DLP rules do not allow an exception of the predicate "MessageTypeMatches" with the notify sender action. Doing so results in the error:
One of the conditions you specified can't be used for rules where you want to notify the sender. Error details: The NotifySender action isn't compatible with 'MessageTypeMatches' predicate.
I would like to trigger a rule on outbound matches unless the message is encrypted in order to enforce our internal policy compliance.

At the present time DLP is not able to read OCR documents, namely documents scanned to PDF. This is a GIANT, GAPING hole in terms of security. I have clients who have 100's of thousands of documents that contain sensitive information saved in OneDrive but no DLP policies can be applied to these documents, since DLP is not OCR aware. Please correct ASAP! Thanks!

In Exchange Online or EOP, We cannot create a transport rule with the action set to Distribution Group.

It errors as follows :

The transport rule can't be created because group@domain.com, the recipient to be added by a rule action, is a distribution group. Transport rules can't add distribution groups to messages. To resolve this error, remove this recipient and specify a different one.

Since there are workarounds to resolve, Can this be fixed directly without any error.

The ability to add a company logo or image to a signature as an admin globally for all users would be nice. Currently the suggested solution to append a disclaimer isn't ideal as it always posts the image to the very bottom of the email, not the signature. This doesn't work for a back and forth conversation thread since it starts stacking the image at the bottom.

Recently classification labels were introduced in the Security & Compliance Center to help with retention of certain types of data classifications.

We also have Azure Information Protection sensitivity labels (personal, public, internal, confidential, secret).

DLP sensitive information types are good, but it would be even better if we could simply label groups of data as sensitive and apply DLP vs. trying to determine they are sensitive via the DLP sensitive information types. This would remove the complexity of trying to create custom sensitive information types when the out of the box types don't meet your needs.

I think is a good idea to add company email signature at the end of the email with the mail flow rule.
At the moment this thing is possible but when I reply or I forward an email, my signature appear at the end of all email not at the end of my message,

Currently, Policy Tip actions are not supported when creating a DLP rule that has sender or domain filtering criteria.

The error message states "The NotifySender action isn't compatible with 'RecipientDomainIs' predicate."

We'd like to see this action supported so we can configure our rules based on our business requirements.

Adding encryption ome v2 (encrypt-only) to outbound emails with sensitive data detection is easy enough. However when that email is opened by the recipient and replied to, the email comes in encrypted to the sender, who has to go thru the process to decrypt. There is an option in the EOP rule to "Remove Office 365 Message Encryption and right protection" however fails since the predicate must match "The sender is located?" "Inside the organization". This is no problem with ome v1 but is not working with ome v2. Need to add the capability to decrypt those messages automatically.

need an option to send an automatic reply/response to any sender emailing a specific recipient in the organisation via a transport rule. the option is available in Exchange 2013 so should be possible in Office 365. a rule from the mailbox is not suitable as this will only send the response once to each sender. the mailbox is not monitored so customers should be sent an acknowledgement email to confirm that their email has been received.

We need to improve reporting for violations on DLP on exchange. We need to extract a detailed report containing information related to the source of the violation. For example, if the violation comes from exchange email we need source email and destination.

We use DLP on email to assist in our PCI compliance. As an online payments provider, we often provide dummy credit card information to help our customers set up their APIs (typically 4444 3333 2222 1111). Unfortunately, despite this *not* being a valid card number, it triggers Microsoft's built in "Credit Card" definition resulting in 100s of false positives per week. We need to have this hard coded as an exception to the "Credit Card" definition, or, better yet, allow definitions to be customised and/or excluded from via. the Admin portal.

Need the possibility to have Policy Tips for DLP rules in multiple languages when created in Office 365 Security & Compliance (as you can do in Exchange Online Admin). The policy tip should match the language you have in Office. Now it's mixed with the static text in the Policy Tip and the custom text you have entered in the rule

DLP policy builder - Incident Reports
It would be great if there was a check box to notify the offending user's manager (by AAD lookup) as opposed to explicitly defining who the recipient of the message is.

This is highly requested by my EPG customers and is really helpful in end-user training as many Orgs make the users' line manager address these issues, not IT or compliance.

According to Microsoft and our testing, the DLP templates search for a keyword such as "ssn" or Visa" before looking for an actual number. Our business requires that DLP hunt and find numbers alone that match PII and financial data without keywords. Can we modify templates to do this?

I have a department that wants to apply DLP rules to all of their users OneDrive for Business sites. I want a way to enable this by putting in a DL, Group, or Dynamic Group, so that the DLP rules get applied to all users onedrive's that are in the Group. Right now, I have to manually add every URL by hand.