Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
List the sensitivity labels available for the entire tenant.
This API is available in the following national cloud deployments.
| Global service |
US Government L4 |
US Government L5 (DOD) |
China operated by 21Vianet |
| ✅ |
❌ |
❌ |
❌ |
Permissions
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
| Permission type |
Least privileged permissions |
Higher privileged permissions |
| Delegated (work or school account) |
SensitivityLabel.Read |
SensitivityLabels.Read.All |
| Delegated (personal Microsoft account) |
Not supported. |
Not supported. |
| Application |
SensitivityLabel.Read |
SensitivityLabels.Read.All |
When using application permissions (SensitivityLabels.Read.All), the API returns all labels for the tenant by default.
HTTP request
Get labels available in the tenant:
GET /security/dataSecurityAndGovernance/sensitivityLabels
| Name |
Description |
| Authorization |
Bearer {token}. Required. Learn more about authentication and authorization. |
| Client-Request-Id |
Optional. A client-generated GUID to trace the request. Recommended for troubleshooting. |
Optional query parameters
This method supports some of the OData query parameters to help customize the response. For general information, see OData query parameters.
Request body
Don't supply a request body for this method.
Response
If successful, this method returns a 200 OK response code and a collection of sensitivityLabel objects in the response body.
Examples
Get tenant labels filtered by content format and ID with an application permission.
Request
The following example shows a request to get labels for the tenant, filtered for the File content format and specific IDs.
GET https://graph.microsoft.com/beta/security/dataSecurityAndGovernance/sensitivityLabels?$filter=applicableTo has 'File' and id in ('4e4234dd-377b-42a3-935b-0e42f138fa23','b7a21bba-8197-491f-a5d6-0d0f955397ca')
Authorization: Bearer {token}
Client-Request-Id: a0b9c8d7-e6f5-a4b3-c2d1-e0f9a8b7c6d5
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.DataSecurityAndGovernance.SensitivityLabels.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Filter = "applicableTo has 'File' and id in ('4e4234dd-377b-42a3-935b-0e42f138fa23','b7a21bba-8197-491f-a5d6-0d0f955397ca')";
requestConfiguration.Headers.Add("Authorization", "Bearer {token}");
requestConfiguration.Headers.Add("Client-Request-Id", "a0b9c8d7-e6f5-a4b3-c2d1-e0f9a8b7c6d5");
});
mgc-beta security data-security-and-governance sensitivity-labels list --filter "applicableTo has 'File' and id in ('4e4234dd-377b-42a3-935b-0e42f138fa23','b7a21bba-8197-491f-a5d6-0d0f955397ca')"
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
abstractions "github.com/microsoft/kiota-abstractions-go"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphsecurity "github.com/microsoftgraph/msgraph-beta-sdk-go/security"
//other-imports
)
headers := abstractions.NewRequestHeaders()
headers.Add("Authorization", "Bearer {token}")
headers.Add("Client-Request-Id", "a0b9c8d7-e6f5-a4b3-c2d1-e0f9a8b7c6d5")
requestFilter := "applicableTo has 'File' and id in ('4e4234dd-377b-42a3-935b-0e42f138fa23','b7a21bba-8197-491f-a5d6-0d0f955397ca')"
requestParameters := &graphsecurity.DataSecurityAndGovernanceSensitivityLabelsRequestBuilderGetQueryParameters{
Filter: &requestFilter,
}
configuration := &graphsecurity.DataSecurityAndGovernanceSensitivityLabelsRequestBuilderGetRequestConfiguration{
Headers: headers,
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
sensitivityLabels, err := graphClient.Security().DataSecurityAndGovernance().SensitivityLabels().Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
SensitivityLabelCollectionResponse result = graphClient.security().dataSecurityAndGovernance().sensitivityLabels().get(requestConfiguration -> {
requestConfiguration.queryParameters.filter = "applicableTo has 'File' and id in ('4e4234dd-377b-42a3-935b-0e42f138fa23','b7a21bba-8197-491f-a5d6-0d0f955397ca')";
requestConfiguration.headers.add("Authorization", "Bearer {token}");
requestConfiguration.headers.add("Client-Request-Id", "a0b9c8d7-e6f5-a4b3-c2d1-e0f9a8b7c6d5");
});
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Security\DataSecurityAndGovernance\SensitivityLabels\SensitivityLabelsRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new SensitivityLabelsRequestBuilderGetRequestConfiguration();
$headers = [
'Authorization' => 'Bearer {token}',
'Client-Request-Id' => 'a0b9c8d7-e6f5-a4b3-c2d1-e0f9a8b7c6d5',
];
$requestConfiguration->headers = $headers;
$queryParameters = SensitivityLabelsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "applicableTo has 'File' and id in ('4e4234dd-377b-42a3-935b-0e42f138fa23','b7a21bba-8197-491f-a5d6-0d0f955397ca')";
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->security()->dataSecurityAndGovernance()->sensitivityLabels()->get($requestConfiguration)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.security.data_security_and_governance.sensitivity_labels.sensitivity_labels_request_builder import SensitivityLabelsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = SensitivityLabelsRequestBuilder.SensitivityLabelsRequestBuilderGetQueryParameters(
filter = "applicableTo has 'File' and id in ('4e4234dd-377b-42a3-935b-0e42f138fa23','b7a21bba-8197-491f-a5d6-0d0f955397ca')",
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
request_configuration.headers.add("Authorization", "Bearer {token}")
request_configuration.headers.add("Client-Request-Id", "a0b9c8d7-e6f5-a4b3-c2d1-e0f9a8b7c6d5")
result = await graph_client.security.data_security_and_governance.sensitivity_labels.get(request_configuration = request_configuration)
Response
The following example shows the response containing only the labels matching the filters.
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#security/dataSecurityAndGovernance/sensitivityLabel",
"value": [
{
"id": "4e4234dd-377b-42a3-935b-0e42f138fa23",
"name": "General",
"description": "General data, not for public use.",
"color": "#000000",
"priority": 10,
"toolTip": "Apply this label to general non-public data.",
"isEnabled": true,
"isEndpointProtectionEnabled": true,
"autoTooltip": "",
"actionSource": "manual",
"applicableTo": "email,teamwork,file",
"sublabels": []
}
]
}