I’m not sure if this is the right place for this kind of post, but I think it warrants the attention of whoever is in charge of Office 365 Message Encryption (OME): OME doesn’t remove Exchange X-header fields from encrypted messages, which may expose private information.
OME delivers an encrypted message as an HTML attachment containing a FORM field called rpmsg, whose value is a MIME text (which further contains an attachment message.rpmsg, the encrypted message itself). rpmsg contains X-header fields used internally by Exchange, notably
* X-MS-Exchange-Organization-BCC, the list of BCC’d recipients;
* X-MS-Exchange-Organization-OriginalClientIPAddress, the client’s connecting IP address (some organizations consider it private and also remove X-Originating-IP from outbound messages);
* X-MS-Exchange-Organization-MessageSent24, apparently the number of emails sent within a moving 24-hour window.
You're right, it will take some time unless you have a Premier Support agreement which would potentially shave a week or two off the timeframe. The SR process will allow the support engineer to replicate the issue and then escalate it, as the engineering time needs more than just your word and evidence to prove that it's an issue. :)