Initial deployment and long term maintenance of DMARC is made harder, while messages that should never be delivered at all due to the work of other 3rd parties are allowed through. The specification ironed out all of the reasons for these procedures when it was originated. There's nothing about Office 365 that should make it a special exception to the specification.
It's everybody else's reject policies not being enforced that are the problem, not your own.
Initial deployment and long term maintenance of DMARC is made harder, while messages that should never be delivered at all due to the work of other 3rd parties are allowed through. The specification ironed out all of the reasons for these procedures when it was originated. There's nothing about Office 365 that should make it a special exception to the specification.
It's everybody else's reject policies not being enforced that are the problem, not your own.