Microsoft
MicrosoftDhairyya_Agarwal Thanks, I’m aware of that article. However, I believe email security is a significant concern for our customers. We’re not discussing pseudonymized data here; we’re talking about emails containing sender/recipient information and potentially personal data in the body. Wouldn’t it be sufficient if, by default, only the header information is sent during email submission, and the sender’s/recipient's email address is included only if necessary (for instance, if it’s from a known bad actor)? This approach would simplify things, especially for our customers in regulated organizations or the public sector who cannot use Microsoft Defender for 365 due to data transfer issues. I understand that GDPR permits these transfers, but our customers’ compliance policies do not.
