Whitelist your web server outgoing IP on Office 365 connection filter.
EAC > Protection > Connection filter > Allow list.
Configure inbound connector Office 365 by specifying the source IP as your web server IP. Which will bypass connection filtering on Office 365 if it’s not blacklisted.
Please verify and make sure the web server IP is not blacklisted on any of the Microsoft partner blacklists
If the IP is blacklisted on any one of the Microsoft partner RBL, connections from the IP will not be accepted by office 365. Remove the IP from blacklist if in case blacklisted.
EAC > Mail flow > Connector > Direction 'Your org e-mail server' to 'Office 365'
If it fails on port 587, possibly due to certificate or TLS version issue, try relaying through the port 25 with SMTP authentication.
If you are not using SMTP authentication, specify the smart host as Office 365 MX record for the respective domain and use port no 25
Smart host: domain-com.mail.protection.outlook.com
SMTP authentication: Null