Part of my regular work day-to-day is often repeating the same processes repeatedly, for example, training Microsoft 365 Administrators, deploying Teams Policies, Data Loss Prevention Policies, or general Microsoft 365 Configuration. To assist me in the process, I like to create base policies and scripts for faster deployment.

I have recently been deploying core Compliance features within Microsoft 365 and decided to use PowerShell. My last few posts have focused on using the Microsoft Graph PowerShell to create varying configurations and policies. 

This post is no different and will focus on creating Sensitivity Labels and Policies using the Exchange Online PowerShell module. Creating Sensitivity Labels and Policies requires two actions; creation of the label and publishing the label as a policy.

Firstly, we need to install the Exchange Online PowerShell module. It is completed by installing and then importing the module using the following commands:

Install-Module ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement

Next, you can sign in to the Security and Compliance components using the command “Connect-IPPSSession.”

Create a Sensitivity Label

A Sensitivity label contains all of the settings required for applying to content such as documents and emails. Items such as watermarking and permissions get set within the label. The most straightforward approach is to create a blank label, then update the label with the specifics required.

$labelname = "Demo Label"
$labeldescription = "Demo Label Created Using PowerShell"
$tooltip = "Demo Tooltip"

$label = New-Label `
            -DisplayName $labelname `
            -Name $labelname `
            -Comment $labeldescription `
            -Tooltip $tooltip

Set-Label `
    -Identity $label.Id `
    -LabelActions '{

Set-Label `
    -Identity $label.Id `
    -LabelActions '{

Set-Label `
    -Identity $label.Id `
    -LabelActions '{

With the label created, we can now publish the label, which makes the label policy. As with the label, we create the basic policy then update it as required.

$labelpolicyname = "Demo Label Policy"
$policy = New-LabelPolicy `
			-Name $labelpolicyname `
			-Labels $label.DisplayName

Set-LabelPolicy `
	-Identity $policy.Id `
	-AddExchangeLocation "All" `
	-AddOneDriveLocation "All" `
	-AddSharePointLocation "All" `
	-AdvancedSettings @{ AttachmentAction = "Automatic" } `
	-Settings '{

With the label and label policy created, it is available to apply to content and sites as needed. You can utilize auto-labeling policies along with the standard label policies.

$autolabelpolicyname = "Demo Auto Label Policy"
$autolabelpolicydescription = "Demo Auto Label Policy Created Using PowerShell"
$site = ""
$mode = "TestWithoutNotifications"

New-AutoSensitivityLabelPolicy `
	-Name $autolabelpolicyname `
	-Comment $autolabelpolicydescription `
	-SharePointLocation $site `
	-Mode TestWithoutNotifications `
	-ApplySensitivityLabel $label.DisplayName

These commands are straightforward to update to read from a CSV file of values and create multiple labels and policies as required. The existing PowerShell commands need wrapping in a loop; for example like this:

$sampledata = '{
		"LabelName":"Label 1",
		"LabelDescription":"Label 1 - Created with PowerShell",
		"LabelTooltip":"Label 1 Tooltip"
		"LabelName":"Label 2",
		"LabelDescription":"Label 2 - Created with PowerShell",
		"LabelTooltip":"Label 2 Tooltip"

$labels = $sampledata | ConvertFrom-Json

foreach($label in $labels)
	$createlabel = New-Label `
            				-DisplayName $label.LabelName `
            				-Name $label.LabelName `
            				-Comment $label.LabelDescription `
            				-Tooltip $label.LabelTooltip