IvanWilson's avatar
IvanWilson
Iron Contributor
Aug 25, 2022
Status:
New

Allow Sensitivity Labels to be assigned to Groups using application-only permissions

We want to generate Microsoft 365 Groups using an Azure Function. We want to assign a Sensitivity Label to the new group. However, Microsoft Graph does not support updating the "assignedLabels" prope...
Microsoft Graph
Toni_Pohl's avatar
Toni_Pohl
Brass Contributor
Jun 06, 2024

Hey, Graph-team,

 

it's June 2024 and Graph still lacks the ability to assign sensitivity labels (assignedLabels) to a group via app permissions. Neither the post method nor the patch method work with app permissions. 

 

POST https://graph.microsoft.com/v1.0/groups

 

{ 
	"template(at)odata.bind": "https://graph.microsoft.com/v1.0/teamsTemplates('standard')",	
	"displayName": "Team1", 
	"description": "Team1 test with assigned labels and app permissions.", 
	"assignedLabels": [ 
		{ "labelId": "07780fe0-e4f4-4695-9a8f-6e118a586cc1" } 
	] 
}

 

 

 

This returns an error:

 

"error":{ "code":"Unauthorized","message":"App-only token is not supported.",... }

 

 

There is only a hint at the "Update group" documentation 

https://learn.microsoft.com/en-us/graph/api/group-update?view=graph-rest-1.0&tabs=http

at the end: "Application permissions are not supported when updating assignedLabels." (BTW, this info is missing in the create group documentation.)

Such assignments only work with Delegated permissions.

 

I see no reason why the assignment of assignedLabels to a group should not be done by an app. Does Microsoft see a relevant reason for this, or is this just a to do-task at the end of the roadmap?

 

Our customers would like to be able to programmatically add sensitivity labels to new teams in our apps. 

Graph-team, could you please add this simple feature request to support app permissions to your roadmap?

 

Thx, Toni