I appreciate that you recognize how this issue isn't caused by AquaMail.
Can't comment on EWS -- it's basically "web browsing" and 443 is *the* standard port for HTTP... Shouldn't be a problem really, but I understand that it is sometimes...
Now, IMAP and SMTP... Sorry don't have a "just do this" solution.
* "STARTTLS" is what's called "TLS" in some other apps (and is called something else again in some other apps... the naming isn't always consistent).
It's "connect first, then enable encryption"
* "SSL" is "connect with encryption right away"
* port 143 + STARTTLS (TLS) is used for IMAP, that's incoming.
And you mentioned having to change the outgoing server. Doesn't make sense.
outlook.office365.com
STARTTLS
port 143
* port 993 + SSL is another, valid, standard, combo for encrypted IMAP (not just Office 365)
outlook.office365.com
SSL
port 993
* I am able to connect to outlook.office365.com using either way (993 + SSL or 143 + STARTTLS) from my home desktop computer, using low-level network testing tools.
* Outgoing:
Microsoft doesn't like using "SMTP + SSL + port 465" in their products (Office 365, Hotmail...)
They prefer using STARTTLS ("connect first, then enable encryption") and here you have the choice of using port 25 (commonly blocked) or port 587 (less so)