If a user creates a brand new document directly in OneDrive and includes an image, neither the O365 Securlet nor Gatelet will perform any OCR analysis on that document. In contrast, if the document is created on the user machine (i.e. local install of Microsoft Word) includes an image and then is uploaded to OneDrive, the DLP OCR analysis is performed as expected.
Expected behavior: Documents created on OneDrive directly with images should receive OCR analysis through the O365 securlet and gatelet. If resulting OCR text is in violation of DLP policy, an external DLP policy violation should be recorded according to configured DLP policies.
This is being investigated.
if the user were to modify/save the downloaded document with locally installed MS Word or to create a similar document using a local install of MS Word and insert the same image of sensitive information, then upload this document onto OneDrive, the O365 Securlet and Gatelet will perform OCR analysis on this document and raise an external DLP policy violation.