Message classifications were introduced with Exchange 2007 which seems like ages ago now. They are a piece of metadata which you can assign to messages, for example the intended audience or sensitivity of messages. These message can then be treated accordingly by the recipient or you can leverage transport rules functionality and Rights Management Services to act on or protect these messages.
Let’s assume you have created a custom message classification using the following cmdlet:
New-MessageClassification –Name ‘InternalUseOnly’ –DisplayName ‘Internal Use Only’ –SenderDescription ‘This message is for internal use only.’
When you retrieve the list of message classifications using Get-MessageClassifications you will notice three additional classifications:
Exchange comes with these message classifications which are used by Exchange internally: ExAttachmentRemoved, ExOrarMail and ExPartnerMail. These should not be used by users, let alone be visible. To make them hidden, the PermissionMenuVisible attribute is set to $false for these classifications. This will make them not show up in Outlook WebApp:
Now, using classifications in Outlook is less admin-friendly and requires exporting of classification information and configuring Outlook to read these classifications from a file. In short, the process described on TechNet TechNet to use message classifications from Outlook is as follows:
From the Exchange Management Shell, run the Export-OutlookClassification.ps1 script from Exchange scripts folder, e.g.
& ‘C:\Program Files\Microsoft\Exchange Server\v15\Scripts\Export-OutlookClassification.ps1’ | Set-Content ‘C:\OutlookClass.xml’
Next, copy the XML file to a location on the client or networked location which is readable by Users. On the client, make the following registry changes:
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Policy] "AdminClassificationPath"="c:\\Classifications.xml" "EnableClassifications"=dword:00000001 "TrustClassifications"=dword:00000001
Note: For the purpose of this example the XML is stored as C:\Temp\OutlookClass.xml . Note that “15.0” is for configuring Outlook 2013, replace with 14.0 for Outlook 2010 and 12.0 for Outlook 2007.
Restart Outlook so it will use these settings. When composing a message you will now see the message classification options appear under Options > Permission:
Apart from the message classification “Internal Use Only” we created, you will also see that Outlook shows the internal classifications by their display name. That should not be happening.
When you open up the Outlook classifications export file, you will spot that it contains all classifications, including the internal ones:
So, what you can do now and what the documentation seems to fail to mention, is that after exporting message classifications you may want to remove the internal classifications “Attachment Removed” (ExAttachmentRemoved), “Originator Requested Alternate Recipient Mail” (ExOrarMail) and “Partner Mail” (ExPartnerMail) from the XML export file. Downside is that message with these internal classifications will not display the related description in Outlook, but that should not be an issue and a better option than users being able to select them.
When you have removed the three entries from the XML file and restarted Outlook, the built-in options will no longer be on the permission menu:
EighTwOne (821) 
Pingback: NeWay Technologies – Weekly Newsletter #86 – March 13, 2014 | NeWay
Pingback: NeWay Technologies – Weekly Newsletter #86 – March 14, 2014 | NeWay
Hi all .. can we have Option to set Internal as default instead of no restrictions
LikeLike
You can apply Internal classification to if message is not yet classified (apply if “the message isn’t marked with any classifications”), apart from other obvious conditions like sending being internal. Alternative is to implement automatic sensitivity labeling.
LikeLike
Hello Michel. How I can enable message classifications on Outlook 365 for Windows? I can see on OWA but not on Outlook 365 for Windows. I cannot locate “Export-OutlookClassification.ps1” script on Exchange online.
Thanks in advance.
LikeLike
Connect to Exchange Online using PowerShell, and run the following
LikeLike
Hello Michel.
I have copy and pasted on .ps1 file but I think that I have problems with certain characters. Can you write it without any text format?
This solution generates a new “MessageClassifications.xml” file but I don’t have problems generating it, I only have problems to see “Permission” button. I have created the XML, I have copied it to “C:\Program Files\Microsoft Office” directory (for example) and I have modified Regedit with:
——————–
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Policy]
“AdminClassificationPath”=”\”C:\\Program Files\\Microsoft Office\\MessageClassifications.xml\””
“EnableClassifications”=dword:00000001
“TrustClassifications”=dword:00000001
——————————–
I have tried on Outlook 365 32 bit and 64 bit and computers with last Windows 10 20H2.
When I create a new classification I see it on OWA but impossible on our Outlooks for Windows.
LikeLike
LikeLike
Same problem. I have tried many ways and paths …
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Policy]
“AdminClassificationPath”=”C:\\temp\\MessageClassifications.xml”
“EnableClassifications”=dword:00000001
“TrustClassifications”=dword:00000001
LikeLike
Can I use Message Classification withou IRM service? I think that may be it. Although with OWA I can use classifications.
LikeLike
This is an example of my XML file:
NAME OF CLASSIFICATION
DESCRIPTION
d9a0a69e-be67-4f69-ae8a-f5be2e33fec3
LikeLike
Hi Michel, I was able to create and enable a new message classification in Exchange, I tried to send an email with classification to an email outside of organization and the reply does not have classification attached to it. is there anyway to enable it?
LikeLike
Messages will apply a ClassificationID, not the ‘label’ – when message leaves the organization, all bets are off regarding the classification, as receiver probably likely doesn’t have the same set of classifications. For classifications in the internal organization, make sure RetainClassificationEnabled is set so classifications stick when forwarded/replied to. For classifications on messages sent to external recipients, you can block them or protect messages based on classification using IRM
https://docs.microsoft.com/exchange/irm?WT.mc_id=M365-MVP-5000284
LikeLike