If you use Office 365's webmail interface to prevent email recipients from seeing your local IP address, you are out of luck. When sending email through Office 365, your local IP address will be injected into the message as an extra mail header.
Operating a web site and focusing on infosec related topics has made me a paranoid person. This leads me to send replies to stranger's emails via webmail so I do not expose my local IP address for security and to protect my privacy.
It turns out that if you have been using the Office 365 webmail interface to hide your IP address, you are not hiding anything.
When sending an email via Office 365 (https://outlook.office365.com/), the service will inject an additional mail header into the email called x-originating-ip that contains the IP adress of the connecting client, which in this case is your local IP address.
authentication-results: spf=none (sender IP is ) [email protected]
x-originating-ip: [23.xx.xx.xx]
x-ms-publictraffictype: Email
BleepingComputer tested the webmail interfaces for Gmail, Yahoo, AOL, Outlook.com (https://outlook.live.com), and Office 365.
None of the webmail interfaces other than Office 365 injected the user's local IP address, which is what most have come to expect when using webmail.
If you are using Office 365's webmail interface and wish to keep your local IP address private, at this point you will need to connect to the webmail using a a VPN or Tor. This will cause the services's IP address to be injected into the email rather than your local one.
Enterprise level feature
According to responses in Microsoft answers forums, Microsoft removed the x-originating-ip header field in 2013 microsoft office webmail exposes address emails
