These instructions will help guide you through the installation of Nucleuz's DLP Sensitive Types (aka Classification Rules) in Microsoft Exchange 2013+ On-Premise.
Refer to this article to install Nucleuz DLP Sensitive Types in Microsoft Office 365 (O365) or Microsoft 365 (M365).
Refer to this article to install Nucleuz DLP Sensitive Types in Microsoft Exchange Online
The following prerequisites are needed before installation:
See Microsoft's Messaging Policy and Compliance Permissions TechNet article for more information about permissions for compliance management.
Extract the contents of the Nucleuz DLP Package archive onto a computer with PowerShell access to Exchange.
Locate the Nucleuz DLP Sensitive Types Rule Pack file.
The Rule Pack filename typically starts with "Nucleuz" and ends with "DlpRulePack.xml".
For example, Nucleuz_Contoso_PII_DlpRulePack.xml.
Open the Exchange Management Shell (Powershell) with a user who has the permissions specified in the Prerequisites above.
Follow the instructions below for your install type: first-time or update.
NOTE:
If your Nucleuz DLP Package archive contains multiple DLP Sensitive Types Rule Pack files, repeat the following steps for each such file.
Follow these steps to install a DLP Sensitive Types Rule Pack for the first time. If you are looking to update a DLP Sensitive Types Rule Pack, follow the instructions below for updating a rule pack.
Install the DLP Sensitive Types Rule Pack by using the New-ClassificationRuleCollection Exchange cmdlet:
New-ClassificationRuleCollection -FileData ([Byte[]]$(Get-Content -Path "<path to the DLP Sensitive Types Rule Pack File>" -Encoding Byte -ReadCount 0))
For more information on the New-ClassificationRuleCollection cmdlet, see Microsoft's New-ClassificationRuleCollection TechNet article.
Confirm
Are you sure you want to perform this action?
Classification rule collection "Nucleuz PII" will be imported.
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): Y
Invariant Name Localized Name Publisher Encrypted
-------------- -------------- --------- ---------
Nucleuz PII Nucleuz PII Nucleuz Inc False
Follow these steps to update a DLP Sensitive Types Rule Pack that has previously been installed. These instructions should be used, for example, to update to a newer version of a Rule Pack which is currently installed. If you are looking to install a new DLP Sensitive Types Rule Pack, follow the instructions above for installing a rule pack.
Update the existing DLP Sensitive Types Rule Pack by using the Set-ClassificationRuleCollection Exchange cmdlet:
Set-ClassificationRuleCollection -FileData ([Byte[]]$(Get-Content -Path "<path to the DLP Sensitive Types Rule Pack File>" -Encoding Byte -ReadCount 0))
For more information on the Set-ClassificationRuleCollection cmdlet, see Microsoft's Set-ClassificationRuleCollection TechNet article.
When prompted to confirm the installation, answer 'Y' or press the Enter key:
Confirm
Are you sure you want to perform this action?
Classification rule collection "Nucleuz PII" will be updated.
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): Y
If the command succeeded, the rule pack and all sensitive types within it have been updated on the server.
NOTE:
Due to various caching mechanisms in Exchange and Outlook, these updates may not take effect immediately.
It may take several hours for the updates to take effect in Exchange.
It may take 24 hours for the updates to take effect in Outlook rich clients.
Typically Nucleuz will provide a customized DLP Policy which combines our
Sensitive Types with other conditions and actions, specifically for an
organization. We recommend this approach to maximize productivity and
coverage of your intended DLP Policy.
See Installing Nucleuz DLP Policies for more information on installing
the DLP Policy or Policies provided by Nucleuz.
To use Nucleuz's DLP Sensitive Types in custom DLP policies:
Contact us for more information about managing DLP Policies