PowerShell: Fetch Files with Retention or Sensitivity Labels in SharePoint Online
Introduction
Understanding the sensitivity and retention labels applied to files in your SharePoint Online sites is essential for maintaining data security and compliance. These labels enable you to manage and protect your data by defining retention periods and handling sensitive information appropriately. This is particularly important for initiatives like the Microsoft 365 Copilot rollout, ensuring that the correct files are stored within the appropriate SharePoint sites. For example, if a SharePoint site is a public Team site, files labeled as confidential should be moved to a private Team site or existing Team site updated from public to private.
Why It Matters
- Security: Sensitivity labels help protect sensitive information from unauthorized access.
- Compliance: Retention labels ensure that your organization complies with legal and regulatory requirements for data retention.
- Audit: Regularly auditing these labels helps maintain data integrity and security.
Prerequisites
Before you begin, ensure you have the following:
- PnP PowerShell module installed and entra id app registration set up.
- Appropriate permissions to access the SharePoint sites, at least SharePoint site owner
PowerShell Script
Below is a PowerShell script that fetches all files in a specified SharePoint Online site that have retention or sensitivity labels applied.
The retntion label and sensitivity label are stored in the list item properties “_ComplianceTag” and “_DisplayName” respectively. The script iterates through all libraries excluding some libraries(Amend as approprite) within a site collection and Folders/Files to export a list of folders/files which have any labels applied.
Output of the script
The results are exported in CSV format:
Conclusion
The PowerShell script helps to effectively audit the retention and sensitivity labels applied to files within your SharePoint Online sites for compliance, security or aid in M365 Copilot rollout.