Applying SharePoint Online Site Classification using PowerShell

Vinay Ayinapurapu
Feb 07
839
0
3

Article

Introduction

Site classification in SharePoint online is one of the governance features that will help manage the information stored on the SharePoint site, follow certain guidelines, and implement policies to protect the privacy of the content being stored. For instance, if the content has personal information like a customer's bank account, you might want to restrict such content on public sites.

During the site creation process via SharePoint Admin Center, there is an option to define the site sensitivity. Below is the screen capture for reference. However,

SharePoint Admin Center

However, when trying to create the site via PowerShell, there is no parameter to define sensitivity. We can update the site sensitivity after the site gets created.

This article focuses on updating the site sensitivity to a bunch of sites loaded from a CSV file and then showing the status in the console. Thanks to Sujith Nambiar for helping during this script creation process.

Pre-requisites

To run the script successfully,

The account running the script 'SharePoint Admin' Rights and 'Global Reader rights'.
PnP PowerShell Module 2.5.0 or greater needs to be installed
Exchange Online Management module to have version 3.4.0 or above
Your laptop should have PowerShell 7, aka PowerShell Core
The schema CSV should have DestinationSite and Classification as the first line header.

Note. This script is tested on a Windows 10 machine. The same script should work on other OS as PowerShell core is a cross-platform tool.

Steps

Step 1. Get the required modules Imported.

Exchange Online Management
PnP PowerShell

Import-Module -Name PnP.PowerShell
Import-Module -Name ExchangeOnlineManagement

Step 2. Store the account credentials in a variable $Creds.

$Creds = Get-Credential -Message "Connecting to IP PS Session and PnP PowerShell" -UserName $AdminAccount

Step 3. Connect to IPPS (Information Protection PowerShell Session). IPPS is a sub-module from the Exchange Online Module. Once the Exchange Online Module is imported, you should be able to connect to the IPPS session using the below command. Connect to the PnP PowerShell session using the admin account credentials.

Connect-IPPSSession -Credential $Creds
   Write-Host ("Successfully connected to Information Protection PS Session") -ForegroundColor Green
   Connect-PnPOnline -Url $SPOAdminUrl -Credentials $Creds
   Write-Host ("Successfully connected to PnP PowerShell Admin PS Session") -ForegroundColor Green

Step 4. Apply the sensitivity of the PowerShell command to support only the GUID of the Classification. I have written the PS methods below.

GetSensitvityName: To get the Site Classification name based on the GUID.
GetSensitivityID: To get the Site Classification ID based on the Display Name.

function GetSensitivityId($SensitivityName) {
   <#
   .DESCRIPTION
   GetSensitivityId method gets the Classification GUID from the Classification Name passed as an argument.
   #>
    try {
        $SensitivityId = Get-Label | Where-Object { $_.DisplayName -eq $SensitivityName } | Select-Object Guid

    }
    catch {
        Write-Host "Error occured while fetching the Sensitiviy details. $($_.Exception.Message)" -ForegroundColor Red
        $SensitivityId = "Error Fetching Sensitivity ID"
    }
    return $SensitivityId.Guid

}

function GetSensitivityName($SensitivityId) {
   <#
   .DESCRIPTION
   GetSensitivityName method returns the Classification Name based on the Guid passed as an argument.
   #>
    try {
        $SensitivityName = Get-Label | Where-Object { $_.Guid -eq $SensitivityId } | Select-Object DisplayName

    }
    catch {
        Write-Host "Error occured while fetching the Sensitiviy details. $($_.Exception.Message)" -ForegroundColor Red
        $SensitivityName = "Error Fetching Sensitivity Name"
    }
    return $SensitivityName.DisplayName

}

Step 5. Check if the site has already applied for Site Classification. If it already exists, proceed to the next record, and update the status in the console.

$CurrentClassification = Get-PnPTenantSite -Url $SiteUrl | Select-Object SensitivityLabel
       if ([string]::IsNullOrEmpty($CurrentClassification.SensitivityLabel)) {
           $LabelGuid = GetSensitivityId($ClassificationLabel)
           Set-PnPTenantSite -Identity $SiteUrl -SensitivityLabel $LabelGuid
           Write-Host "Successfully applied site classification $($ClassificationLabel) to the site $($SiteUrl)" -ForegroundColor Green
       }
       else {
           $CurrentClassification = GetSensitivityName($CurrentClassification.SensitivityLabel)
           Write-Host "Site Classification $($CurrentClassification) is already existing to the site $($SiteUrl)" -ForegroundColor Cyan
       }

Step 6. Validate if the sites have the right classification applied. You can check it by going to the site and then clicking on ‘Site Information’.

Site Information

Complete Script

# Get the latest PnP PowerShell Module. Version no 2.5.0 or above
# Connect to SharePoint Admin with your Admin Account
# Get the latest Exchange Online module to connect to IPPS session
# Connect IPPS session to get the labels
# Get the Label IDs using Get-Label
# Load the CSV that has SPO site and classfication
# loop through the CSV and for each record, check if the Site Classification exists.
# If No, apply the site classification, if Yes, then proceed to next record. update in status

function GetSensitivityName($SensitivityId) {
   <#
   .DESCRIPTION
   GetSensitivityName method returns the Classification Name based on the Guid passed as an argument.
   #>
    try {
        $SensitivityName = Get-Label | Where-Object { $_.Guid -eq $SensitivityId } | Select-Object DisplayName

    }
    catch {
        Write-Host "Error occured while fetching the Sensitiviy details. $($_.Exception.Message)" -ForegroundColor Red
        $SensitivityName = "Error Fetching Sensitivity Name"
    }
    return $SensitivityName.DisplayName

}
function GetSensitivityId($SensitivityName) {
   <#
   .DESCRIPTION
   GetSensitivityId method gets the Classification GUID from the Classification Name passed as an argument.
   #>
    try {
        $SensitivityId = Get-Label | Where-Object { $_.DisplayName -eq $SensitivityName } | Select-Object Guid

    }
    catch {
        Write-Host "Error occured while fetching the Sensitiviy details. $($_.Exception.Message)" -ForegroundColor Red
        $SensitivityId = "Error Fetching Sensitivity ID"
    }
    return $SensitivityId.Guid

}
function ApplySiteClassification {
    <#
    .DESCRIPTION
    ApplySiteClassification method applies the site classfication to SPO sites based on Classification name given in CSV.
    #>

    param (
        [string] $SiteUrl,
        [string] $ClassificationLabel
    )
    try {
        Write-Host ("Applying Site Classfication $($ClassificationLabel) for site $($SiteUrl)") -ForegroundColor Yellow
        $CurrentClassification = Get-PnPTenantSite -Url $SiteUrl | Select-Object SensitivityLabel
        if ([string]::IsNullOrEmpty($CurrentClassification.SensitivityLabel)) {
            $LabelGuid = GetSensitivityId($ClassificationLabel)
            Set-PnPTenantSite -Identity $SiteUrl -SensitivityLabel $LabelGuid
            Write-Host "Successfully applied site classification $($ClassificationLabel) to the site $($SiteUrl)" -ForegroundColor Green
        }
        else {
            $CurrentClassification = GetSensitivityName($CurrentClassification.SensitivityLabel)
            Write-Host "Site Classification $($CurrentClassification) is already existing to the site $($SiteUrl)" -ForegroundColor Cyan
        }
    }
    catch {
        Write-Host("Error occured: $($_.Exception.Message)") -ForegroundColor Red
    }

}
# Importing the required modules
Import-Module -Name PnP.PowerShell
Import-Module -Name ExchangeOnlineManagement
#Replace the parameter $AdminAccount with your account
$AdminAccount = "vinay@contoso.com"
#Replace the parameter $SPOAdminUrl with your Tenant Admin Url
$SPOAdminUrl = "https://contoso-admin.sharepoint.com"
if ([string]::IsNullOrEmpty($Creds.UserName)) {
    $Creds = Get-Credential -Message "Connecting to IP PS Session and PnP PowerShell" -UserName $AdminAccount
}
#Connecting to IPPS and PnP SharePoint online sessions
try {
    Connect-IPPSSession -Credential $Creds
    Write-Host ("Successfully connected to Information Protection PS Session") -ForegroundColor Green
    Connect-PnPOnline -Url $SPOAdminUrl -Credentials $Creds
    Write-Host ("Successfully connected to PnP PowerShell Admin PS Session") -ForegroundColor Green
}
catch {
    Write-Host "Error Occured: Error connecting to required modules $($_.Exception.Message)" -ForegroundColor Red
}
# Import the CSV into variable $SitesInfo
$SitesInfo = Import-Csv -Path "C:\SPOMigration\SetClassification_0719.csv"
foreach ($site in $SitesInfo) {
    ApplySiteClassification -SiteUrl $site.DestinationSite -ClassificationLabel $site.Classification
}

finally {
    # Disconnecting the IP PS session and PnP PowerShell session
    Disconnect-ExchangeOnline
    Disconnect-PnPOnline
}

Conclusion

Thus, in this article, we have seen how to successfully apply site classification for SharePoint online sites using PnP PowerShell.

Reference

Up Next

Ebook Download

View all

Configure MinRole Search and Cloud Hybrid Features in SharePoint Server 2016 and Office 365

Read by 1.6k people

Download Now!

Learn

View all

(0) Comments