Table of Contents


This article is just a quick guide through default settings. It will work well for new and test tenants. For other scenarios visit detailed guidance on requirements, as well as Azure Active Directory support for applying sensitivity labels, AAD Group Settings and Connecting to Security & Compliance Center PowerShell


1. Enable sensitivity label support

Install-Module AzureADPreview
Import-Module AzureADPreview
$ExistingSetting = (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ)
if ($null -eq $ExistingSetting) {
       $TemplateId = (Get-AzureADDirectorySettingTemplate | where { $_.DisplayName -eq "Group.Unified" }).Id $Template = Get-AzureADDirectorySettingTemplate | where -Property Id -Value $TemplateId -EQ
       $Setting = $Template.CreateDirectorySetting()
New-AzureADDirectorySetting -DirectorySetting $Setting
$grpUnifiedSetting = (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ)
$Setting = $grpUnifiedSetting
$Setting["EnableMIPLabels"] = "True"
Set-AzureADDirectorySetting -Id $grpUnifiedSetting.Id -DirectorySetting $setting

2. Synchronize your sensitivity labels to Azure AD

Import-Module ExchangeOnlineManagement
Connect-IPPSSession -UserPrincipalName

3. Create a label
(You can do that via User Interface as well)

New-Label -DisplayName "My New label" -Name "New Label" -ContentType Site, UnifiedGroup

See Also

Use sensitivity labels to protect content in Microsoft Teams, Microsoft 365 groups, and SharePoint sites