Post
Ask Question

Sensitivity Labels in Teams 365 Groups and SharePoint Sites

When creating sensitivity labels in Microsoft 365, by default, the labels are only available for Files & Data Sets, Emails, and Meetings. However, Groups and Sites are not included by default. To extend the application of sensitivity labels to Teams, SharePoint sites, and Microsoft 365 Groups, you must enable this feature explicitly.

Why Enable Sensitivity Labels for Groups and Sites?

Sensitivity labels help enforce protection policies such as encryption, content marking, and access control. By extending these labels to Teams, SharePoint sites, and Groups, you gain the ability to:

  1. Control Privacy Settings: Enforce whether a Microsoft 365 Group or Team is private or public.
  2. Manage External User Access: Allow or block external sharing for Teams or SharePoint sites based on the label.
  3. Protect Content Across Workspaces: Ensure that the sensitivity and protection policies extend beyond individual files and emails to entire collaboration spaces.

Here are a few examples of how the sensitivity labels are shown in each.

In SharePoint

Sharepoint

In Teams

Teams

Before Applying the feature (Default Setting).

Default Setting

Steps to Follow

Open PowerShell Connect to Purview and use the below commands.

  1. Connect-IPPSSession
  2. Install-Module Microsoft.Graph -Scope AllUsers
  3. Install-Module Microsoft.Graph.Beta -Scope AllUsers
  4. Connect-MgGraph -Scopes "Directory.ReadWrite.All" $grpUnifiedSetting = Get MgBetaDirectorySetting | Where-Object { $_.Values.Name -eq "EnableMIPLabels" } $grpUnifiedSetting.Values

If no group settings were created for your Microsoft Entra organization, you get an empty screen. In this case, you must first create the settings. Follow the below steps to create group settings for this Microsoft Entra organization.

  1. Get-MgBetaDirectorySettingTemplate
  2. $TemplateId = (Get-MgBetaDirectorySettingTemplate | where { $_.DisplayName -eq "Group.Unified" }).Id 
    $Template = Get-MgBetaDirectorySettingTemplate | Where-Object { $_.Id -eq $TemplateId }

    $params = @{
    templateId = "$TemplateId"
    values = @(
        @{
            name = "UsageGuidelinesUrl"
            value = "https://guideline.example.com"
        }
        @{
            name = "EnableMIPLabels"
            value = "True"
        }
    )
}
  3. New-MgBetaDirectorySetting -BodyParameter $params
  4. $Setting = Get-MgBetaDirectorySetting | where { $_.DisplayName -eq "Group.Unified"} $Setting.Values

Window

Execute-AzureAdLabelSync

After these steps, you can refresh the Microsoft Purview Portal to check Group and Sites.

Microsoft preview


Similar Articles