DLP rules do not allow an exception of the predicate "MessageTypeMatches" with the notify sender action. Doing so results in the error:
One of the conditions you specified can't be used for rules where you want to notify the sender. Error details: The NotifySender action isn't compatible with 'MessageTypeMatches' predicate.
I would like to trigger a rule on outbound matches unless the message is encrypted in order to enforce our internal policy compliance.

At the present time DLP is not able to read OCR documents, namely documents scanned to PDF. This is a GIANT, GAPING hole in terms of security. I have clients who have 100's of thousands of documents that contain sensitive information saved in OneDrive but no DLP policies can be applied to these documents, since DLP is not OCR aware. Please correct ASAP! Thanks!

The ability to add a company logo or image to a signature as an admin globally for all users would be nice. Currently the suggested solution to append a disclaimer isn't ideal as it always posts the image to the very bottom of the email, not the signature. This doesn't work for a back and forth conversation thread since it starts stacking the image at the bottom.

In Exchange Online or EOP, We cannot create a transport rule with the action set to Distribution Group.

It errors as follows :

The transport rule can't be created because group@domain.com, the recipient to be added by a rule action, is a distribution group. Transport rules can't add distribution groups to messages. To resolve this error, remove this recipient and specify a different one.

Since there are workarounds to resolve, Can this be fixed directly without any error.

I think is a good idea to add company email signature at the end of the email with the mail flow rule.
At the moment this thing is possible but when I reply or I forward an email, my signature appear at the end of all email not at the end of my message,

Recently classification labels were introduced in the Security & Compliance Center to help with retention of certain types of data classifications.

We also have Azure Information Protection sensitivity labels (personal, public, internal, confidential, secret).

DLP sensitive information types are good, but it would be even better if we could simply label groups of data as sensitive and apply DLP vs. trying to determine they are sensitive via the DLP sensitive information types. This would remove the complexity of trying to create custom sensitive information types when the out of the box types don't meet your needs.

need an option to send an automatic reply/response to any sender emailing a specific recipient in the organisation via a transport rule. the option is available in Exchange 2013 so should be possible in Office 365. a rule from the mailbox is not suitable as this will only send the response once to each sender. the mailbox is not monitored so customers should be sent an acknowledgement email to confirm that their email has been received.

Currently, Policy Tip actions are not supported when creating a DLP rule that has sender or domain filtering criteria.

The error message states "The NotifySender action isn't compatible with 'RecipientDomainIs' predicate."

We'd like to see this action supported so we can configure our rules based on our business requirements.

We use DLP on email to assist in our PCI compliance. As an online payments provider, we often provide dummy credit card information to help our customers set up their APIs (typically 4444 3333 2222 1111). Unfortunately, despite this *not* being a valid card number, it triggers Microsoft's built in "Credit Card" definition resulting in 100s of false positives per week. We need to have this hard coded as an exception to the "Credit Card" definition, or, better yet, allow definitions to be customised and/or excluded from via. the Admin portal.

We need to improve reporting for violations on DLP on exchange. We need to extract a detailed report containing information related to the source of the violation. For example, if the violation comes from exchange email we need source email and destination.

Need the possibility to have Policy Tips for DLP rules in multiple languages when created in Office 365 Security & Compliance (as you can do in Exchange Online Admin). The policy tip should match the language you have in Office. Now it's mixed with the static text in the Policy Tip and the custom text you have entered in the rule

I have a department that wants to apply DLP rules to all of their users OneDrive for Business sites. I want a way to enable this by putting in a DL, Group, or Dynamic Group, so that the DLP rules get applied to all users onedrive's that are in the Group. Right now, I have to manually add every URL by hand.

Create a DLP Policy where you can add the Sensitive Label on it because currently, only Sensitive info type and Retention Label can be added

I think that creating custom DLP rules - and especially creating custom sensitive data types - is too much of a mystery for Microsoft's platform(s). It would be so useful if there were:
1. Better documentation for DLP rule & data type creation
2. A tool that admins could use to construct custom DLP rules and custom sensitive data types.

Making it easy to create these so we can implement in Office365, On-Prem Exchange and SharePoint infrastructures, tying it closer together with data classifications, etc.

Please add in the option to reply in mail rules.

Please add a predefined DLP rule for Panama's Cedula number (SSN equivalent)