Installing Nucleuz DLP Sensitive Types in
Microsoft Office 365 (O365)
&
Microsoft 365 (M365)

These instructions will help guide you through the installation of Nucleuz's DLP Sensitive Types (aka Classification Rules) in Microsoft Office 365 (O365) or Microsoft 365 (M365).

Prerequisites

The following prerequisites are needed before installation:

  • A Microsoft Office 365 (O365) account with DLP enabled (E3 plan or higher)
  • An O365 user account assigned at least one of these role groups, an equivalent custom role group, or an equivalent management role:
    • Compliance Administrator
    • Organization Management

    See Permissions in Office 365 Security & Compliance Center for more information about permissions for compliance management.
    See giving users access to Office 365 Compliance admin center for more information on how to grant access to the Security & Compliance Center.

  • Nucleuz's DLP Sensitive Types Rule Pack.
    This is provided by Nucleuz. Contact Nucleuz if you do not have it.

Installation

Installation is performed by first establishing a remote PowerShell session to your O365 Security & Compliance Center account, and then using that PowerShell session to install the Nucleuz sensitive types.

  1. Connect to your Office 365 Security & Compliance Center using remote PowerShell.
  2. Extract the contents of the Nucleuz DLP Package archive onto a computer with PowerShell access to Security & Compliance Center.

  3. Locate the Nucleuz DLP Sensitive Types Rule Pack file.

    The Rule Pack filename typically starts with "Nucleuz" and ends with "DlpRulePack.xml".

    For example, Nucleuz_Contoso_PII_DlpRulePack.xml.

    NOTE:

    If your Nucleuz DLP Package archive contains multiple DLP Sensitive Types Rule Pack files, repeat the following steps for each such file.

  4. Using the remote Powershell session established above, follow the instructions below for your install type: first-time or update.

First-Time Install

Follow these steps to install a DLP Sensitive Types Rule Pack for the first time. If you are looking to update a DLP Sensitive Types Rule Pack, follow the instructions below for updating a rule pack.

  1. Install the DLP Sensitive Types Rule Pack by using the New-DlpSensitiveInformationTypeRulePackage Powershell cmdlet:

    New-DlpSensitiveInformationTypeRulePackage -FileData ([Byte[]]$(Get-Content -Path "<path to the DLP Sensitive Types Rule Pack File>" -Encoding Byte -ReadCount 0))

    For more information on the New-DlpSensitiveInformationTypeRulePackage cmdlet, see Microsoft's New-DlpSensitiveInformationTypeRulePackage documentation.

  2. When prompted to confirm the installation, answer 'Y' or press the Enter key:

    Confirm
    Are you sure you want to perform this action?
    Classification rule collection "Nucleuz PII" will be imported.
    [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): Y

    Invariant Name         Localized Name                Publisher             Encrypted
    --------------         --------------                ---------             ---------
    Nucleuz PII            Nucleuz PII                   Nucleuz Inc           False

Updating

Follow these steps to update a DLP Sensitive Types Rule Pack that has previously been installed. These instructions should be used, for example, to update to a newer version of a Rule Pack which is currently installed. If you are looking to install a new DLP Sensitive Types Rule Pack, follow the instructions above for installing a rule pack.

  1. Update the existing DLP Sensitive Types Rule Pack by using the Set-DlpSensitiveInformationTypeRulePackage Exchange cmdlet:

    Set-DlpSensitiveInformationTypeRulePackage -FileData ([Byte[]]$(Get-Content -Path "<path to the DLP Sensitive Types Rule Pack File>" -Encoding Byte -ReadCount 0))

    For more information on the Set-DlpSensitiveInformationTypeRulePackage cmdlet, see Microsoft's Set-DlpSensitiveInformationTypeRulePackage documentation.

  2. When prompted to confirm the installation, answer 'Y' or press the Enter key:

    Confirm
    Are you sure you want to perform this action?
    Classification rule collection "Nucleuz PII" will be updated.
    [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): Y

    If the command succeeded, the rule pack and all sensitive types within it have been updated on the server.

    NOTE:

    Due to various caching mechanisms in Exchange and Outlook, these updates may not take effect immediately.

    It may take several hours for the updates to take effect in Exchange and Security & Compliance Center.

    It may take 24 hours for the updates to take effect in Outlook rich clients.

Using Nucleuz's DLP Sensitive Types in Compliance & DLP Policies

Typically Nucleuz will provide a customized DLP Policy which combines our Sensitive Types with other conditions and actions, specifically for an organization. We recommend this approach to maximize productivity and coverage of your intended DLP Policy.
See Installing Nucleuz DLP Policies for more information on installing the DLP Policy or Policies provided by Nucleuz.

  • To use Nucleuz's DLP Sensitive Types in custom Exchange-based DLP policies:

    1. Sign into Exchange Admin Center Admin Center.
    2. Navigate to compliance management using the link on the left-hand side.
    3. Navigate to data loss prevention using the link near the top.
    4. Create or edit a DLP Policy and incorporate the new DLP Sensitive Type(s).

  • To use Nucleuz's DLP Sensitive Types in custom Security-&-Compliance-based DLP policies:

    1. Sign into Security & Compliance Center Admin Center.
    2. Navigate to Data loss prevention and then Policy using the links on the left-hand side.
    3. Create or edit a DLP Policy and incorporate the new Nucleuz DLP Sensitive Type(s).

Contact us for more information about managing DLP Policies