top of page
Search

(73) Microsoft Purview - Enable Sensitivity Labels in Microsoft 365 Groups and Sharepoints

  • Writer: Mr B SOE way
    Mr B SOE way
  • Jun 8, 2023
  • 1 min read

When creating a label in Microsoft Purview, under Scope you will see a message with the following where you can't select the box as it's greyed out and with the bottom it says "To apply sensitivity labels to Teams, SharePoint sites and Microsoft 365 Groups, you must first complete these steps to enable the feature"

ree

To enable it, do the following:


1. Run PowerShell as Administrator.


Then run the following:

Install-Module AzureADPreview

Connect-AzureAD

$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id


If you encounter an issue with running:

$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id where it displays "Get-AzureADDirectorySetting : Cannot bind argument to parameter 'Id' because it is null".


ree


Run the following in PowerShell to add the MIP Directory Setting:


1. Get-AzureADDirectorySettingTemplate

2. $TemplateId = (Get-AzureADDirectorySettingTemplate | where { $_.DisplayName -eq "Group.Unified" }).Id

3. $Template = Get-AzureADDirectorySettingTemplate | where -Property Id -Value $TemplateId -EQ

4. $Setting = $Template.CreateDirectorySetting()

5. $Setting["EnableMIPLabels"] = "True"

6. New-AzureADDirectorySetting -DirectorySetting $Setting


Then run this again:

$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id

ree

Followed by running:

$Setting.Values

ree















To save updates to the directory, run the following:

Set-AzureADDirectorySetting -Id $Setting.Id -DirectorySetting $Setting


The final step is to connect to Microsoft 365 Compliance Center to Azure AD (Unified label integration), run the following:


Import-Module ExchangeOnlineManagement

Connect-IPPSSession -UserPrincipalName admin@mydomain.com

Execute-AzureAdLabelSync

ree

Once these features are enabled, sensitivity labels can now be applied directly to M365 Groups and Sharepoint sites.


Navigating to https://compliance.microsoft.com/informationprotection/labels, you will see that the pop-up message has appeared. Select Turn on now.

ree

Create a new label or updating an existing label, you will now see that "Groups & sites" can be ticked or unticked.

ree

 
 
 

Comments

bottom of page