Apply Sensitivity Label to SharePoint Site using Postman Tool

In this “Apply sensitivity label to SharePoint site” article, we will learn how to apply a sensitivity label in SharePoint using the postman tool. Here we have assumed that you have a basic understanding of what is a sensitivity label and how to apply it to the Microsoft Office file (like Word, Excel, PPT, etc).

In simple words, a sensitivity label is a data classification like Public, Confidential, Highly Confidential, etc.

What is Sensitivity label in SharePoint Online?

Sensitivity labels in SharePoint Online are a feature of Microsoft 365 Compliance that helps organizations classify and protect sensitive content. These labels allow you to apply consistent security policies to documents and emails, such as encryption, content marking, and access restrictions, to ensure sensitive information is handled properly.

Key Features of Sensitivity Labels

1. Classification
   • Labels can be used to classify data based on its sensitivity (e.g., Confidential, Highly Confidential, Public).
   • Labels can include visual markings like headers, footers, or watermarks to indicate the sensitivity of the content.
2. Encryption
   • Apply encryption to documents and emails to protect data at rest and in transit.
   • Specify who can access the content and what they can do with it (view, edit, etc.).
3. Access Control
   • Control access to labeled content based on the user’s identity and role.
   • Implement policies to restrict sharing, downloading, or printing sensitive documents.
4. Content Marking
   • Automatically add headers, footers, and watermarks to labeled documents to indicate their sensitivity level.
   • Help users easily identify the classification of the content they are handling.
5. Automatic Labeling
   • Use automatic labeling policies to apply labels based on predefined rules or conditions, such as keywords or patterns within documents.
   • Ensure consistent application of sensitivity labels without relying solely on user intervention.
6. Integration with Other Microsoft 365 Services
   • Sensitivity labels work across various Microsoft 365 services, including SharePoint Online, OneDrive for Business, Exchange Online, and Microsoft Teams.
   • Consistent labeling and protection policies across different services and applications.

How to Use Sensitivity Labels in SharePoint Online

Step 1: Create and Configure Sensitivity Labels

1. Access the Microsoft 365 Compliance Center
   • Go to the Microsoft 365 Compliance Center.
2. Create Sensitivity Labels
   • Navigate to “Information protection” under the “Solutions” section.
   • Click on “Labels” and then “Create a label.”
   • Define the label name, description, and any content markings you want to apply (headers, footers, watermarks).
3. Configure Protection Settings
   • In the label configuration, set up encryption and access controls.
   • Specify who can access labeled content and their permissions (view, edit, etc.).
   • Optionally, configure conditions for automatic labeling.
4. Publish Sensitivity Labels
   • Once labels are created, publish them by creating a label policy.
   • Choose which users and groups the labels will be available to and configure any specific settings for label use.

Step 2: Apply Sensitivity Labels in SharePoint Online

1. Manual Labeling
   • Users can manually apply sensitivity labels to documents stored in SharePoint Online and OneDrive for Business.
   • In a document library, select the document, click on the “Information” pane, and choose the sensitivity label from the options available.
2. Automatic Labeling
   • If automatic labeling policies are configured, SharePoint Online will automatically apply labels based on the predefined conditions.
   • This ensures that sensitive content is consistently protected without relying on user action.
3. Enforce Label Policies
   • Use sensitivity labels to enforce policies that control external sharing, downloading, and other actions.
   • For example, restrict sharing of documents labeled as “Confidential” to internal users only.

Example Use Case

Imagine a financial services company that handles various types of sensitive information, such as client financial data, internal reports, and public marketing materials. They can use sensitivity labels in SharePoint Online to:

1. Classify Documents
   • Create labels like “Public,” “Internal,” “Confidential,” and “Highly Confidential.”
   • Apply labels based on the sensitivity of the documents.
2. Protect Sensitive Information
   • Apply encryption and access controls to documents labeled as “Confidential” or “Highly Confidential.”
   • Ensure only authorized personnel can access and edit sensitive financial data.
3. Automatic Labeling
   • Set up automatic labeling policies to label documents containing specific keywords (e.g., “financial report”) as “Confidential.”
   • Reduce the risk of human error by automating the classification process.
4. Visual Markings
   • Add watermarks to documents labeled as “Highly Confidential” to remind users of the sensitivity of the content.
   • Use headers and footers to indicate the classification of internal reports.

By implementing sensitivity labels, the company can enhance its data protection strategy, ensuring that sensitive information is consistently classified, protected, and managed according to its sensitivity level.

How to Apply sensitivity label to SharePoint site?

To know more about the data classification & sensitivity label, you may look at the below articles:

• Enable Sensitivity label for Groups, Sites & Teams
• Get sensitivity labels using PowerShell script

Now, let’s get back to the context of this article. In the previous article, we have learned how to get and copy the bearer token value from Sharepoint – in this article, we will learn how to use that bearer token value in the postman tool to do a post-operation in SharePoint Online, here as an example we will use how to apply a sensitivity label using the SharePoint API.

Apply sensitivity labels to SharePoint site (sensitivity labels in sharepoint online)

Here is the SharePoint API which we will use for applying the sensitivity label:

API Syntax:

"yourspositeURL/_api/v2.1/drives/DocumentLibraryID/items/DocumentID/setsensitivityLabel"

Example:

"globalsharepoint2020.sharepoint.com/_api/v2.1/drives/b!_gbrdwjBJUi-RT40bK2ugHGZ7QDqj1RFnI_Q4lVGhqmtoFYS9HieT5Rl6tvwhWR2/items/0A5D5112-B937-4246-8339-85E4795A0A65/setsensitivityLabel"

Notes:

• Here the site URL is – the site where your document is hosted.
• Get the Document library ID from this article – Get Document Library ID using SharePoint API
• To get the document or file ID follow the below steps.

How to get the Document ID in SharePoint Online (sensitivity labels in SharePoint online)?

We just, need to open the document for which we want to apply the sensitivity label in the browser. For an example, below:

Notes:

• Note down the URL, and the URL will look like below:

"globalsharepoint2020.sharepoint.com/:w:/r/_layouts/15/Doc.aspx?sourcedoc=%7B0A5D5112-B937-4246-8339-85E4795A0A65%7D&file=My%20Test%20File.docx&action=default&mobileredirect=true&cid=5743bcd3-c190-4c31-96a8-44194bcab7d2"

• In the URL, we can see one of the query string parameters is the “sourcedoc” which is in an encoded format, we need to decode it (sourcedoc=%7B0A5D5112-B937-4246-8339-85E4795A0A65%7D).
• Using the Online tool like URL Decoder/Encoder, we can decode it, after decoding the “sourcedoc” value will be like  “0A5D5112-B937-4246-8339-85E4795A0A65“
• So, by now we got the document ID also.
• And the right topmost corner, we can see there are two sensitivity labels to this location, and we can apply any of them – at present this document has not been applied with any sensitivity labels. In this demo, we will apply the “Confidential Test – Label” to this document.

By now we have all the needed parameters for this sensitivity label API like:

• Site URL – globalsharepoint2020.sharepoint.com
• Document Library ID – b!_gbrdwjBJUi-RT40bK2ugHGZ7QDqj1RFnI_Q4lVGhqmtoFYS9HieT5Rl6tvwhWR2
• Document ID – 0A5D5112-B937-4246-8339-85E4795A0A65

One more thing we need to get is the sensitivity label ID the one which we are going to apply. We can get the sensitivity label ID using this article – Get sensitivity labels using PowerShell script.

For this demo, the sensitivity label ID is: 90ebdb98-631f-453a-bf00-6f388e5b5206 (Confidential Test – Label).

Now, everything is ready, we are ready to go for postman execution.

Let’s launch the postman tool.

Select the operation as “POST”

Pass the Sensitivity Label API URL like below:

"globalsharepoint2020.sharepoint.com/_api/v2.1/drives/b!_gbrdwjBJUi-RT40bK2ugHGZ7QDqj1RFnI_Q4lVGhqmtoFYS9HieT5Rl6tvwhWR2/items/0A5D5112-B937-4246-8339-85E4795A0A65/setsensitivityLabel"

Header Configuration should be as below:

Authorization – Bearer

Accept – application/json;odata=verbose

Content-Type – application/json;odata=verbose

Now, let’s configure the Body of the API:

In the body of the API pass the below:

Note:

• In the above, the “id” is the sensitivity label id parameter which is mandatory rest of other parameters are optional. We have got this sensitivity label ID (90ebdb98-631f-453a-bf00-6f388e5b5206 (Confidential Test – Label)) in the above step which we are going to apply to the particular document.

Then let’s configure the authorization section for this API.

Click on the “Authorization” tab.

From the type of Authorization, select the “Bearer Token”.

And in the Token Text Box, place or paste the bearer token value that we got referring to this article – How to get Bearer Token For SharePoint?.

Finally, click on the “Send” button.

We can see the status as “200 Ok” which means, this API has been executed successfully.

Now, if we open the particular file from the SharePoint document library we can see that the “Confidential Test – Label” has been applied to this document which was not there before executing the API from the postman tool.

Notes:

• Sometimes, we might get a token expiration error like the one below from the postman tool, in this case, we need to generate the token value freshly and pass it to the postman authorization configuration.

{“error”:{“code”:”unauthenticated”,”innerError”:{“code”:”expiredToken”},”message”:”The access token has expired. It’s valid from ‘4/17/2022 5:31:52 AM’ and to ‘4/17/2022 6:31:52 AM’.”}}

• And sometimes, we might get a document lock state error while applying the sensitivity label, in this case, we need to close the document from the browser.

Summary: Sensitivity labels in SharePoint site

Thus, in this article, we have learned how to apply the sensitivity label in the document stored in the SharePoint document library using the postman tool and SharePoint API.

See Also: Sensitivity labels in SharePoint online Articles

You might be interested in the following sensitivity & postman tool-related articles:

• How to get Bearer Token For SharePoint?
• Get Document Library ID using SharePoint API
• Get sensitivity labels using PowerShell script
• Enable Sensitivity label for Groups, Sites & Teams
• In 4 steps access SharePoint online data using postman tool

About Post Author

Microsoft Techy

As a SharePoint and Power Platform Maven, my greatest joy comes from sharing my expertise with colleagues, friends, and the tech community, helping them navigate the ever-evolving world of technology and guiding them through the dynamic landscape of modern technology.

See author's posts