Classifications for Office365 Groups and Microsoft Teams
These commands are a part of the Azure Active Directory Powershell V2 module.
Install the AzureAD or the AzureADPreview Module
1 |
Install-Module AzureAD |
1 |
Install-Module AzureADPreview |
Connect to Azure AD
1 2 3 |
Connect-AzureAD # If you have both modules installed and want to connect using AzureADPreview AzureADPreview\Connect-AzureAD |
Verify if the Directory Settings exists
1 |
Get-AzureADDirectorySetting |
If no result, the settings are not created and you will need to create it first.
Creating the Classifications if no Directory Settings exists
1 2 3 4 5 6 |
$AzureADDirectorySettingTemplateId = Get-AzureADDirectorySettingTemplate | where {$_.DisplayName -like "Group.Unified"} | Select-Object Id $Template = Get-AzureADDirectorySettingTemplate -Id $AzureADDirectorySettingTemplateId.Id $TemplateSetting = $Template.CreateDirectorySetting() # Change the value for ClassificationList to suite your Classifications $TemplateSetting["ClassificationList"] = "Internal,External,Confidential" New-AzureADDirectorySetting -DirectorySetting $TemplateSetting |
1 2 |
# Verify your new Values (Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id).Values |
Creating the Classifications if Directory Settings exists
1 2 3 4 5 |
$AzureADDirectorySettingId= Get-AzureADDirectorySetting | where {$_.DisplayName -like "Group.Unified"} | Select-Object Id $DirectorySetting = Get-AzureADDirectorySetting –Id $AzureADDirectorySettingId.id # Change the value for ClassificationList to suite your Classifications $DirectorySetting["ClassificationList"] = "Internal,External,Confidential" Set-AzureADDirectorySetting -Id $AzureADDirectorySettingId.id -DirectorySetting $DirectorySetting |
1 2 |
# Verify your new Values (Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id).Values |
Configuring the Default Classification for Office365 Groups
1 2 3 4 5 6 7 8 |
$AzureADDirectorySettingId= Get-AzureADDirectorySetting | where {$_.DisplayName -like "Group.Unified"} | Select-Object Id $DirectorySetting = Get-AzureADDirectorySetting –Id $AzureADDirectorySettingId.id # Change the value for DefaultClassification to define your default Classification $DirectorySetting["DefaultClassification"] = "Internal" Set-AzureADDirectorySetting -Id $AzureADDirectorySettingId.id -DirectorySetting $DirectorySetting # Verify your new Values (Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id).Values |
Manually assign Classifications to Office365 Groups.
This will require Exchange Online Powershell Module.
I recommend to install the latest Exchange Online Powershell Module that support Modern Authentication.
1 2 3 4 5 |
# Connect to Exchange Online Import-Module $((Get-ChildItem -Path $($env:LOCALAPPDATA+"\Apps\2.0") -Filter Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse ).FullName|?{$_ -notmatch "_none_"}|select -First 1) # Change the UserPrincipalName to match your own Identity Import-PSSession $EXOSession |
1 2 |
# Change the value of Classification to suite your classification Set-UnifiedGroup -Identity 'Office365 Group' -Classification:Internal |
If you try to configure a Classification that is not defined in the “ClassificationList”
1 |
Set-UnifiedGroup -Identity 'Office365 Group' -Classification:Test |
DataClassification provided is not supported. Valid values are “Internal,External,Confidential”.
Creating a new Office365 Group / Microsoft Teams
Now you will see a new option when creating Office365 Groups/Microsoft Teams and you can now select Classifications
Office365 Group for this Microsoft Team is classified as External.
Disclaimer: All scripts and references on this blog are offered “as is” with no warranty. These scripts are tested in my environment, it is recommended that it is tested in a test environment before using in production.
Hi,
Thanks a lot for these Infos. Was extremely Helpful! Somehow when I Use your Script pieces to update my Classification List, it didn’t work and I always got an “Empty Array” error.
There is a Typo in the Script to Update the Current Classification Values -> in Section “Creating the Classifications if Directory Settings exists”
Line 2, the Parameter “$Direc_orySettings”, the t is missing, which causes it to be considered as another variable, abviously 😉
Thanks Again!
Hi,
No problem. Thanks for the heads up.
I’ve updated the Line!
/Joachim
How can I use these labels in a policy?