Applies to: Exchange Server 2013

This topic no longer applies to the cloud-based service. It applies only to on-premises Exchange 2013. To see the current version of the topic that applies to the cloud-based service, change the (v=exchg.150) value in the URL to (v=exchg.160).

Use the New-DataClassification cmdlet to create data classification rules that use document fingerprints.

For information about the parameter sets in the Syntax section below, see Syntax.

New-DataClassification -Description <String> -Fingerprints <MultiValuedProperty> -Name <String> [-ClassificationRuleCollectionIdentity <ClassificationRuleCollectionIdParameter>] [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-Locale <CultureInfo>] [-Organization <OrganizationIdParameter>] [-WhatIf [<SwitchParameter>]]

This example creates a new data classification rule named "Contoso Employee-Customer Confidential" that uses the document fingerprints of the files C:\My Documents\Contoso Employee Template.docx and D:\Data\Contoso Customer Template.docx.

$Employee_Template = Get-Content "C:\My Documents\Contoso Employee Template.docx" -Encoding byte
$Employee_Fingerprint = New-Fingerprint -FileData $Employee_Template -Description "Contoso Employee Template"
$Customer_Template = Get-Content "D:\Data\Contoso Customer Template.docx" -Encoding byte
$Customer_Fingerprint = New-Fingerprint -FileData $Customer_Template -Description "Contoso Customer Template"
New-DataClassification -Name "Contoso Employee-Customer Confidential" -Fingerprints $Employee_Fingerprint,$Customer_Fingerprint -Description "Message contains Contoso employee or customer information."

Classification rule packages are used by data loss prevention (DLP) to detect sensitive content in messages.

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Data loss prevention (DLP)" entry in the Messaging policy and compliance permissions topic.


Parameter Required Type Description




The Description parameter specifies a description for the data classification rule.




The Fingerprints parameter specifies the byte-encoded files to use as document fingerprints. You can use multiple document fingerprints separated by commas. For instructions on how to import documents to use as templates for fingerprints, see New-Fingerprint or the Examples section.




The Name parameter specifies a name for the data classification rule. The value must be less than 256 characters.

The value of this parameter is used in the Policy Tip that's presented to users in Outlook Web App.




The ClassificationRuleCollectionIdentity parameter is reserved for future use.

New data classification rules that you create are automatically added to the classification rule collection named Fingerprint Classification Collection.




The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.




This parameter is available only in on-premises Exchange 2013.

The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.




The Locale parameter specifies the language that's associated with the data classification rule. Valid input for this parameter is a Microsoft .NET Framework CultureInfo class culture code value. For example, en for English or fr for French. If you don't specify a value for the Locale parameter, the default language of your Exchange organization is used when you create the data classification rule.

You can add additional language translations to the data classification rule by using the Set-DataClassification cmdlet.




The Organization parameter is reserved for internal Microsoft use.




The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.