Installing Nucleuz DLP Sensitive Types in Exchange 2013 On-Premise

These instructions will help guide you through the installation of Nucleuz's DLP Sensitive Types (aka Classification Rules) in Microsoft Exchange 2013 On-Premise.

Prerequisites

The following prerequisites are needed before installation:

  • Nucleuz's DLP Sensitive Types Rule Pack.
    This is provided by Nucleuz. Contact Nucleuz if you do not have it.
  • An Exchange user account assigned at least one of these role groups, an equivalent custom role group, or an equivalent management role:
    • Compliance Management
    • Organization Management

    See Microsoft's Messaging Policy and Compliance Permissions TechNet article for more information about permissions for compliance management.

Installation

  1. Extract the contents of the DLP Sensitive Types Rule Pack archive onto a computer with PowerShell access to Exchange.

  2. Locate the DLP Sensitive Types Rule Pack file.

    The Rule Pack filename typically starts with "Nucleuz" and ends with "DlpRulePack.xml".

    For example, Nucleuz_Contoso_PII_DlpRulePack.xml.

    NOTE:

    If your DLP Sensitive Types Rule Pack archive contains multiple DLP Sensitive Types Rule Pack files, repeat the following steps for each such file.

  3. Open the Exchange Management Shell (Powershell) with a user who has the permissions specified in the Prerequisites above.

    NOTE:

    If you're installing into O365 or Exchange Online, you must use a remote PowerShell session instead. See the instructions for O365 and Exchange Online for help with setting up a remote PowerShell session.

  4. Follow the instructions below for your install type: first-time or update.

First-Time Install

Follow these steps to install a DLP Sensitive Types Rule Pack for the first time. If you are looking to update a DLP Sensitive Types Rule Pack, follow the instructions below for updating a rule pack.

  1. Install the DLP Sensitive Types Rule Pack by using the New-ClassificationRuleCollection Exchange cmdlet:

    New-ClassificationRuleCollection -FileData ([Byte[]]$(Get-Content -Path "<path to the DLP Sensitive Types Rule Pack File>" -Encoding Byte -ReadCount 0))

    For more information on the New-ClassificationRuleCollection cmdlet, see Microsoft's New-ClassificationRuleCollection TechNet article for more information.

  2. When prompted to confirm the installation, answer 'Y' or press the Enter key:

    Confirm
    Are you sure you want to perform this action?
    Classification rule collection "Nucleuz PII" will be imported.
    [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): Y

    Invariant Name         Localized Name                Publisher             Encrypted
    --------------         --------------                ---------             ---------
    Nucleuz PII            Nucleuz PII                   Nucleuz Inc           False

Updating

Follow these steps to update a DLP Sensitive Types Rule Pack that has previously been installed. These instructions should be used, for example, to update to a newer version of a Rule Pack which is currently installed. If you are looking to install a new DLP Sensitive Types Rule Pack, follow the instructions above for installing a rule pack.

  1. Update the existing DLP Sensitive Types Rule Pack by using the Set-ClassificationRuleCollection Exchange cmdlet:

    Set-ClassificationRuleCollection -FileData ([Byte[]]$(Get-Content -Path "<path to the DLP Sensitive Types Rule Pack File>" -Encoding Byte -ReadCount 0))

    For more information on the Set-ClassificationRuleCollection cmdlet, see Microsoft's Set-ClassificationRuleCollection TechNet article for more information.

  2. When prompted to confirm the installation, answer 'Y' or press the Enter key:

    Confirm
    Are you sure you want to perform this action?
    Classification rule collection "Nucleuz U.S. HIPAA / HITECH" will be updated.
    [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): Y

    If the command succeeded, the rule pack and all sensitive types within it have been updated on the server.

    NOTE:

    Due to various caching mechanisms in Exchange and Outlook, these updates may not take effect immediately.

    It may take several hours for the updates to take effect in Exchange.

    It may take 24 hours for the updates to take effect in Outlook.

Using Nucleuz's DLP Sensitive Types in DLP Policies

To use Nucleuz's DLP Sensitive Types in DLP policies:

  1. Sign into Exchange Admin Center
  2. Navigate to compliance management using the link on the left-hand side.
  3. Navigate to data loss prevention using the link near the top.
  4. Create or edit a DLP Policy and incorporate the new DLP Sensitive Type(s).
For more information about managing DLP Policies, start with Microsoft's DLP Policy Templates documentation and Manage DLP policies.