Enable Sensitivity label for Groups, Sites & Teams using PowerShell script

Enable Sensitivity label for Groups, Sites & Teams

No comments

Loading

In this article, we will learn how to enable sensitivity labels for groups, Sites and Teams step by step. Before that, we will little learn what is sensitivity label?

What is the sensitivity label in Microsoft 365?

In simple, it is a data classification that gets applied automatically or manually when we work with the Microsoft Office files either from the Office client or in the SharePoint document library browser.

Sensitivity label example in SharePoint document library

Apply sensitivity label on documents from SharePoint document library
Apply sensitivity label on documents from the SharePoint document library

By default, sensitivity label configuration is enabled for the files but it is disabled for the Groups & sites, so, here the discussion topic is how to enable sensitivity labels for Groups, Sites, and Teams.

Let’s login to the compliance center portal: https://compliance.microsoft.com/informationprotection

From the Information protection section, go for creating a sample sensitivity label.

After providing the Name & description of the sensitivity label, in the next step, we need to configure the scope of the sensitivity label. Here “Files & emails” will be selected by default but the “Groups & sites” scope will be in disabled mode.

Groups and Sites are in disabled mode in compliance center
Groups and Sites are in the disabled mode in the compliance center

But, in order to apply a sensitivity label for sites, teams & groups we must have this “Groups & sites” enabled – how to enable this?

Prerequisites

Run the below two commands in a sequence to install and import the AzureADPreview module:

  • Install-Module AzureADPreview
  • Import-Module AzureADPreview

How do we enable sensitivity labels for Groups & sites in the Microsoft compliance center?

Using the below PowerShell script, we can enable sensitivity labels for the Groups & sites in the Microsoft compliance center:


####The below script is used to enable the Sensitivity label creation in Microsoft 365 compliance center.

cls

$PSshell = Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorVariable err -ErrorAction SilentlyContinue
if($PSshell -eq $null)
{
Add-PSSnapin "Microsoft.SharePoint.PowerShell"
}

$fileName = "enableSensitibityLabelInMicrosoft365ComplianceCenter"

#'yyyyMMddhhmm yyyyMMdd
$enddate = (Get-Date).tostring("yyyyMMddhhmmss")
#$filename = $enddate + '_VMReport.doc'
$logFileName = $fileName +"_"+ $enddate+"_Log.txt"
$invocation = (Get-Variable MyInvocation).Value
$directoryPath = Split-Path $invocation.MyCommand.Path

$directoryPathForLog=$directoryPath+"\"+"LogFiles"
if(!(Test-Path -path $directoryPathForLog))
{
New-Item -ItemType directory -Path $directoryPathForLog
#Write-Host "Please Provide Proper Log Path" -ForegroundColor Red
}
#$logPath = $directoryPath + "\" + $logFileName

$logPath = $directoryPathForLog + "\" + $logFileName

$isLogFileCreated = $False

function Write-Log([string]$logMsg)
{
if(!$isLogFileCreated){
Write-Host "Creating Log File..."
if(!(Test-Path -path $directoryPath))
{
Write-Host "Please Provide Proper Log Path" -ForegroundColor Red
}
else
{
$script:isLogFileCreated = $True
Write-Host "Log File ($logFileName) Created..."
[string]$logMessage = [System.String]::Format("[$(Get-Date)] - {0}", $logMsg)
Add-Content -Path $logPath -Value $logMessage
}
}
else
{
[string]$logMessage = [System.String]::Format("[$(Get-Date)] - {0}", $logMsg)
Add-Content -Path $logPath -Value $logMessage
}
}


#Install-Module AzureADPreview
Import-Module AzureADPreview

try
{

Connect-AzureAD

#Execute-AzureAdLabelSync

$grpUnifiedSetting = (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ)

if ($setting -eq $null)
{

Write-Host "There is no setting found, creating the new ones !"
#$template = Get-AzureADDirectorySettingTemplate -Id 62375ab9-6b52-47ed-826b-58e47e0e304b
$template = Get-AzureADDirectorySettingTemplate | Where-Object {$_.DisplayName -eq "Group.Unified"}
$setting = $template.CreateDirectorySetting()
$Setting["EnableMIPLabels"] = "True"

New-AzureADDirectorySetting -DirectorySetting $setting

}
else
{

Write-Host "Settings found, adding settings!"
$Setting = (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ)
$Setting.Values
$Setting["EnableMIPLabels"] = "True"
$Setting.Values
Set-AzureADDirectorySetting -Id $grpUnifiedSetting.Id -DirectorySetting $setting

}
}
catch
{

$ErrorMessage = $_.Exception.Message +"in enabling the sensitivity label for Groups & sites!:"
Write-Host $ErrorMessage -BackgroundColor Red
Write-Log $ErrorMessage

}

 

Notes:

  • Till mid of 2021, just executing the “Execute-AzureAdLabelSync” command was sufficient enough to enable the sensitivity label for Groups & sites but after that, this command does not enable this, we need to execute the above script.
  • Once we successfully execute the above script, we can see that the “Groups & sites” scope is enabled while creating the sensitivity label.

Test sensitivity label for Microsoft Team Site

We have enabled the Groups & sites for the scope for the sensitivity label creation and created a couple of new sensitivity labels and published it.

Sensitivity label for Microsoft Teams and Sites
Sensitivity label for Microsoft Teams and Sites

Now, let’s go to create a new site from the SharePoint Online admin center.

Click on the advanced settings, then we can see the sensitivity label dropdown list along with the published sensitivity labels.

Let’s look at the below screen,

 

Configure sensitivity label for Microsoft Team site
Configure sensitivity label for Microsoft Team site

Test sensitivity label for Microsoft Teams

Now login to the Microsoft Teams and then either create a new team or edit an existing team we will get to see the sensitivity label dropdown list along with our newly created custom sensitivity label.

Apply sensitivity label on Microsoft Teams
Apply sensitivity label on Microsoft Teams

Now, we can apply any of these sensitivity labels.

Summary

Thus, in this article, we have learned about how to enable sensitivity labels for Groups & Sites in the compliance center using PowerShell script and how to work and apply sensitivity label SharePoint document library, site, and team.

 

 

 

 

 

About Post Author

Do you have a better solution or question on this topic? Please leave a comment