Managing licenses effectively in Microsoft Power Platform is crucial to optimize costs and ensure proper allocation of resources. Organizations often assign Power Apps, Power Automate, and Power BI licenses to users who no longer need them. Using PowerShell, you can identify and revoke unused Power Platform licenses, helping streamline license management.
This guide will cover:
Identifying users with unused Power Platform licenses
Revoking Power Apps, Power Automate, and Power BI licenses
Automating the process for continuous license management
Step 1: Prerequisites
1. Install Required PowerShell Modules
Ensure the necessary modules are installed for managing Power Platform licenses:
Install-Module AzureAD -Scope CurrentUser -Force
Install-Module MSOnline -Scope CurrentUser -Force
Install-Module Microsoft.Graph -Scope CurrentUser -Force
2. Connect to Microsoft 365
To retrieve user licenses, connect to Microsoft 365:
Connect-AzureAD
Connect-MsolService
Connect-MgGraph -Scopes User.Read.All, Organization.Read.All
You are now connected to Microsoft 365.
Step 2: Identify Users with Unused Power Platform Licenses
Retrieve all assigned Power Platform licenses
To list all users with Power Apps, Power Automate, and Power BI licenses:
Get-MgUser -All | ForEach-Object {
$user = $_
$licenses = Get-MgUserLicenseDetail -UserId $user.Id
$powerPlatformLicenses = $licenses | Where-Object { $_.SkuPartNumber -match "POWERAPPS|FLOW|POWERBI" }
if ($powerPlatformLicenses) {
[PSCustomObject]@{
UserPrincipalName = $user.UserPrincipalName
DisplayName = $user.DisplayName
Licenses = ($powerPlatformLicenses.SkuPartNumber -join ", ")
}
}
} | Export-Csv -Path "C:\PowerPlatform_Licenses.csv" -NoTypeInformation
This report shows all users who have Power Platform licenses.
Find users who haven’t used Power Platform services
To identify inactive Power Platform users in the last 90 days:
$startDate = (Get-Date).AddDays(-90).ToString("yyyy-MM-dd")
Search-UnifiedAuditLog -StartDate $startDate -EndDate (Get-Date) -RecordType PowerApps, Flow, PowerBI |
Group-Object -Property UserIds | Where-Object { $_.Count -eq 0 } |
Select-Object Name | Export-Csv -Path "C:\Unused_Licenses.csv" -NoTypeInformation
This report lists users who haven’t used Power Platform in 90 days.
Step 3: Revoke Unused Power Platform Licenses
Revoke Power Platform licenses from inactive users
Now, use the following script to remove unused licenses:
$unusedUsers = Import-Csv "C:\Unused_Licenses.csv"
foreach ($user in $unusedUsers) {
$userId = (Get-MgUser -UserPrincipalName $user.Name).Id
$licenses = Get-MgUserLicenseDetail -UserId $userId
$powerPlatformLicenses = $licenses | Where-Object { $_.SkuPartNumber -match "POWERAPPS|FLOW|POWERBI" }
foreach ($license in $powerPlatformLicenses) {
Remove-MgUserLicense -UserId $userId -AddLicenses @() -RemoveLicenses @($license.SkuId)
Write-Output "Revoked $($license.SkuPartNumber) from $($user.Name)"
}
}
Now, all unused Power Platform licenses are revoked!
Step 4: Automate License Revocation
To automate this process, schedule it using Task Scheduler.
Create a PowerShell Script File
Save the following script as Revoke_Licenses.ps1:
Connect-MgGraph -Scopes User.ReadWrite.All
$unusedUsers = Import-Csv "C:\Unused_Licenses.csv"
foreach ($user in $unusedUsers) {
$userId = (Get-MgUser -UserPrincipalName $user.Name).Id
$licenses = Get-MgUserLicenseDetail -UserId $userId
$powerPlatformLicenses = $licenses | Where-Object { $_.SkuPartNumber -match "POWERAPPS|FLOW|POWERBI" }
foreach ($license in $powerPlatformLicenses) {
Remove-MgUserLicense -UserId $userId -AddLicenses @() -RemoveLicenses @($license.SkuId)
Write-Output "Revoked $($license.SkuPartNumber) from $($user.Name)"
}
}
Write-Output "Unused Power Platform licenses revoked."
Schedule it in Task Scheduler
- Open Task Scheduler
- Click Create Basic Task
- Set a schedule (e.g., Monthly)
- Select Start a Program → PowerShell.exe
- Add script path:
-File "C:\Scripts\Revoke_Licenses.ps1" - Click Finish
Now, unused licenses will be automatically revoked on schedule!