The only thing missing is reverse DNS lookup capabilities, and maybe the MTA-STS DNS records (which I might have overlooked).
In my case I had to switch the provider my domains were kept at, because their DNS setup there didn't allow to maintain reverse DNS zones.
I am mentioning this specifically, because without it you land in the spam folder for Outlook users, no matter the rest.
Of course you could run any spam operation on Azure without any validation mechanism and still bypass their spam filters with those IP ranges instead...
MTA-STS is also quite important because if the other MTA supports it, they will always enforce SSL/TLS usage without all that STARTLS crap.
Edit: oh, and DNSSEC. Without it, a lot of those verification URL scraper mechanisms will downgrade your domain reputation real quick.
Are you sure about the DNSSEC thing there? The overwhelming majority of deliverable domains aren't DNSSEC-signed (because the overwhelming majority of all domains isn't).
The only thing missing is reverse DNS lookup capabilities, and maybe the MTA-STS DNS records (which I might have overlooked).
In my case I had to switch the provider my domains were kept at, because their DNS setup there didn't allow to maintain reverse DNS zones.
I am mentioning this specifically, because without it you land in the spam folder for Outlook users, no matter the rest.
Of course you could run any spam operation on Azure without any validation mechanism and still bypass their spam filters with those IP ranges instead...
MTA-STS is also quite important because if the other MTA supports it, they will always enforce SSL/TLS usage without all that STARTLS crap.
Edit: oh, and DNSSEC. Without it, a lot of those verification URL scraper mechanisms will downgrade your domain reputation real quick.