You can set up a Connector in Office 365 to apply security restrictions so that mail from your organization will only be accepted if it comes through MailRoute servers.
This information is excerpted from the Microsoft document at
1. Login to your Office 365 account
2. To create a connector in Office 365, click Admin, then click Exchange to go to the Exchange Admin Center. Next, click mail flow, and click connectors. If any connectors already exist for your organization, you can see them listed here.
3. To start the wizard, click the plus symbol +. On the first screen, choose the options that are depicted in the following screenshot:
4. Use these options during setup:
You have to enter 8 different IP address blocks here for MailRoute: 220.127.116.11/24, 18.104.22.168/24, 22.214.171.124/24, 126.96.36.199/24, 188.8.131.52/24, 184.108.40.206/24, 220.127.116.11/24, 18.104.22.168/24
To enter multiple IPs, click on the + button.
When you set these restrictions, all mail sent to your organization must be sent from MailRoute IP addresses range. Any Internet mail that does not originate from this IP address range will be rejected.
It can take Microsoft 45-60 minutes to apply the changes you just made to your configuration.