SensitivityLabel.Evaluate

Allow the app to determine if there is any sensitivity label to be applied automatically to the content or recommended to the user for manual application, on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the SensitivityLabel.Evaluate permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	57f0b71b-a759-45a0-9a0f-cc099fbd9a44	a4633e44-d355-4474-99df-8c2de6b0e39e
DisplayText	Evaluate sensitivity labels	Evaluate sensitivity labels
Description	Allow the app to determine if there is any sensitivity label to be applied automatically to the content or recommended to the user for manual application, without a signed-in user.	Allow the app to determine if there is any sensitivity label to be applied automatically to the content or recommended to the user for manual application, on behalf of the signed-in user.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	GET /security/dataSecurityAndGovernance/sensitivityLabels/computeInheritance
	POST /security/dataSecurityAndGovernance/sensitivityLabels/computeRightsAndInheritance

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: computeRightsAndInheritanceResult

Graph reference: protectedContent

Property	Type	Description
cid	String	The content id
format	String	The content format.
labelId	String	The unique identifier for the sensitivity label applied to the content.

Graph reference: sensitivityLabel

Property	Type	Description
actionSource	microsoft.graph.security.labelActionSource	Indicates the source of the action that resulted in the label being applied. Possible values are: `manual`, `automatic`, `recommended`, `none`.
autoLabeling	autoLabeling	The auto-labeling configuration for the label.
applicableTo	microsoft.graph.security.sensitivityLabelTarget	Specifies the workloads where the label can be applied. Possible values: `email`, `site`, `unifiedGroup`, `teamwork`, `file`, `schematizedData`.
applicationMode	microsoft.graph.security.applicationMode	Specifies how the label should be applied or recommended. Possible values are: `manual`, `automatic`, `recommended`.
assignedPolicies	labelPolicy collection	The collection of label policies that are assigned to the label.
autoTooltip	String	The tooltip displayed to users for recommended or automatically applied labels.
color	String	The color that the UI should display for the label, if configured.
contentFormats	String collection	Returns the supported content formats for the label.
description	String	The admin-defined description for the label.
displayName	String	The display name of the sensitivity label.
hasProtection	Boolean	Indicates whether the label has protection actions configured.
id	String	The label ID is a globally unique identifier (GUID).
isActive	Boolean	Indicates whether the label is active or not. Active labels should be hidden or disabled in the UI.
isAppliable	Boolean	Indicates whether the label can be applied to content. `False` if the label is a parent with child labels.
isDefault	Boolean	`true` if the label is the default label for the policy; `false` otherwise.
isEnabled	Boolean	`true` if the label is currently enabled; `false` otherwise.
isEndpointProtectionEnabled	Boolean	`true` if the label provides protection settings enforced by endpoint Data Loss Prevention; `false` otherwise.
isScopedToUser	Boolean	Indicates if the label is scoped to specific users or groups (`true`) or available to the entire tenant (`false`).
labelActions	labelActionBase collection	The actions that are associated with the label.
locale	String	The locale associated with the label's localized properties (for example, 'en-US'). Used in context of listing labels scoped to user/locale.
name	String	The plaintext name of the label.
priority	Int32	The priority of the label. Lower numbers indicate higher priority.
sensitivity	Int32	The sensitivity value of the label, where lower is less sensitive.
tooltip	String	The tooltip that should be displayed for the label in a UI.

Table of Contents

SensitivityLabel.Evaluate

Graph Methods

Resources