The current portal-based approach to creating sensitivity labels and associated policies is not useful when developing applications that work with hundreds (or more) tenants. There are a number of API's used by the compliance portal (from https://compliance.microsoft.com/apiproxy and https://compliance.microsoft.com/api) that the portal uses. These should either be documented for public use or rolled into the graph API.