Office 365 spoofing protection and direct send(NO TLS) cross road is on security leak
On office 365 service, it allows you to use devices that dont have TLS support by "direct send" settings. At this point current security level changes and there is no warning or no current settings display as warning. This is important because if you set a direct send just once, your security level drop down to "no protection" and you have to activate some additional barrages( of course if you aware of this). Even you delete the settings you done for "direct send" your security settings are not set back to SECURE leveland you are unprotected to spoofing without any warning.
There must be a simple direct dashboard related status window that shows your current security level..