Applications Server

Exchange Server 2010 : Designing and Implementing Message Classifications (part 1)

12/1/2010 9:11:54 AM

The typical organization has invested heavily in solutions protecting against threats from inbound e-mail such as malware (viruses, worms, Trojans, and phishing, for example) and spam. However, the compliance and intellectual property risks of internal and outgoing e-mail have not generally been given much consideration. The retention policy and managed folder technologies that provide messaging records management in Exchange Server 2010 can aid in dealing with these issues for e-mail residing in mailboxes (at rest), but they depend to a large extent on decisions made on the content of messages by end users and, in some cases, administrators. These decisions typically focus on the designation of messages based on their content, principally in the context of their intended use, audience, retention, and so on.

E-mail classification adds visual labels and metadata to e-mail messages to describe the intended use of or audience for a message to enable processes to make decisions based on those designations. The message sender typically applies the message classifications, as a decision made on the content of the message before it is sent. These classifications typically indicate the sensitivity, intended distribution, retention periods, or other designations, usually as required by the organization. If deployed with some pre-planning, message classifications can offer a crucial piece of an effective strategy for managing and controlling e-mail by ensuring regulatory compliance and maintaining policy.

Unclassified, Confidential, and Secret are some examples of message classifications used by organizations, whereas others may employ designations such as Non-Business, Partner Confidential, Mergers and Acquisitions, Privacy Act, and so on.

As with retention tags, AD RMS templates, and managed folders, the number of message classifications should be kept to a minimum. This aids in keeping the interface uncluttered for end users, which will in turn encourage them to actually use this new technology.

In Outlook 2007, Outlook 2010, and Outlook Web App in Exchange Server 2010, the message classification applied can display visual labels for the sender and the recipients of the e-mail in the form of a user-friendly description of the classification.


Message classifications in Exchange Server 2010 are informational only; they are not integrated with any transport rules or messaging records management functionality. However, they can be used as a predicate in transport rules, and transport rules can be configured to apply a message classification as an action.

In addition, Exchange Server 2010 message classifications set on a message are only visible to the recipient when viewed in Outlook Web App, or with Outlook 2007 or Outlook 2010; Outlook 2007 and Outlook 2010 require additional configuration to apply and view Exchange Server 2010 message classifications.

When a user composes a message in Outlook Web App and Outlook 2007 and higher, the message classifications configured in Exchange Server 2010 are listed in the Permissions dialog box, along with AD RMS templates, as shown in Figure 8-28. In this example, Privacy Act is a message classification, whereas the rest of the entries in the list are AD RMS templates.

Figure 8-28. Selecting a message classification in Outlook Web App

Message classifications are created using the EMS and the New-MessageClassification cmdlet. It is worth noting that the message classification selection seen in Figure 8-28 is just the display name of the classification. You specify the classification's display name with the DisplayName parameter; this defines the label seen from the selection menu by the sender. The SenderDescription parameter defines the description that is shown to the sender in the composed message, as shown in Figure 8-29.

Figure 8-29. Message classification sender description in a composed message

You can configure separately the text displayed to recipients of a classified message with the RecipientDescription parameter; the recipient description for the message composed in Figure 8-29 as seen in Outlook Web App is shown in Figure 8-30. If the recipient description is not configured, the text configured for the sender description is displayed.

Figure 8-30. Message classification as seen by an Outlook Web App recipient

Inside Track: Simplifying the End-User Experience with Message Classifications

Ed Banti

Program Manager, Microsoft Corporation, Redmond, WA

All too often organizations will attempt to place rigid or complex policies on their end users in the name of governance, compliance, security, privacy, or a whole collection of laws and regulations. For example, I've heard of organizations that prompt their employees to classify every single e-mail and that process involves understanding the definition of hundreds of classification tags and picking the right one. I've also heard of organizations that give their employees complex instructions on when to IRM-protect documents or when it's appropriate to S/MIME encrypt versus sign an e-mail. While the intent is to keep the organization and employees out of trouble, this approach results in employee frustration and ultimately leads to the "click the default" and ignore mentality, which is contrary to the original goal and intent of the policy.

Instead of pushing complex rules to employees, organizations need to consider ways to reduce confusion and streamline the process. An easy way to do this out of the box in Exchange 2010 is via message classifications and transport rules. Message classifications are informational policies that can be tagged (either manually or automatically) to e-mail messages that can display a user-friendly description in Outlook or OWA. These message classifications can then trigger transport rules in the background. Take a look at the following example.

Contoso is a healthcare provider with patient information that needs to be kept confidential. Today they instruct their employees to include a disclaimer on all e-mails that contain patient data and they also require that these e-mails be encrypted. Half the time, employees forget to do this or they only include the disclaimer but don't encrypt the mail. To simplify, Contoso creates a set of message classifications: Patient Data, Financial Data, and Public. When an employee marks and sends a message as Patient Data, a transport rule is triggered that automatically adds the proper disclaimer to the message and protects the message using AD RMS such that the content cannot be viewable outside of Contoso. For Financial Data e-mail, a transport rule applies a different disclaimer and forces the message to be moderated before the message can leave Contoso. This ensures that no financial data is sent outside the company without approval.

As this example shows, you have access to simple and straightforward ways to use message classifications to abstract complex policies and actions from employees while encouraging them to properly handle and classify sensitive information.

Other -----------------
- Exchange Server 2010 : Managing Public Folders
- Exchange Server 2010 : Managing Outlook Web App Themes
- Exchange Server 2010 : Managing Details Templates
- Exchange Server 2010 : Managing Address Lists
- Exchange Server 2010 : Managing Address Policies
- Exchange Server 2010 : Designing and Implementing AD RMS Integration (part 5) - Configuring AD RMS Super Users
- Exchange Server 2010 : Designing and Implementing AD RMS Integration (part 4)
- Exchange Server 2010 : Designing and Implementing AD RMS Integration (part 3) - Transport and Journal Report Decryption
- Exchange Server 2010 : Designing and Implementing AD RMS Integration (part 2) - AD RMS and Exchange Server 2010
- Exchange Server 2010 : Designing and Implementing AD RMS Integration (part 1) - Overview
- Exchange Server 2010 : Multi-Mailbox Search (part 2) - Performing a Multi-Mailbox Search
- Exchange Server 2010 : Multi-Mailbox Search (part 1) - Litigation Hold
- BizTalk Server 2009 : Consuming WCF services without orchestration
- BizTalk Server 2009 : Consuming WCF services from orchestrations
- BizTalk Server 2009 : Exposing WCF services from schemas
- Active Directory Domain Services 2008: Exclude an Attribute from Directory Service Auditing
- Active Directory Domain Services 2008: Configure Auditing on Object Security Access Control Lists
- Active Directory Domain Services 2008: Disable the Detailed Directory Service Replication Auditing Subcategory
- Active Directory Domain Services 2008: Enable the Detailed Directory Service Replication Auditing Subcategory
- Active Directory Domain Services 2008: Disable the Directory Service Replication Auditing Subcategory
- First look: Apple Watch

- 10 Amazing Tools You Should Be Using with Dropbox

- Sigma 24mm f/1.4 DG HSM Art

- Canon EF11-24mm f/4L USM

- Creative Sound Blaster Roar 2

- Alienware 17 - Dell's Alienware laptops

- Smartwatch : Wellograph

- Xiaomi Redmi 2
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8