I recetnly had an email coming to Office 365 fail and the user recieved the following message.
Delivery has failed to these recipients or distribution lists:
Your message wasn’t delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
By using the Message Trace feature in 365 you can search for all failed items to get details about the failed messages. In this case, the action “Reject message” referenced a Transport rule called by it’s ID number.
The issue is that you can look all you want in 365 but you will not find this ID number. To track it down you need to go into power-shell and run “Get-TransportRule” to view all your rules. Then one by one run “Get-TransportRule “transportrulename” | Format-List” where transportrulename is the name of your rule. The result will give you a ton of info along with a “Guid” for the rule that should match up.
In this case, we had a transport rule that blocks emails with .zip attachments and senders usually receive a descriptive message letting them know why it was blocked…but not in this case.
Hope this can help someone else trying to troubleshoot a failed message using Office 365 (exchange online) or Exchange.