SensitivityLabel.Evaluate.All
Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated
Read
All Resources
Allows the app to evaluate all sensitivity label.
Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access
App-Only Access
Permission Details
Application Permission
Evaluate labels tenant scope.
Allows the app to evaluate all sensitivity label.
Permission ID:
986fa56a-6680-4aac-af09-4d1765376739
Delegated Permission
Admin consent required
Evaluate labels tenant scope.
Allows the app to evaluate all sensitivity label.
User sees: Evaluate labels tenant scope, on your behalf.
Permission ID:
a42e3c42-b31e-4919-b699-696dca5dc9e7
Properties
Microsoft Graph v1.0
exact-category
Properties is shown from stable Microsoft Graph v1.0 metadata.
| Property | Type | Description |
|---|---|---|
actionSource |
object |
|
autoTooltip |
stringNullable |
|
description |
stringNullable |
|
displayName |
stringNullable |
|
hasProtection |
booleanNullable |
|
id |
string |
The unique identifier for an entity. Read-only. |
isDefault |
booleanNullable |
|
isEndpointProtectionEnabled |
booleanNullable |
|
isScopedToUser |
booleanNullable |
|
locale |
stringNullable |
|
name |
stringNullable |
|
priority |
int32Nullable |
|
rights |
object |
|
sublabels |
sensitivityLabel collection |
|
toolTip |
stringNullable |
JSON Representation
Microsoft Graph v1.0
exact-category
JSON representation is shown from stable Microsoft Graph v1.0 metadata.
JSON representation
{
"actionSource": {
"sample": "value"
},
"autoTooltip": "String",
"description": "String",
"displayName": "String",
"hasProtection": true,
"id": "String",
"isDefault": true,
"isEndpointProtectionEnabled": true,
"isScopedToUser": true,
"locale": "String",
"name": "String",
"priority": 0,
"rights": {
"sample": "value"
},
"sublabels": [
{
"@type": "sensitivityLabel",
"id": "00000000-0000-0000-0000-000000000000"
}
],
"toolTip": "String"
}Relationships
Microsoft Graph v1.0
schema-derived
Relationships is shown from stable Microsoft Graph v1.0 metadata.
| Relationship | Type | Description |
|---|---|---|
sublabels |
sensitivityLabel collection |
Related sublabels data exposed by this resource. |
Graph Methods
Delegated access
App-only access
Exact Microsoft Learn match
Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
| Methods |
|---|
GET
/security/dataSecurityAndGovernance/sensitivityLabels/computeInheritance
|
POST
/security/dataSecurityAndGovernance/sensitivityLabels/computeRightsAndInheritance
|
Exact Microsoft Learn match
Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
| Methods |
|---|
GET
/security/dataSecurityAndGovernance/sensitivityLabels/computeInheritance
|
POST
/security/dataSecurityAndGovernance/sensitivityLabels/computeRightsAndInheritance
|
Exact Microsoft Learn PowerShell match
Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
| Commands |
|---|
Invoke-MgAndSecurityDataSecurityAndGovernanceSensitivityLabel
/security/dataSecurityAndGovernance/sensitivityLabels/computeRightsAndInheritance
sensitivityLabel: computeRightsAndInheritance
|
Exact Microsoft Learn PowerShell match
Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Code Examples
C# / .NET SDK
sensitivityLabel: computeRightsAndInheritance
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Security.DataSecurityAndGovernance.SensitivityLabels.ComputeRightsAndInheritance;
using Microsoft.Graph.Models;
var requestBody = new ComputeRightsAndInheritancePostRequestBody
{
DelegatedUserEmail = "String",
Locale = "String",
ProtectedContents = new List<ProtectedContent>
{
new ProtectedContent
{
OdataType = "microsoft.graph.protectedContent",
},
},
SupportedContentFormats = new List<string>
{
"String",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.DataSecurityAndGovernance.SensitivityLabels.ComputeRightsAndInheritance.PostAsync(requestBody);
JavaScript
sensitivityLabel: computeInheritance
const options = {
authProvider,
};
const client = Client.init(options);
let sensitivityLabel = await client.api('/security/dataSecurityAndGovernance/sensitivityLabels/computeInheritance(labelIds=["4e4234dd-377b-42a3-935b-0e42f138fa23"],locale='en-US',contentFormats=["File"])')
.header('Authorization','Bearer {token}')
.header('Client-Request-Id','c5e4d3b2-a1f0-e9d8-c7b6-a5e4d3b2a1f0')
.get();
PowerShell
sensitivityLabel: computeRightsAndInheritance
Import-Module Microsoft.Graph.Security
$params = @{
delegatedUserEmail = "String"
locale = "String"
protectedContents = @(
@{
"@odata.type" = "microsoft.graph.protectedContent"
}
)
supportedContentFormats = @(
"String"
)
}
Invoke-MgAndSecurityDataSecurityAndGovernanceSensitivityLabel -BodyParameter $params
Python
sensitivityLabel: computeRightsAndInheritance
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.security.datasecurityandgovernance.sensitivitylabels.compute_rights_and_inheritance.compute_rights_and_inheritance_post_request_body import ComputeRightsAndInheritancePostRequestBody
from msgraph.generated.models.protected_content import ProtectedContent
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ComputeRightsAndInheritancePostRequestBody(
delegated_user_email = "String",
locale = "String",
protected_contents = [
ProtectedContent(
odata_type = "microsoft.graph.protectedContent",
),
],
supported_content_formats = [
"String",
],
)
result = await graph_client.security.data_security_and_governance.sensitivity_labels.compute_rights_and_inheritance.post(request_body)App Registration
1
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
2
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
3
Select Permission Type
Choose Application permissions or delegated permissions and search for SensitivityLabel.Evaluate.All
4
Grant Admin Consent
Application permissions always require admin consent.