Get mailbox users without ATP License

Mark Louie Diaz · ‎Aug 29 2018

Vasil Michev · ‎Aug 29 2018

This isn't google, and we are not mind readers, so can you maybe share some more details on what you are trying to achieve? And are you talking about the standalone ATP SKU, or ATP as part from E5?

In general, ATP licenses do not need to be assigned to users, so you just need to make sure you have enough licenses available in the tenant.

You can get a list of all users with or without a specific license from the O365 admin portal -> Users -> click the View dropdown -> custom view. It might be easier to just use PowerShell though:

Get-MsolUser -All | ? {$_.Licenses.ServiceStatus | ? {$_.ServicePlan.ServiceName -eq "ATP_ENTERPRISE" -and $_.ProvisioningStatus -ne "Success"}}

Mark Louie Diaz · ‎Aug 29 2018

Hi Vasil,

Regret for the body of this.

Our company has stand alone ATP. Tried your script but it doesn't work check because the provisioning of her atp is ongoing.

i have user showed up and she has atp assigned to her.

Best Regards,

Mark

Vasil Michev · ‎Aug 29 2018

As I said, we're not mind readers here. My example assumes that you have ATP as part of E5, if you have the standalone license just query for the presence of the relevant SKU. If you don't know the SKUID, you can get it via Get-MsolAccountSku.

Mark Louie Diaz · ‎Aug 30 2018

Hi Vasil,

It will only return me users that has ATP license. Hope you could help me the other way arround. Users without ATP.

Best Regards,

Mark

Vasil Michev · ‎Aug 30 2018

Simply use the "not" operator to get the "opposite" result set?

Mark Louie Diaz · ‎Aug 31 2018

Hi Vasil,

Tried this attached but it returns users with ATP_ENTERPRISE

Navishkar Sadheo · ‎Aug 31 2018

In general, ATP licenses do not need to be assigned to users, so you just need to make sure you have enough licenses available in the tenant. @Vasil Michev Thanks for clearing that up.

Mark Louie Diaz · ‎Aug 31 2018

Hi Navishkar,

Now we ran out of ATP.

That's why management need to know who doesn't have yet. to Procure additional more.

Best Regards,

Mark

Navishkar Sadheo · ‎Aug 31 2018

I hear you. I recently implemented some ATP policies on my tenant as well and was really confused as to how to assign the licenses. Eventually I created an Azure security group with dynamic membership. I said everyone that has an E3 license should be added to that group. Then I went an assigned ATP licenses to that group. So in theory anyone that has an E3 license will automatically get an ATP license.

I then later discovered that there is no need to assign ATP licenses, you just need to have them in your tenant so I ended up scrapping that Azure security group. (headbang)

A good rule of thumb should be to have the number of ATP licenses match your E3 licenses that way everything can match up.

Vasil Michev · ‎Aug 31 2018

You need to be looking at the AccountSkuId property:

Get-MsolUser -All | ? {$_.Licenses.AccountSkuId -ne "tenant:ATP_ENTERPRISE"}

as this will return unlicensed users as well, you might prefer the below:

Get-MsolUser -All | ? {$_.Licenses.AccountSkuId -ne "tenant:ATP_ENTERPRISE" -and $_.IsLicensed}

Get mailbox users without ATP License

Get mailbox users without ATP License

Re: Get mailbox users without ATP License

Re: Get mailbox users without ATP License

Re: Get mailbox users without ATP License

Re: Get mailbox users without ATP License

Re: Get mailbox users without ATP License

Re: Get mailbox users without ATP License

Re: Get mailbox users without ATP License

Re: Get mailbox users without ATP License

Re: Get mailbox users without ATP License

Re: Get mailbox users without ATP License

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Get mailbox users without ATP License