HomeAbout Me
Microsoft 365
Create and publish Sensitivity label via PowerShell - the basics
Simon Ågren
Simon Ågren
May 12, 2023
2 min

Table Of Contents

01
Prerequisites
02
Getting Current Label(s)
03
Creating a Sensitivity Label
04
Updating a label
05
Publishing the labels
06
Removing and deleting labels
Create and publish Sensitivity label via PowerShell - the basics

Creating labels manually and publishing them in Microsoft Purview is easy but rather monotonous and time-consuming. This blog post will cover the basics of creating and configuring sensitivity labels in PowerShell, including how to get current labels, create, update, delete them, and create label policies.

First, create and configure the sensitivity labels you want to make available for apps and other services. For example, the labels you want users to see and apply from Office apps.

Then, create one or more label policies containing the labels and policy settings you configure. Finally, the label policy publishes the labels and settings for your chosen users and locations.

Prerequisites

You first need to run the following commands in PowerShell to install and import the Exchange Online PS Module:

Install-Module ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement

This example connects to Security & Compliance Center PowerShell in a Microsoft 365 organization:

Connect-IPPSSession

Getting Current Label(s)

Get-Label returns a summary list of all sensitivity labels in the organization. We could also get detailed information for a specific sensitivity label like this:

Get-Label -Identity Confidential | Format-List

If you want better readability for the label’s actions, you can use IncludeDetailedLabelActions

Get-Label -Identity "Confidential" -IncludeDetailedLabelActions

We will look closer at this in another post, focusing on more advanced examples.

Creating a Sensitivity Label

Creating a sensitivity label in PowerShell is easy with the New-Label cmdlet. Here’s an example of how to create a basic label:

New-Label -DisplayName "General" -Name "General" -Tooltip "Use this label for general things."

This example creates a new label named “General” with a display name “General” and the tooltip “Use this label for general things”.

NOTE: There are more than 70 properties available when we create a new Sensitivity Label via the New-Label command, the required ones being Name, DisplayName, and Tooltip.

Updating a label

To update a label, use the Set-Label command with the Identity parameter. This example is from my previous post (When the UI fails - Update Sensitivity Labels via PowerShell and changes the priority of the label:

Set-Label -Identity Personal -Priority 0
Set-Label -Identity General -Priority 2

Publishing the labels

After creating and configuring the labels, you must create a label policy that includes the labels and the policy settings. This label policy will publish the labels and settings to the users and locations you have selected. Allow 24 hours for label and label policy changes to take effect. However, in some scenarios, changes may take effect faster or longer than 24 hours

Let’s take an elementary example where we distribute two labels to all users and groups using ExchangeLocation All.

New-LabelPolicy -Name "Demo Policy" -Labels "General", "Personal" -ExchangeLocation All

You could also use ExchangeLocation “Adele Vance ” for just a single user.

Removing and deleting labels

There is a difference between fully deleting a label and unpublishing it by removing it from a label policy. Deleting the label itself is a permanent action. Before you do it, make sure you understand the implications: Removing and deleting labels

Unpublish a label from the label policy:

Set-LabelPolicy -Identity "Demo Policy" -RemoveLabels "General"

Delete a sensitivity label:

Remove-Label -DisplayName "Confidential"

Delete a label policy. First, run the following code and then confirm in PowerShell:

Remove-LabelPolicy -Identity "Demo Policy"

Thank you for reading
/Simon


Tags

purviewpowershell
Previous Article
Margins in Microsoft Purview Sensitivity Labels

Simon Ågren

CTA & Microsoft MVP

Solving business problems with tech

Expertise

Microsoft 365
Azure

Social Media

githubtwitterwebsite

Related Posts

Unveiling the Truth - Custom Sensitivity Label Colors
Unveiling the Truth - Custom Sensitivity Label Colors
March 01, 2024
2 min

Quick Links

About

Social Media