cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Allow Sensitivity Labels to be assigned to Groups using application-only permissions

Allow Sensitivity Labels to be assigned to Groups using application-only permissions
16

Upvotes

Upvote
 Aug 25 2022
2 Comments (2 New)
New

We want to generate Microsoft 365 Groups using an Azure Function. We want to assign a Sensitivity Label to the new group. However, Microsoft Graph does not support updating the "assignedLabels" property with application-only permissions.

 

Please add support for this scenario, or another way of automating the assignment of sensitivity labels to groups.

Comment
Comments
Ashwani_Vashishtha
Copper Contributor
‎Sep 29 2022 09:37 AM
‎Sep 29 2022 09:37 AM

While using Beta Graph API for Sensitivity Label - (https://graph.microsoft.com/beta/drives/myDriveID/items/myItemID/microsoft.graph.assignSensitivityLabel),  I get the below error. I am using Delegated App Permission.

{
"error": {
"code": "notSupported",
"message": "AssignSensitivityLabel API is not yet available",
"innerError": {
"date": "2022-09-29T16:30:30",
"request-id": "edd756cc-12f2-4781-ba07-004d601f42a0",
"client-request-id": "edd756cc-12f2-4781-ba07-004d601f42a0"
}

 

(https://graph.microsoft.com/beta/drives/DriveID/items/ItemID/microsoft.graph.extractSensitivityLabel) - This works very well using the same token and other permission levels. 

 

Please help. 

Toni_Pohl
Brass Contributor
‎Jun 06 2024 02:35 AM
‎Jun 06 2024 02:35 AM

Hey, Graph-team,

 

it's June 2024 and Graph still lacks the ability to assign sensitivity labels (assignedLabels) to a group via app permissions. Neither the post method nor the patch method work with app permissions. 

 

POST https://graph.microsoft.com/v1.0/groups

 

{ 
	"template(at)odata.bind": "https://graph.microsoft.com/v1.0/teamsTemplates('standard')",	
	"displayName": "Team1", 
	"description": "Team1 test with assigned labels and app permissions.", 
	"assignedLabels": [ 
		{ "labelId": "07780fe0-e4f4-4695-9a8f-6e118a586cc1" } 
	] 
}

 

 

 

This returns an error:

 

"error":{ "code":"Unauthorized","message":"App-only token is not supported.",... }

 

 

There is only a hint at the "Update group" documentation 

https://learn.microsoft.com/en-us/graph/api/group-update?view=graph-rest-1.0&tabs=http

at the end: "Application permissions are not supported when updating assignedLabels." (BTW, this info is missing in the create group documentation.)

Such assignments only work with Delegated permissions.

 

I see no reason why the assignment of assignedLabels to a group should not be done by an app. Does Microsoft see a relevant reason for this, or is this just a to do-task at the end of the roadmap?

 

Our customers would like to be able to programmatically add sensitivity labels to new teams in our apps. 

Graph-team, could you please add this simple feature request to support app permissions to your roadmap?

 

Thx, Toni

 

Similar Ideas
No similar ideas