One of the features in 10.x is Retrospective Remidiation. If AMP has let an attachment through that later turns out to be malicious, the ESA can log in to the user's mailbox and delete it. This is only available on O365.
I expect that it will be available soon on on-premises Exchange soon as they are releasing the REST api that O365 has in the next rollup for Exchange...
I don't know of any other O365 specifc stuff in the ESA.