Table of Contents




Introduction


This article is just a quick guide through default settings. It will work well for new and test tenants. For other scenarios visit detailed guidance on requirements, as well as Azure Active Directory support for applying sensitivity labels, AAD Group Settings and Connecting to Security & Compliance Center PowerShell


Steps


1. Enable sensitivity label support

Install-Module AzureADPreview
Import-Module AzureADPreview
Connect-AzureAD
  
$ExistingSetting = (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ)
 
if ($null -eq $ExistingSetting) {
       $TemplateId = (Get-AzureADDirectorySettingTemplate | where { $_.DisplayName -eq "Group.Unified" }).Id $Template = Get-AzureADDirectorySettingTemplate | where -Property Id -Value $TemplateId -EQ
       $Setting = $Template.CreateDirectorySetting()
 
New-AzureADDirectorySetting -DirectorySetting $Setting
}
 
$grpUnifiedSetting = (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ)
$Setting = $grpUnifiedSetting
$Setting["EnableMIPLabels"] = "True"
 
 
Set-AzureADDirectorySetting -Id $grpUnifiedSetting.Id -DirectorySetting $setting


2. Synchronize your sensitivity labels to Azure AD

Import-Module ExchangeOnlineManagement
Connect-IPPSSession -UserPrincipalName admin@tenant.onmicrosoft.com
Execute-AzureAdLabelSync


3. Create a label
(You can do that via User Interface as well)

New-Label -DisplayName "My New label" -Name "New Label" -ContentType Site, UnifiedGroup

See Also


Use sensitivity labels to protect content in Microsoft Teams, Microsoft 365 groups, and SharePoint sites