InformationProtection labels graph API not returning labels created in compliance center

Question

Hi,

I am using the graph API to retrieve information protection labels.

I have noticed that new labels that I have made in the compliance center:

https://compliance.microsoft.com/informationprotection?viewid=sensitivitylabels

do not appear when I call the following graph API

https://graph.microsoft.com/beta/informationprotection/policy/labels

Is there an alternative API I should be using to retrieve the labels including those created in the compliance centre?

Thanks

Answer 1

Same API and getting following error,

{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"date": "2021-05-17T11:27:54",
"request-id": "6b3c3be1-b911-4f82-b898-0b919f0225cd",
"client-request-id": "6b3c3be1-b911-4f82-b898-0b919f0225cd"
}
}
}

Answer 2

Hi @tcelebi,

You will get this error if you are using endpoint "/beta/informationProtection/policy/labels" then you need to provide InformationProtectionPolicy.Read.All (in Application) permissions to your application. This is not available for Delegated permissions.

Please let me know if you have any other questions.

Thanks
Saurabh

Answer 3

@Saurabh Sharma there is a problem with the documentation for 'informationProtection/policy/labels' method

you need to provide InformationProtectionPolicy.Read.All (in Application) permissions to your application. This is not available for Delegated permissions.

This is not clear in the documentation 'https://learn.microsoft.com/en-us/graph/api/informationprotectionpolicy-list-labels?view=graph-rest-beta&tabs=http'
There is no mention that application permissions are required to access all the labels available to a tenant.