@@ -16,29 +16,8 @@ function Set-CIPPSensitivityLabel {
1616 $Headers
1717 )
1818
19- $LabelAllowedFields = @ (
20- ' Name' , ' DisplayName' , ' Comment' , ' Tooltip' , ' ParentId' ,
21- ' Disabled' , ' ContentType' , ' Priority' ,
22- ' EncryptionEnabled' , ' EncryptionProtectionType' , ' EncryptionRightsDefinitions' ,
23- ' EncryptionContentExpiredOnDateInDaysOrNever' , ' EncryptionDoNotForward' ,
24- ' EncryptionEncryptOnly' , ' EncryptionOfflineAccessDays' ,
25- ' EncryptionPromptUser' , ' EncryptionAESKeySize' ,
26- ' ContentMarkingHeaderEnabled' , ' ContentMarkingHeaderText' ,
27- ' ContentMarkingHeaderFontSize' , ' ContentMarkingHeaderFontColor' , ' ContentMarkingHeaderAlignment' ,
28- ' ContentMarkingFooterEnabled' , ' ContentMarkingFooterText' ,
29- ' ContentMarkingFooterFontSize' , ' ContentMarkingFooterFontColor' , ' ContentMarkingFooterAlignment' ,
30- ' ContentMarkingFooterMargin' ,
31- ' ContentMarkingWatermarkEnabled' , ' ContentMarkingWatermarkText' ,
32- ' ContentMarkingWatermarkFontSize' , ' ContentMarkingWatermarkFontColor' , ' ContentMarkingWatermarkLayout' ,
33- ' ApplyContentMarkingHeaderEnabled' , ' ApplyContentMarkingFooterEnabled' , ' ApplyWaterMarkingEnabled' ,
34- ' SiteAndGroupProtectionEnabled' , ' SiteAndGroupProtectionPrivacy' ,
35- ' SiteAndGroupProtectionAllowAccessToGuestUsers' ,
36- ' SiteAndGroupProtectionAllowEmailFromGuestUsers' ,
37- ' SiteAndGroupProtectionAllowFullAccess' ,
38- ' SiteAndGroupProtectionAllowLimitedAccess' ,
39- ' SiteAndGroupProtectionBlockAccess' ,
40- ' Conditions' , ' AdvancedSettings' , ' Settings' , ' LocaleSettings'
41- )
19+ # Valid New-Label/Set-Label parameter names (single source of truth, shared with the template endpoint).
20+ $LabelAllowedFields = Get-CIPPSensitivityLabelField
4221 $PolicyAllowedFields = @ (
4322 ' Name' , ' Comment' , ' Labels' , ' AdvancedSettings' , ' Settings' ,
4423 ' ExchangeLocation' , ' ExchangeLocationException' ,
@@ -50,10 +29,20 @@ function Set-CIPPSensitivityLabel {
5029 $PolicyLocationFields = $PolicyAllowedFields | Where-Object { $_ -like ' *Location*' }
5130 $LabelPolicyAddPrefixed = @ (' Labels' ) + $PolicyLocationFields
5231
53- $LabelParams = Format-CIPPCompliancePolicyParams - Source $Template - AllowedFields $LabelAllowedFields
32+ # Normalize the read shape (Get-Label LabelActions) into the flat New-/Set-Label parameter shape.
33+ # Flat manual JSON authored against the deploy schema passes through unchanged.
34+ $NormalizedLabel = ConvertTo-CIPPSensitivityLabelParams - Label $Template
35+ $LabelParams = Format-CIPPCompliancePolicyParams - Source $NormalizedLabel - AllowedFields $LabelAllowedFields
5436 $PolicySource = $Template.PolicyParams
5537 $LabelName = $LabelParams.Name
5638
39+ # Priority is valid on Set-Label but not New-Label, so it is applied via a dedicated Set-Label call below.
40+ $LabelPriority = $null
41+ if ($LabelParams.ContainsKey (' Priority' )) {
42+ $LabelPriority = $LabelParams [' Priority' ]
43+ $LabelParams.Remove (' Priority' )
44+ }
45+
5746 try {
5847 $ExistingLabels = try { New-ExoRequest - tenantid $TenantFilter - cmdlet ' Get-Label' - Compliance | Select-Object Name, DisplayName } catch { @ () }
5948 $ExistingLabelPolicies = try { New-ExoRequest - tenantid $TenantFilter - cmdlet ' Get-LabelPolicy' - Compliance | Select-Object Name } catch { @ () }
@@ -69,6 +58,17 @@ function Set-CIPPSensitivityLabel {
6958 $LabelAction = " Created sensitivity label '$LabelName ' in $TenantFilter ."
7059 }
7160
61+ # Priority is Set-Label only (not a New-Label parameter) and is tenant-relative: a value valid in the
62+ # source tenant can be out of range in the target. Apply it best-effort so an invalid priority never
63+ # masks an otherwise successful label deployment.
64+ if ($null -ne $LabelPriority ) {
65+ try {
66+ $null = New-ExoRequest - tenantid $TenantFilter - cmdlet ' Set-Label' - cmdParams @ { Identity = $LabelName ; Priority = $LabelPriority } - Compliance - useSystemMailbox $true
67+ } catch {
68+ Write-LogMessage - headers $Headers - API $APIName - tenant $TenantFilter - message " Deployed sensitivity label '$LabelName ' but could not set priority $LabelPriority in $ ( $TenantFilter ) : $ ( $_.Exception.Message ) " - sev Warning
69+ }
70+ }
71+
7272 if ($PolicySource ) {
7373 $PolicyHash = Format-CIPPCompliancePolicyParams - Source $PolicySource - AllowedFields $PolicyAllowedFields
7474 if (-not $PolicyHash.ContainsKey (' Labels' ) -or -not $PolicyHash [' Labels' ]) {
0 commit comments