Allow Sensitivity Labels to be assigned to Groups using application-only permissions

Hey, Graph-team,

POST https://graph.microsoft.com/v1.0/groups

{ 
	"template(at)odata.bind": "https://graph.microsoft.com/v1.0/teamsTemplates('standard')",	
	"displayName": "Team1", 
	"description": "Team1 test with assigned labels and app permissions.", 
	"assignedLabels": [ 
		{ "labelId": "07780fe0-e4f4-4695-9a8f-6e118a586cc1" } 
	] 
} 

This returns an error:

"error":{ "code":"Unauthorized","message":"App-only token is not supported.",... }

There is only a hint at the "Update group" documentation 

https://learn.microsoft.com/en-us/graph/api/group-update?view=graph-rest-1.0&tabs=http

at the end: "Application permissions are not supported when updating assignedLabels." (BTW, this info is missing in the create group documentation.)

Such assignments only work with Delegated permissions.

I see no reason why the assignment of assignedLabels to a group should not be done by an app. Does Microsoft see a relevant reason for this, or is this just a to do-task at the end of the roadmap?

Our customers would like to be able to programmatically add sensitivity labels to new teams in our apps. 

Graph-team, could you please add this simple feature request to support app permissions to your roadmap?

Thx, Toni

While using Beta Graph API for Sensitivity Label - (https://graph.microsoft.com/beta/drives/myDriveID/items/myItemID/microsoft.graph.assignSensitivityLabel),  I get the below error. I am using Delegated App Permission.

{
"error": {
"code": "notSupported",
"message": "AssignSensitivityLabel API is not yet available",
"innerError": {
"date": "2022-09-29T16:30:30",
"request-id": "edd756cc-12f2-4781-ba07-004d601f42a0",
"client-request-id": "edd756cc-12f2-4781-ba07-004d601f42a0"
}

(https://graph.microsoft.com/beta/drives/DriveID/items/ItemID/microsoft.graph.extractSensitivityLabel) - This works very well using the same token and other permission levels. 

Please help.