top of page
Search

(73) Microsoft Purview - Enable Sensitivity Labels in Microsoft 365 Groups and Sharepoints

  • Writer: Mr B SOE way
    Mr B SOE way
  • Jun 8, 2023
  • 1 min read

When creating a label in Microsoft Purview, under Scope you will see a message with the following where you can't select the box as it's greyed out and with the bottom it says "To apply sensitivity labels to Teams, SharePoint sites and Microsoft 365 Groups, you must first complete these steps to enable the feature"

To enable it, do the following:


1. Run PowerShell as Administrator.


Then run the following:

Install-Module AzureADPreview

Connect-AzureAD

$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id


If you encounter an issue with running:

$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id where it displays "Get-AzureADDirectorySetting : Cannot bind argument to parameter 'Id' because it is null".




Run the following in PowerShell to add the MIP Directory Setting:


1. Get-AzureADDirectorySettingTemplate

2. $TemplateId = (Get-AzureADDirectorySettingTemplate | where { $_.DisplayName -eq "Group.Unified" }).Id

3. $Template = Get-AzureADDirectorySettingTemplate | where -Property Id -Value $TemplateId -EQ

4. $Setting = $Template.CreateDirectorySetting()

5. $Setting["EnableMIPLabels"] = "True"

6. New-AzureADDirectorySetting -DirectorySetting $Setting


Then run this again:

$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id

Followed by running:

$Setting.Values
















To save updates to the directory, run the following:

Set-AzureADDirectorySetting -Id $Setting.Id -DirectorySetting $Setting


The final step is to connect to Microsoft 365 Compliance Center to Azure AD (Unified label integration), run the following:


Import-Module ExchangeOnlineManagement

Connect-IPPSSession -UserPrincipalName admin@mydomain.com

Execute-AzureAdLabelSync

Once these features are enabled, sensitivity labels can now be applied directly to M365 Groups and Sharepoint sites.


Navigating to https://compliance.microsoft.com/informationprotection/labels, you will see that the pop-up message has appeared. Select Turn on now.


Create a new label or updating an existing label, you will now see that "Groups & sites" can be ticked or unticked.


 
 
 

Comments

bottom of page