Trying to update Sensitivity Label on Group with MG Powershell

Question

I am using the following code to update the label on a M365 group:

$appid = "00-5269-40e5-b077-blaaa"
$tenantid = "00-5624-44cc-b2bc-00"
$secret = "375624~j"
 
$body =  @{
    Grant_Type    = "client_credentials"
    Scope         = "https://graph.microsoft.com/.default"
    Client_Id     = $appid
    Client_Secret = $secret
}
 
$connection = Invoke-RestMethod `
    -Uri https://login.microsoftonline.com/$tenantid/oauth2/v2.0/token `
    -Method POST `
    -Body $body
 
$token = $connection.access_token
Connect-MgGraph -AccessToken $token 
    $assignedLabels = @(
                        @{"LabelId"="ee8bd8b1-0e71-42bc-b2f4-9b3308540334"}
                        )
Update-MgGroup -GroupId 062179bc-55b3-45bb-8432-c97e2c243603 -AssignedLabels $assignedLabels

It works if I update e.g. DisplayName:

Update-MgGroup -GroupId 6247f0e9-e9b2-461c-bd8e-0559abc68133 -DisplayName "ChangedDisplayName"

but with the label I get:

Update-MgGroup : {
  "@odata.context":"https://substrate.office.com:444/CompliancePolicy/$metadata#Microsoft.Exchange.Compliance.Policy.Environment.MicrosoftGraphException","error":{
    "code":"Unauthorized","message":"App-only token is not supported.","innerError":{
      "request-id":"6276e374-eb02-427a-822c-d704a8295a89","date":null

Am I missing some permissions? Should I use a different command? Or assign a Graph some permission to my app id?

Answer 1

Hello Ano Acco,

Thanks for reaching out!

As per my research, it seems app-only permission is not supported. You can upvote this existing feature request idea- https://feedbackportal.microsoft.com/feedback/idea/4763fd6d-6b64-ed11-a81b-000d3a045ff7

Reference:

https://github.com/microsoftgraph/msgraph-beta-sdk-dotnet/issues/132

Hope this helps.

If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.