  • RMS_S_ENTERPRISE
  • YAMMER_ENTERPRISE
  • OFFICESUBSCRIPTION
  • MCOSTANDARD
  • EXCHANGE_S_ENTERPRISE
  • SHAREPOINTENTERPRISE
  • SHAREPOINTWAC

Bellow you may find a script that removes Yammer, Sway, Power Apps and Flow plans from all the licenses assigned to all the users in Office365.
Just fill in the $UndesiredPlans variable with plan names excerpts.

Connect-MsolService
#Get All Licensed Users
$users = Get-MsolUser | Where-Object {$_.isLicensed -eq $true}
$users.Count
$UndesiredPlans = "YAMMER", "SWAY", "FLOW", "POWERAPPS" #this assumes that the rest of the plans are desired within the license
#Loop through each user
foreach ($user in $users){
    Write-Host "Checking " $user.UserPrincipalName -foregroundcolor "Cyan"
    $CurrentSku = $user.Licenses.Accountskuid
    #If more than one SKU, Have to check them all!
    if ($currentSku.count -gt 1){
        Write-Host $user.UserPrincipalName "Has more than one license assigned. Looping through all of them." -foregroundcolor "White"
        for($i = 0; $i -lt $currentSku.count; $i++){
            #Loop through Each SKU to see if one of their services has the keywords inside
            $CurrentServicesInCurrentSKU = $null #make sure it's fresh for new content
            $CurrentServicesInCurrentSKU = $user.Licenses[$i].ServiceStatus.ServicePlan.ServiceName #get all the services
            #build an exact list of services to be disabled as defined in the current plan
            $CurrentServicesInCurrentSKUToBeDisabled = $null
            $CurrentServicesInCurrentSKUToBeDisabled = @()
            foreach ($UndesiredPlan in $UndesiredPlans){
                    if ($CurrentServicesInCurrentSKU -like "*$UndesiredPlan*"){
                        $CurrentServicesInCurrentSKUToBeDisabled += $CurrentServicesInCurrentSKU -like "*$UndesiredPlan*"
                    }
            }
            Write-Host "Disabling:" ([system.String]::Join(", ", $CurrentServicesInCurrentSKUToBeDisabled)) "from:" $user.Licenses[$i].AccountSkuId -ForegroundColor Green
            $NewSkU = $null
            $NewSkU = New-MsolLicenseOptions -AccountSkuId $user.Licenses[$i].AccountSkuid -DisabledPlans $CurrentServicesInCurrentSKUToBeDisabled
            Set-MsolUserLicense -UserPrincipalName $user.UserPrincipalName -LicenseOptions $NewSkU
        }
    }
    #Otherwise, just disable the functionality from the only existing SKU.
    else{
        $CurrentServicesInCurrentSKU = $null #make sure it's fresh for new content
        $CurrentServicesInCurrentSKU = $user.Licenses.ServiceStatus.ServicePlan.ServiceName #get all the services
        #build an exact list of services to be disabled as defined in the current plan
        $CurrentServicesInCurrentSKUToBeDisabled = $null
        $CurrentServicesInCurrentSKUToBeDisabled = @()
        foreach ($UndesiredPlan in $UndesiredPlans){
                if ($CurrentServicesInCurrentSKU -like "*$UndesiredPlan*"){
                    $CurrentServicesInCurrentSKUToBeDisabled += $CurrentServicesInCurrentSKU -like "*$UndesiredPlan*"
                }
        }
        Write-Host "Disabling:" ([system.String]::Join(", ", $CurrentServicesInCurrentSKUToBeDisabled)) "from:" $user.Licenses.AccountSkuId -ForegroundColor Green
        $NewSkU = $null
        $NewSkU = New-MsolLicenseOptions -AccountSkuId $user.Licenses.AccountSkuid -DisabledPlans $CurrentServicesInCurrentSKUToBeDisabled
        Set-MsolUserLicense -UserPrincipalName $user.UserPrincipalName -LicenseOptions $NewSkU
    }
Write-host "----------------"
}

 

Effects of users` license removal after a cutover migration

We recently performed a migration from an Exchange 2013 farm to Exchange Online, hosted in Office365. The migration method used was cutover migration.
There were roughly 190 users and cca. 400 mailboxes to be cloud synced.
Everything went ok until the moment when we needed to assign licenses to users (of course after Azure AD connect tool finished its duty).
When a cutover migration happens, it copies fully and then incrementally all the mailboxes from on-premises to Office365 and also it creates the users in Azure AD. Well, when the users are created, they are also mapped either as User Principal Names on one or more mailboxes or they are delegated to open certain mailboxes, exactly as they are set in on-premises.
Also, an Office365 user license is assigned to the respective users.
Should you decide that the assigned license is not the right one for the users, don’t remove the license and assign a new license, but rather replace the users` licenses with another one.
As soon as an user doesn’t have anymore a license that grants access to Exchange Online, all the mailboxes he used to have access to, will be tombstone-deleted.
Assigning back an Exchange online compatible license to an user is restoring only it’s main mailbox, in a best effort from Microsoft. Not all the mailboxes the user has had access to.
So don’t forget: always replace a license, don’t retract one to set another one.
See you later,
Bogdan Grozoiu