Select Page

How to set Site Classifications in Office365

Posted by | Feb 16, 2019 | , | 0 |

How to set Site Classifications in Office365

There are various ways to enable and manage site classifications in Office365. These include Azure AD Powershell cmdlets, Microsoft Graph API, PnP CSOM and ProvisionPoint. This article explores each of these different options.

Introduction

First, we’ll look at what site classifications are in Office365. According to the SharePoint “modern” sites classification article:

The goal of site classification is to allow managing clusters of sites based on their classification from a governance and compliance perspective, as well as to automate governance processes based on site classification.

When creating a modern site in Office365, aspects of site classifications are surfaced in a number of areas. The screen shot below shows the different areas and the setting that controls them.

sharepoint create site with classification

Clicking on the info icon on the ‘How sensitive is your data?’ label opens the classification information panel as shown below.

sharepoint create site with classification descriptions

When a modern site has been created, the site classification information is surfaced in a number of areas as shown below.

sharepoint site with classification

Now we’ll look at the four approaches mentioned earlier for enabling site classification on an Office365 tenant. The first three approaches for setting the site classifications described here (Azure AD Powershell cmdlets, Microsoft Graph API and PnP CSOM) require a reasonable level of technical knowledge in either PowerShell, Graph API or C#. While the final option (ProvisionPoint) simply requires business knowledge as the technical implementation is hidden behind the UI.

The general approach used for each of the options is the same. The high level steps are as follows:

  1. Get the directory setting for ‘Group.Unified’
  2. If the setting doesn’t exist, get the setting template for ‘Group.Unified’ and use it to create the default setting values.
  3. Update the relevant setting property or properties
  4. Save the setting
  5. Optionally – Remove the setting

In order to set the site classification values, the following properties can be set:

ClassificationList
DefaultClassification
ClassificationDescriptions
UsageGuidelinesUrl

That all sounds straight forward, and it is. However, there are a few aspects to bear in mind with the detail…

Azure AD Powershell cmdlets

This approach for setting the classifications is described in detail in the Microsoft Azure documentation for Azure Active Directory cmdlets for configuring group settings. There are 5 cmdlets that cover the high level steps described earlier. These are as follows:

Get-AzureADDirectorySetting
Get-AzureADDirectorySettingTemplate
New-AzureADDirectorySetting
Set-AzureADDirectorySetting
Remove-AzureADDirectorySetting

This is a great option for setting site classifications if you’re comfortable with PowerShell and can follow the Microsoft article or if PowerShell is your main admin tool.

Microsoft Graph API

To use the Graph API to set the site classifications, you’ll need to piece together the different calls to cover the high level steps described earlier. The simplest way to get started here is to use the Graph Explorer.

First, send a GET request to the groupSettings endpoint.

GET https://graph.microsoft.com/v1.0/groupSettings

This endpoint does not support the OData $filter attribute so you’ll need to get all the settings and find the one with a displayName of ‘Group.Unified’.

If the group setting doesn’t exist for ‘Group.Unified’, send a GET request to the groupSettingTemplates endpoint to get the template to use for the default values.

GET https://graph.microsoft.com/v1.0/groupSettingTemplates

Again, this endpoint does not support $filter so get whole list and find the ‘Group.Unified’ template. You’ll need to construct a new groupSetting object from the template values to use in the next call. Now send a POST request to the groupSettings endpoint with the new groupSetting object in the body. Now repeat the first step to get the groupSetting for ‘Group.Unified’.

In the groupSetting response, find the setting values with the names we want to set and change them as required. For example, the ClassificationList (values for demonstration purposes only):

{
"name": "ClassificationList",
"value": "Low,Medium,High"
}

With the groupSetting values updated as required, send a PATCH request to the groupSettings endpoint. Note that the complete groupSetting object will need to be sent in the body, not just the updated values.

PATCH https://graph.microsoft.com/v1.0/groupSettings/the-id-of-the-group-setting-to-update

PnP CSOM

This approach for setting the classifications is described in detail in the Microsoft SharePoint documentation for SharePoint modern site classification. There are 4 extension methods on the tenant object that cover the high level steps described earlier. These are as follows:

GetSiteClassificationList
EnableSiteClassifications
UpdateSiteClassificationSettings
DisableSiteClassifications

This is a great option for setting site classifications if you’re comfortable with C# and CSOM and can follow the Microsoft article or if you want to use PowerShell to wrap up CSOM calls.

Generally though, this is a handy approach if you already have a C# application and want to integrate setting site classifications into it quickly.

ProvisionPoint Site Classifications

This approach is different from the previous 3 methods. This option uses a third party tool, ProvisionPoint to manage the configuration for us via it’s admin user interface.

In the ProvisionPoint app, we simply navigate to the group settings page as shown below.

provisionpoint site classification in Officeo365

On this screen, we can set the url for the usage guidance and the classification list. Each classification in the list has a value, a description and a flag to show if it is the default classification. Click save and you’re done, it really is that simple to manage site classifications using ProvisionPoint.

Conclusion

I’ve touched on four options for setting site classifications in Office 365. Each option sets the same settings but using a different method and there should be a method for everyone from deeply technical using C# code to not at all technical using a user interface to set site classifications in Office365. The advantage of using a third party tool such as ProvisionPoint is that site classifications can fit into the wider governance offering within the product.

Rate:

About The Author

Tom Eastham

Related Posts

Directory List for Microsoft Teams

Directory List for Microsoft Teams

November 29, 2018

building a people picker field for Office365 based applications

building a people picker field for Office365 based applications

December 23, 2018

SharePoint Site Provisioning

SharePoint Site Provisioning

November 29, 2018

Microsoft Teams Governance – Naming Conventions

Microsoft Teams Governance – Naming Conventions

December 27, 2018

Recent Comments