When sending an e-mail through a Microsoft Office 365 solution, the service will include an additional x-originating-ip header in the e-mail containing the IP address of the connecting client, reports the BleepingComputer command.
Journalists tested the interfaces Gmail, Yahoo, AOL, Outlook.com and Office 365, and none of them, except Office 365, did not disclose the local IP-address. You can hide an IP address only using VPN or Tor. In this case, the IP address of the services will be added to the email address, not the user.
In 2013, Microsoft removed the x-originating-ip header from Hotmail for the sake of user security and privacy. However, for the Office 365 solution used by enterprises, this header was intentionally left so that administrators could search for email sent to their organization from a specific IP address. This is especially useful for determining the location of the sender in case of a hacked account.
Office 365 users who want to hide their IP address can create a new rule in the Exchange admin center and remove the x-originating-ip header. For security reasons, users are advised to leave this option enabled.