So, here goes:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# Define the variables for your enviroment. The first one is the link to your SharePoint Admin Portal. The second one is your administrator account User Principal Name $SPAdminLink = "https://tenant-admin.sharepoint.com" $AdminUPN = "user@domain.com" # Connect to SharePoint. Replace the link with your SharePoint Admin portal # you need to have run install-module -name Microsoft.Online.SharePoint.PowerShell to have the module installed. Connect-SPOService -Url $SPAdminLink # Enable AIP Integration Set-SPOTenant -EnableAIPIntegration $true (Get-SPOTenant).EnableAIPIntegration # Enable support for PDFs. Update SP Online Module if this fails. The link is https://www.microsoft.com/en-us/download/details.aspx?id=35588 Set-SPOTenant -EnableSensitivityLabelforPDF $true (Get-SPOTenant).EnableSensitivityLabelforPDF # Connect to AAD and enable support for labels in groups. Source: https://learn.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?view=o365-worldwide Install-Module AzureADPreview AzureADPreview\Connect-AzureAD $grpUnifiedSetting = (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ) $Setting = $grpUnifiedSetting # Check if EnableMIPLabels is enabled. If nothing is displayed then you have no group settings. We'll enable it. $grpUnifiedSetting.Values # Enable the feature. If it fails check out this guide: https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-settings-cmdlets#create-settings-at-the-directory-level $Setting["EnableMIPLabels"] = "True" # Check that now it's enabled. If it's enabled you'll get # #Name Value #---- ----- #EnableMIPLabels True $Setting.Values # Save Set-AzureADDirectorySetting -Id $grpUnifiedSetting.Id -DirectorySetting $Setting # Now we'll import ExchangeOnlineManagement and then connect the Compliance Powershell to sync the labels #You might have problems running the below part in PowerShell ISE. If you do, run them in a normal PowerShell session #Also, ensure you have the module installed with Install-Module -Name ExchangeOnlineManagement Import-Module ExchangeOnlineManagement Connect-IPPSSession -UserPrincipalName $AdminUPN Execute-AzureAdLabelSync |
Create and publish your label, then wait around 24h to have everything propagated.
If you get any error with the following cmdlet: $grpUnifiedSetting = (Get-AzureADDirectorySetting | where -Property DisplayName -Value “Group.Unified” -EQ) follow the steps in this article: Configure group settings using PowerShell – Microsoft Entra ID | Microsoft Learn
Hint:
Connect-MgGraph -TenantId 0f2434f0-d209-4e5f-9536-2bfb2dd9c2b7 -Scopes Directory.ReadWrite.All
You can get the tenantID from Entra
Enjoy!