I wanted to suggest some improvements for the article Setup up Microsoft Office 365 with Sophos Firewall :
7. Relay Settings:
Putting "Any" into the box "Upstream Host" -> "Allow Relay from Host/Network" will NOT let you send mails to a smarthost. With "Any" everytime the firewall tries to send to the configured smarthost, it fails. As soon as I got rid of the smarthost, mails are being sent succesfully. However: if I delete "Any" and put the DNS-Name or IP-Adress of the smarthost and then configure a smarthost, it works perfectly fine.
When trying to get any info out of the command "nslookup -q=MX <domain>" it never showed any IP-Adress for the mx record (for me at least). Even when i resolved the name to an ip-address using a different service, creating a host and selecting it for mails to be routed to the ip-address, it wouldn't work for me. Afterwards i created a policy for every domain each with the option "Route by" -> "Dns-Host" -> "mx-record from M365" , which again worked perfectly fine.
If some explanations were unclear, feel free to contact me.