If your firewall lets you bypass data checks by FQDN, this works well; just import this into an alias and use that as the “To” for a rule called ExchangeOnline, for ports 80 and 443:
*.office.com *.office365.com *.office.net *.onmicrosoft.com *.microsoftonline.com *.microsoft.com *.live.com *.windows.net *.microsoftonline-p.com *.microsoftonline-p.net *.microsoftonlineimages.com *.msecnd.net *.msocdn.com *.glbdns.microsoft.com *.activedirectory.windowsazure.com *.verisign.com *.symcb.com *.symcd.com *.omniroot.com *.geotrust.com *.entrust.net *.public-trust.com
The above is condensed from here. It includes only Exchange Online, there are some other items to be added for other Office 365 services including Skype etcetera.