Sensitivity labels: Enable labels for groups and sites

Introduction

This article is just a quick guide through default settings. It will work well for new and test tenants. For other scenarios visit detailed guidance on requirements, as well as Azure Active Directory support for applying sensitivity labels, AAD Group Settings and Connecting to Security & Compliance Center PowerShell

Steps

1. Enable sensitivity label support

Install-Module AzureADPreview
Import-Module AzureADPreview
Connect-AzureAD
  
$ExistingSetting = (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified"  -EQ)
 
if ($null  -eq $ExistingSetting) {
       $TemplateId = (Get-AzureADDirectorySettingTemplate | where {  $_.DisplayName -eq "Group.Unified"  }).Id $Template  = Get-AzureADDirectorySettingTemplate | where -Property Id -Value $TemplateId -EQ
       $Setting = $Template.CreateDirectorySetting()
 
New-AzureADDirectorySetting -DirectorySetting $Setting
}
 
$grpUnifiedSetting = (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified"  -EQ)
$Setting = $grpUnifiedSetting
$Setting["EnableMIPLabels"] = "True"
 
 
Set-AzureADDirectorySetting -Id $grpUnifiedSetting.Id -DirectorySetting $setting

2. Synchronize your sensitivity labels to Azure AD

Import-Module ExchangeOnlineManagement
Connect-IPPSSession -UserPrincipalName admin@tenant.onmicrosoft.com
Execute-AzureAdLabelSync

3. Create a label
   (You can do that via User Interface as well)

New-Label -DisplayName "My New label"  -Name "New Label"  -ContentType Site, UnifiedGroup

See Also

Use sensitivity labels to protect content in Microsoft Teams, Microsoft 365 groups, and SharePoint sites