Check sensitivity labels on groups

Connect-ExchangeOnline -SkipLoadingCmdletHelp

$Status = Get-ConnectionInformation -ErrorAction SilentlyContinue
If (!($Status)) {
  Connect-ExchangeOnline -SkipLoadingCmdletHelp
}
Connect-IPPSSession
 
# Define the default sensitivity label
$DefaultSensitivityLabel = "e42fd42e-7240-4df0-9d8f-d14658bcf7ce" # Guid for General Access
 
# Create a list of the sensitivity labels used for container management in the organization
[array]$Labels = Get-Label
$ContainerLabels = [System.Collections.Generic.List[Object]]::new()
ForEach ($Label in $Labels) {
    If ($Label.ContentType -Like "*UnifiedGroup*") { # It's a label for container management
      $DataLine = [PSCustomObject] @{
        LabelId     = $Label.ImmutableId
        DisplayName = $Label.DisplayName
        Priority    = $Label.Priority }
      $ContainerLabels.Add($DataLine)
    }
}
# Validate that the default sensitivity label is OK
 
If ($DefaultSensitivityLabel -notin $ContainerLabels.LabelId) {
    Write-Host ("Default label {0} is not valid -exiting" -f $DefaultSensitivityLabel)
}
 
[int]$LabelsAssigned = 0
Write-Host "Fetching Microsoft 365 Groups"
[array]$Groups = Get-UnifiedGroup -ResultSize Unlimited
ForEach ($Group in $Groups) {
   If ($null -eq $Group.SensitivityLabel) { # No label assigned so let's assign the default label
      Write-Host ("{0} has no sensitivity label - assigning the default label" -f $Group.DisplayName) -Foregroundcolor Red
      Set-UnifiedGroup -Identity $Group.ExternalDirectoryObjectId -SensitivityLabel $DefaultSensitivityLabel -CustomAttribute14 $DefaultSensitivityLabel
      $LabelsAssigned++
    } Else { # Just update the Custom Attribute
      Set-UnifiedGroup -Identity $Group.ExternalDirectoryObjectId  -CustomAttribute14 $Group.SensitivityLabel
    }
} # End For
Write-Host ("Labels assigned to {0} Microsoft 365 Groups; checked label tracking attribute for {1} groups" -f $LabelsAssigned, $Groups.Count)