How to retrieve all sensitivity label policies with app permissions

Hai Vo 0 Reputation points
2024-09-21T03:39:52.82+00:00

Hi all,

I am working with Microsoft Purview Information Protection and using the Graph API to retrieve data regarding sensitivity labels and label policies. I have a few questions about this process.

I am using this API: Get informationProtectionPolicySetting with an Entra ID App and the permission InformationProtectionPolicy.Read.All.

However, I am only able to retrieve one policy, despite having created 11 policies. The information returned is also quite limited.

My questions are:

  1. Do I need to set up the labels to be available to my Entra Id Application in order to retrieve them? If yes, could you guide me on how to do this? In the policy setting scope, I only see options for groups and users.
  2. Are there any additional permissions required to retrieve all policies?

Additionally, I noticed there is a REST API for getting policies: List Information Protection Policies. Is this related to the policies I am working on? I only seem to get a list that looks like the default Microsoft policies.

Thank for your help.

Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
538 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 105.7K Reputation points MVP
    2024-09-21T15:20:48.5533333+00:00

    That endpoint does not return all label policies, in fact no Graph API endpoint can do that currently. The only supported way to do so is via PowerShell and the Get-LabelPolicy cmdlet: https://learn.microsoft.com/en-us/powershell/module/exchange/get-labelpolicy?view=exchange-ps

    If you are fine with using an unsupported solution, you can query the REST API that powers the cmdlet.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.