DLP rules do not allow an exception of the predicate "MessageTypeMatches" with the notify sender action. Doing so results in the error:
One of the conditions you specified can't be used for rules where you want to notify the sender. Error details: The NotifySender action isn't compatible with 'MessageTypeMatches' predicate.
I would like to trigger a rule on outbound matches unless the message is encrypted in order to enforce our internal policy compliance.

At the present time DLP is not able to read OCR documents, namely documents scanned to PDF. This is a GIANT, GAPING hole in terms of security. I have clients who have 100's of thousands of documents that contain sensitive information saved in OneDrive but no DLP policies can be applied to these documents, since DLP is not OCR aware. Please correct ASAP! Thanks!

In Exchange Online or EOP, We cannot create a transport rule with the action set to Distribution Group.

It errors as follows :

The transport rule can't be created because group@domain.com, the recipient to be added by a rule action, is a distribution group. Transport rules can't add distribution groups to messages. To resolve this error, remove this recipient and specify a different one.

Since there are workarounds to resolve, Can this be fixed directly without any error.

Currently, documents that are labelled can be co-authored in Office, but any document that is encrypted can only be opened by one person at a time. This prevents most of the business scenarios folks use today with two three or more folks editing a document at the same time. Instead - it forces businesses to email copies of a document around after setting AIP policies to allow folks to all edit it. A huge blocker for most of our customers.

Provide in explorer visual indicators that easily shows the classification and protection status of the document, both in the icon views and in the list views showing document properties.

Surface label policies in the Office 365 DLP engines to allow consistent classification, labeling and protection

Enable AIP labelling of OneNote notebooks and protecting of OneNote notebooks, ideally with protection options at the page, section or notebook scopes

Provide a Mac AIP client that is consistent with the current Windows AIP client, and is able to classify and protect documents from the desktop. For the AIP toolbar in Mac Office, use https://msip.uservoice.com/forums/600097-azure-information-protection/suggestions/19602337-integrate-aip-natively-into-office-for-mac.

Provide a central logging service for all sensitivity labeling logs

Add the ability to perform CLP on calendar items and other items like tasks and notes

Allow AutoSave to work when a document is protected. Currently, it becomes disabled when you protect the document which then causes inconsistent behavior across documents and interferes with coauthoring.

Add new policy options to integrate and enforce Conditional Access policies (such as user, device, location etc) when accessing sensitive information depending on the label, including MFA

Expand the visual marking dynamic options to include additional user and device attributes (including from AD, AAD and devices). In particular, add support for the name or email address of the user viewing the document so visible markings can be used to dissuade some vectors for data leakage such as screen pictures.

Create a DLP Policy where you can add the Sensitive Label on it because currently, only Sensitive info type and Retention Label can be added

The ability to add a company logo or image to a signature as an admin globally for all users would be nice. Currently the suggested solution to append a disclaimer isn't ideal as it always posts the image to the very bottom of the email, not the signature. This doesn't work for a back and forth conversation thread since it starts stacking the image at the bottom.

It could be great knowing who changes a label to correct this or who violates the internal classification policy.

Right now you cannot search for administrative Event regarding Unified Labeling in Office 365 Admn portal Audit Log Search.

Office 365 Message Encryption can be leveraged in case of a delegated inbox scenario. If an encrypted message is sent to a person who's inbox is delegated e.g. to a secretary the delegated has the ability to request a one-time passcode to the delegated inbox and so full access on the OME protected message can be gained.

This scenario could be avoided by sending the one-time passcode using SMS because then the delegated has no access to the one-time passcode.

If a user is a designated delegate of a mailbox of another user, allow them to access content protected to that user