Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Did you hear? There's a new SQL AI Developer certification (DP-800). Start preparing now and be one of the first to get certified. Register now

trsteinberg
Microsoft Employee
‎03-31-2026 08:00 AM

Sensitivity labels in Fabric for public APIs (Generally Available)

To support advanced governance and automation scenarios, Sensitivity Labels are now exposed through Microsoft Fabric Public APIs. This enables developers, partners, and platform teams to programmatically get and manage sensitivity labels as part of information classification and AI workflows.

Sensitivity labels in Fabric

In Fabric, Sensitivity Labels (from Microsoft Purview Information Protection) help classify and protect sensitive data across all data assets. These labels prevent unauthorized access, support compliance, and make it easier to identify sensitive information.

Since Fabric uses the same unified sensitivity labels as Microsoft 365, protection remains consistent across platforms. The label stays attached to the item's data throughout its lifecycle in Fabric (e.g., inheritance) and continues to persist when exported to Microsoft 365, ensuring end-to-end protection and a seamless user experience. Sensitivity labels and default labeling behavior are governed by organizational label policies defined in Microsoft Purview, enabling each organization to enforce its own information classification standards across Fabric.

Learn more in the Sensitivity Labels in Fabric and Power BI documentation.

Sensitivity label definition:

Menu_showing_the_selection_of_a_sensitivity_label_and_protection_scope_with_HighMenu_showing_the_selection_of_a_sensitivity_label_and_protection_scope_with_High

Figure: Selecting a sensitivity label for a Fabric item.

Protection Policy: Organizations can use protection policies (Protection Policy Overview) to ensure that sensitive data in Fabric is also protected according to sensitivity label and get both classification and protection in one solution.

Review policy setting:

Screenshot_of_review_and_finish_page_in_protection_policy_configurationScreenshot_of_review_and_finish_page_in_protection_policy_configuration

Figure: Review and confirm protection policy settings before creating the policy.

Sensitivity label availability for public API

Microsoft Fabric now supports Sensitivity Labels across key Public API operations, enabling users to integrate compliance and governance directly into their workflows.

Available capabilities:

  • List Items – The response now includes the Sensitivity Label Id for each item.
  • Get Item – The response includes the item’s Sensitivity Label Id.
  • Update Item – The response includes the Sensitivity Label Id.
    (Note: labels can be retrieved programmatically but update labels via this API is not supported)
These capabilities align with the existing label management APIs available today: These enhancements allow users to programmatically access sensitivity label metadata without additional queries, streamlining compliance and improving automation.

Use Cases

AI and Agent Workflows – Using sensitivity labels as a safety

Scenario

An AI agent (or workflow automation) searches Fabric items to answer a user question. The organization requires the agent to detect and enforce policies for specific sensitivity label types. If content is tagged with designated sensitive labels (e.g., Confidential, Highly Confidential, Restricted), the agent must either exclude it, require additional approval, or route the results through a secure handling process.

Why the new API behavior matters
When the agent discovers items using List Items, it immediately receives the Sensitivity Label Id for each candidate. That label ID can serve as a real-time guardrail signal in the AI workflow (filter, escalate, redact, or require approval) without requiring additional API calls per item.

  • List Items: Discover candidate items and read Sensitivity Label Id in one pass.
  • Get Item: Verify the sensitivity label for a specific artifact before using it in an AI step.

Workspace classification monitoring and inventory visibility

Scenario

A platform or governance team needs a programmatic inventory of all Fabric items within a workspace (or across multiple workspaces) to assess data security posture.

The automation retrieves all items using List Items, including their Sensitivity Label Id, enabling programmatic classification analysis, such as:

  • Identifying which items are unlabeled
  • Detecting items labeled below the required classification level
  • Analyzing the distribution of sensitivity labels across the workspace
The results can be used to generate compliance dashboards, trigger remediation workflows, or enforce organizational labeling standards.

Why the new API behavior matters

Previously, sensitivity label information required additional metadata queries per item. Now, Sensitivity Label Id is returned directly in the List Items response, enabling efficient large-scale classification monitoring in a single pass.

This allows organizations to build near real-time workspace classification reports and governance automation without added API overhead.

APIs involved

  • List Items: Retrieve all items with Sensitivity Label Id in one operation.
  • Bulk Set Labels: Remediate unlabeled or misclassified artifacts.

Conclusion and further resources

Sensitivity labels in Microsoft Fabric public APIs help teams incorporate data classification into automated and governance‑aware workflows. By exposing label metadata through core APIs, organizations can better enforce compliance across analytics and AI scenarios.

To learn more, explore the following documentation on sensitivity labels and protection policies in Fabric, and explore the relevant public API references. We welcome feedback and questions in the comments.

0