Post
Ask Question

Applying SharePoint Online Site Classification using PowerShell

Introduction

Site classification in SharePoint online is one of the governance features, which will help manage the information stored on the SharePoint site to follow certain guidelines and implement policies to protect the privacy of the content being stored. For instance, if the content has personal information like a customer's bank account, you might want to restrict such content on public sites.

During the site creation process via SharePoint Admin Center, there is an option to define the site sensitivity. Below is the screen capture for reference. However,

SharePoint Admin Center

However, when trying to create the site via PowerShell there is no parameter to define sensitivity. We can update the site sensitivity after the site gets created.

This article focuses on updating the site sensitivity to a bunch of sites loaded from a CSV file and then showing the status in the console. Thanks to Sujith Nambiar for helping during this script creation process.

Pre-requisites

To run the script successfully,

  • The account running the script 'SharePoint Admin' Rights and 'Global Reader rights'.
  • PnP PowerShell Module 2.5.0 or greater needs to be installed
  • Exchange Online Management module to have version 3.4.0 or above
  • Your laptop should have PowerShell 7 aka PowerShell Core
  • The schema CSV should have DestinationSite and Classification as the first line header.
    DestinationSite

Note. This script is tested on a Windows 10 machine. The same script should work on other OS as PowerShell core is a cross-platform tool.

Steps

Step 1. Get the required modules Imported.

  • Exchange Online Management
  • PnP PowerShell
Import-Module -Name PnP.PowerShell
Import-Module -Name ExchangeOnlineManagement

Step 2. Store the account credentials in a variable $Creds.

$Creds = Get-Credential -Message "Connecting to IP PS Session and PnP PowerShell" -UserName $AdminCsecAccount

Step 3. Connect to IPPS (Information Protection PowerShell Session). IPPS is a sub module from the Exchange Online Module. Once the Exchange Online Module is imported, you should be able to connect to the IPPS session using the below command. Connect to the PnP PowerShell session using the admin account credentials.

 Connect-IPPSSession -Credential $Creds
    Write-Host ("Successfully connected to Information Protection PS Session") -ForegroundColor Green
    Connect-PnPOnline -Url $SPOAdminUrl -Credentials $Creds    
    Write-Host ("Successfully connected to PnP PowerShell Admin PS Session") -ForegroundColor Green

Step 4. Apply the sensitivity the PowerShell command supports only GUID of the Classification. I have written the below PS methods.

  • GetSensitvityName: To get the Site Classification name based on the GUID.
  • GetSensitivityID: To get the Site Classification ID based on the Display Name.
function GetSensitivityId($SensitivityName) {
   <#
   .DESCRIPTION
   GetSensitivityId method gets the Classification GUID from the Classification Name passed as an argument.
   #>
    try {
        $SensitivityId = Get-Label | Where-Object { $_.DisplayName -eq $SensitivityName } | Select-Object Guid
        
    }
    catch {
        Write-Host "Error occured while fetching the Sensitiviy details. $($_.Exception.Message)" -ForegroundColor Red      
        $SensitivityId = "Error Fetching Sensitivity ID"
    }
    return $SensitivityId.Guid
    
}
function GetSensitivityName($SensitivityId) {
   <#
   .DESCRIPTION
   GetSensitivityName method returns the Classification Name based on the Guid passed as an argument.
   #>
    try {
        $SensitivityName = Get-Label | Where-Object { $_.Guid -eq $SensitivityId } | Select-Object DisplayName
        
    }
    catch {
        Write-Host "Error occured while fetching the Sensitiviy details. $($_.Exception.Message)" -ForegroundColor Red      
        $SensitivityName = "Error Fetching Sensitivity Name"
    }
    return $SensitivityName.DisplayName
    
}

Step 5. Check if the site already has the Site Classification applied. If already exists, proceed to the next record, and update the status in the console.

 $CurrentClassification = Get-PnPTenantSite -Url $SiteUrl | Select-Object SensitivityLabel
        if ([string]::IsNullOrEmpty($CurrentClassification.SensitivityLabel)) {
            $LabelGuid = GetSensitivityId($ClassificationLabel)
            Set-PnPTenantSite -Identity $SiteUrl -SensitivityLabel $LabelGuid
            Write-Host "Successfully applied site classification $($ClassificationLabel) to the site $($SiteUrl)" -ForegroundColor Green
        }
        else {
            $CurrentClassification = GetSensitivityName($CurrentClassification.SensitivityLabel)
            Write-Host "Site Classification $($CurrentClassification) is already existing to the site $($SiteUrl)" -ForegroundColor Cyan
        }

Step 6. Validate if the sites have the right classification applied. You can check it by going to the site and then clicking on ‘Site Information’.

Site Information

Complete Script

# Get the latest PnP PowerShell Module. Version no 2.5.0 or above
# Connect to SharePoint Admin with your Csec Account
# Get the latest Exchange Online module to connect to IPPS session
# Connect IPPS session to get the labels
# Get the Label IDs using Get-Label
# Load the CSV that has SPO site and classfication
# loop through the CSV and for each record, check if the Site Classification exists.
# If No, apply the site classification, if Yes, then proceed to next record. update in status 

function GetSensitivityName($SensitivityId) {
   <#
   .DESCRIPTION
   GetSensitivityName method returns the Classification Name based on the Guid passed as an argument.
   #>
    try {
        $SensitivityName = Get-Label | Where-Object { $_.Guid -eq $SensitivityId } | Select-Object DisplayName
        
    }
    catch {
        Write-Host "Error occured while fetching the Sensitiviy details. $($_.Exception.Message)" -ForegroundColor Red      
        $SensitivityName = "Error Fetching Sensitivity Name"
    }
    return $SensitivityName.DisplayName
    
}
function GetSensitivityId($SensitivityName) {
   <#
   .DESCRIPTION
   GetSensitivityId method gets the Classification GUID from the Classification Name passed as an argument.
   #>
    try {
        $SensitivityId = Get-Label | Where-Object { $_.DisplayName -eq $SensitivityName } | Select-Object Guid
        
    }
    catch {
        Write-Host "Error occured while fetching the Sensitiviy details. $($_.Exception.Message)" -ForegroundColor Red      
        $SensitivityId = "Error Fetching Sensitivity ID"
    }
    return $SensitivityId.Guid
    
}
function ApplySiteClassification {
    <#
    .DESCRIPTION
    ApplySiteClassification method applies the site classfication to SPO sites based on Classification name given in CSV.
    #>

    param (
        [string] $SiteUrl,
        [string] $ClassificationLabel
    )
    try {
        Write-Host ("Applying Site Classfication $($ClassificationLabel) for site $($SiteUrl)") -ForegroundColor Yellow
        $CurrentClassification = Get-PnPTenantSite -Url $SiteUrl | Select-Object SensitivityLabel
        if ([string]::IsNullOrEmpty($CurrentClassification.SensitivityLabel)) {
            $LabelGuid = GetSensitivityId($ClassificationLabel)
            Set-PnPTenantSite -Identity $SiteUrl -SensitivityLabel $LabelGuid
            Write-Host "Successfully applied site classification $($ClassificationLabel) to the site $($SiteUrl)" -ForegroundColor Green
        }
        else {
            $CurrentClassification = GetSensitivityName($CurrentClassification.SensitivityLabel)
            Write-Host "Site Classification $($CurrentClassification) is already existing to the site $($SiteUrl)" -ForegroundColor Cyan
        }
    }
    catch {
        Write-Host("Error occured: $($_.Exception.Message)") -ForegroundColor Red
    }
    
}
# Importing the required modules
Import-Module -Name PnP.PowerShell
Import-Module -Name ExchangeOnlineManagement
#Replace the parameter $AdminCsecAccount with your account
$AdminCsecAccount = "[email protected]"
#Replace the parameter $SPOAdminUrl with your Tenant Admin Url
$SPOAdminUrl = "https://contoso-admin.sharepoint.com"
if ([string]::IsNullOrEmpty($Creds.UserName)) {
    $Creds = Get-Credential -Message "Connecting to IP PS Session and PnP PowerShell" -UserName $AdminCsecAccount
}
#Connecting to IPPS and PnP SharePoint online sessions
try {
    Connect-IPPSSession -Credential $Creds
    Write-Host ("Successfully connected to Information Protection PS Session") -ForegroundColor Green
    Connect-PnPOnline -Url $SPOAdminUrl -Credentials $Creds    
    Write-Host ("Successfully connected to PnP PowerShell Admin PS Session") -ForegroundColor Green
}
catch {
    Write-Host "Error Occured: Error connecting to required modules $($_.Exception.Message)" -ForegroundColor Red
}
# Import the CSV into variable $SitesInfo
$SitesInfo = Import-Csv -Path "C:\SPOMigration\SetClassification_0719.csv"
foreach ($site in $SitesInfo) {
    ApplySiteClassification -SiteUrl $site.DestinationSite -ClassificationLabel $site.Classification
}

finally {
    # Disconnecting the IP PS session and PnP PowerShell session
    Disconnect-ExchangeOnline
    Disconnect-PnPOnline
}

Conclusion

Thus, in this article, we have seen how to apply site classification for SharePoint online sites successfully using PnP PowerShell.

Reference


Similar Articles