Re: A study?
A local government (1+ million residents) switched to Orifice 365 from in-house Exchange with a third-party spam/malware detection product to native Microsoft. Over a year later they are still battling up to a hundred-fold increase in the amount of spam and bad stuff.
We've reported several account takeovers to their staff that resulted in us receiving phishes, stuff where X-Originating-IP showed non-English speaking foreign countries as the source. Amazingly, it seems Orifice 365 has no concept of geo-blocking. (And politicians cannot be inconvenienced by 2-factor).
We also stopped receiving emails from them for a few weeks because all of their US-to-US emails were suddenly being routed through Austria and we do geo-block. It seems you need to shovel more money at Microsoft to gain control over how your email is routed and they did not do that and won't. They actually gave a presentation on their experiences with the move at a security conference.
We have a list of banned email attachments that we manage ourselves on the non-Microsoft Internet SMTP gateways before passing them to Exchange. It's well over a hundred file extensions long and we still add to it. The most frequent additions were .wix and .iqy