How to retrieve all sensitivity label policies with app permissions

Question

Hi all,

I am working with Microsoft Purview Information Protection and using the Graph API to retrieve data regarding sensitivity labels and label policies. I have a few questions about this process.

I am using this API: Get informationProtectionPolicySetting with an Entra ID App and the permission InformationProtectionPolicy.Read.All.

However, I am only able to retrieve one policy, despite having created 11 policies. The information returned is also quite limited.

My questions are:

1. Do I need to set up the labels to be available to my Entra Id Application in order to retrieve them? If yes, could you guide me on how to do this? In the policy setting scope, I only see options for groups and users.
2. Are there any additional permissions required to retrieve all policies?

Additionally, I noticed there is a REST API for getting policies: List Information Protection Policies. Is this related to the policies I am working on? I only seem to get a list that looks like the default Microsoft policies.

Thank for your help.

Answer 1

That endpoint does not return all label policies, in fact no Graph API endpoint can do that currently. The only supported way to do so is via PowerShell and the Get-LabelPolicy cmdlet: https://learn.microsoft.com/en-us/powershell/module/exchange/get-labelpolicy?view=exchange-ps

If you are fine with using an unsupported solution, you can query the REST API that powers the cmdlet.