I would call it "requite TLS negotiation recipient domains", so it would fit to the existing options.
Im my eyes the most important part. With this feature I could easily ensure transport encryption for a certain domain. As Ralf already noted, hosts/nets are not useful because MX records may change.
Since we have deployed SSTP with TMG, our workers can use VPN nearly everywhere - especially in hotels and foreign offices. No need for any NAT Traversal/UDP ports, just https 443... great!
Unfortunately UTM has no SSTP/VPN support yet. This is one of the two show stoppers for our migration (the other is nissing windows auth in WAF).
Of course this is true for win8/8.1 as well...
Always remember, DSCP tagging with a QoS group policy is the way Microsoft recommends it for Lync:
Once your Lync packages have the appropriate DSCP values you can define the policies on your network devices. Centrally configured, this works straight through all your infrastructure. Cisco, HP, Juniper... Only Sophos UTM is (still) missing. This is really a pity because especially for the WAN links (Sophos RED!) QoS is important.
Of course, DSCP tagging with QoS group policies is not limited to Lync at all…