Skip to content

Data-35017: Default label configured for sensitivity labels #766

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
aahmed-spec wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Data-35017: Default label configured for sensitivity labels #766

aahmed-spec wants to merge 4 commits into from

Conversation

@aahmed-spec
Copy link
Collaborator

@aahmed-spec aahmed-spec commented Jan 12, 2026

No description provided.

sandeepjha000
sandeepjha000 reviewed Jan 13, 2026
View reviewed changes
sandeepjha000
sandeepjha000 reviewed Jan 13, 2026
View reviewed changes
@aahmed-spec aahmed-spec self-assigned this Jan 14, 2026
@aahmed-spec aahmed-spec marked this pull request as ready for review January 27, 2026 10:34
@alexandair alexandair requested a review from Copilot January 27, 2026 10:46
Copilot AI reviewed Jan 27, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request adds a new assessment test (Test-Assessment-35017) that validates whether sensitivity label policies have default labels configured for various Microsoft 365 workloads. The test checks for default label configuration across documents/emails, Outlook, Power BI, and SharePoint/Microsoft 365 Groups, helping organizations ensure consistent baseline data classification.

Changes:

  • Adds Test-Assessment.35017.ps1 with logic to assess default label configuration across multiple workloads
  • Adds Test-Assessment.35017.md with remediation guidance for configuring default sensitivity labels
  • Introduces Get-LabelPolicySettings.ps1 as a shared helper function for parsing sensitivity label policy XML settings, designed for reuse across multiple tests (35016, 35017, etc.)

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File Description
src/powershell/tests/Test-Assessment.35017.ps1 Main test function that retrieves enabled label policies, validates default label IDs, determines policy scope, and generates detailed reports with pass/fail status
src/powershell/tests/Test-Assessment.35017.md Documentation explaining the importance of default labels, remediation steps, and Microsoft Learn reference links
src/powershell/private/tests-shared/Get-LabelPolicySettings.ps1 Shared helper function that parses PolicySettingsBlob XML to extract default label settings and mandatory labeling configurations for multiple workloads

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

alexandair
alexandair requested changes Jan 28, 2026
View reviewed changes
Copy link
Collaborator

@alexandair alexandair left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aahmed-spec Please, address my feedback.

src/powershell/tests/Test-Assessment.35017.ps1 Outdated
param()

#region Helper Functions
function Test-ValidLabelId {
Copy link
Collaborator

@alexandair alexandair Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This helper function is an overkill. We don't need the whole function for checking if the label ID is valid GUID.
This is enough:

        $guid = [System.Guid]::Empty
        return [System.Guid]::TryParse($VALUEWEARECHECKING, [ref]$guid)

That code already cover cases when value is $null or empty string:

PS> $labelid = $null
PS>         $guid = [System.Guid]::Empty
PS>         return [System.Guid]::TryParse($LabelId, [ref]$guid)
False

PS> $labelid = ''
PS>         $guid = [System.Guid]::Empty
PS>         return [System.Guid]::TryParse($LabelId, [ref]$guid)
False

Copy link
Collaborator Author

@aahmed-spec aahmed-spec Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@alexandair I have made the changes, let me know if it looks good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@sandeepjha000 sandeepjha000 sandeepjha000 left review comments

@alexandair alexandair alexandair requested changes

@SagarSathe SagarSathe Awaiting requested review from SagarSathe

@tdetzner tdetzner Awaiting requested review from tdetzner

Requested changes must be addressed to merge this pull request.

Assignees

@aahmed-spec aahmed-spec

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@aahmed-spec @alexandair @sandeepjha000