This is a hybrid exchange env. For DLP, I have a policy that is priority 0 and a policy that is priority 1. Both of these policies share a distribution group. It seems to be almost random which policy is assigned when a DLP event is generated. I've change the registry keys and copied policy nudges of functional machines, only to have the policy revert itself. The biggest difference in the two policies is that policy priority 1 has the "business justification override" feature turned on and policy priority 0 just has the override feature. Is there more granular logs I can look at to find out where it's breaking / how it's breaking? Any thoughts or need more info? Thanks!