Last active
February 26, 2023 02:58
-
-
Save brunomsantiago/c79d17bf74c4c78c51debf7f7e0bafb5 to your computer and use it in GitHub Desktop.
Python functions to read and apply sensitivity labels to microsoft documents using powershell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import json | |
import subprocess | |
import time | |
def read_label( | |
filepath, | |
full_result=False, | |
powershell=r'C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe', | |
stdout_encoding='iso8859-15', | |
): | |
""" | |
Read sensitivity label from a Microsoft document | |
This function uses a powershell command as subprocess to read the label_id | |
of a microsoft document previously classified with the sensitivity label. | |
This label_id can be used to apply the same sensitivity label to other | |
documents. | |
It relies on the 'Get-AIPFileStatus' powershell tool. To understand it | |
better try running the command directly in powershell or look for the | |
official Microsoft documentation. | |
By default this function only returns the label_id, but if you want to see | |
the full result from 'Get-AIPFileStatus' use full_result=True. | |
""" | |
# The command to call in powershell. It includes the powershell tool | |
# 'ConvertTo-Json' to make it easier to process the results in Python, | |
# specially when the file path is too long, which may break lines. | |
command = f"Get-AIPFileStatus -path '{filepath}' | ConvertTo-Json" | |
# Executing it | |
result = subprocess.Popen([powershell, command], stdout=subprocess.PIPE) | |
result_lines = result.stdout.readlines() | |
# Processing the results and saving to a dictionary | |
clean_lines = [ | |
line.decode(stdout_encoding).rstrip('\r\n') for line in result_lines | |
] | |
json_string = '\n'.join(clean_lines) | |
result_dict = json.loads(json_string) | |
# If selected, return the full results dictionary | |
if full_result: | |
return result_dict | |
# If not returns only the label_id of interest to apply to other document | |
# Per Microsoft documentation if a sensitivity label has both a | |
# 'MainLabelId' and a 'SubLabelId', only the 'SubLabelId' should be used | |
# with 'Set-AIPFileLabel' tool to to set the label in a new document. | |
label_id = ( | |
result_dict['SubLabelId'] | |
if result_dict['SubLabelId'] | |
else result_dict['MainLabelId'] | |
) | |
return label_id | |
def apply_label( | |
filepath, | |
label_id, | |
powershell=r'C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe', | |
stdout_encoding='iso8859-15', | |
): | |
""" | |
Apply sensitivity label to a Microsoft document | |
This function uses a powershell command as subprocess to apply it. | |
It relies on the 'Set-AIPFileLabel' powershell tool. To understand it | |
better try running the command directly in powershell or look for the | |
official Microsoft documentation. | |
Per Microsoft documentation if a sensitivity label has both a | |
'MainLabelId' and a 'SubLabelId', only the 'SubLabelId' should be used | |
with 'Set-AIPFileLabel' tool to to set the label in a new document. | |
The function returns the elapsed time to apply the label. | |
""" | |
start = time.time() | |
# The command to call in powershell | |
command = f"(Set-AIPFileLabel -path '{filepath}' -LabelId '{label_id}').Status.ToString()" | |
# Executing it | |
result = subprocess.Popen([powershell, command], stdout=subprocess.PIPE) | |
result_message = ( | |
result.stdout.readline().decode(stdout_encoding).rstrip('\r\n') | |
) | |
# If the command is not successful, raises an exception and display the | |
# message from 'Set-AIPFileLabel' tool | |
if result_message != 'Success': | |
raise Exception(result_message) | |
end = time.time() | |
return end - start |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Keywords:
Sensitivity Label
MIP (Microsoft Information Protection)
AIP (Azure Information Protection)
Python
Powershell
Windows
Get-AIPFileStatus
Set-AIPFileLabel