You can forward these emails to : [email protected] or use the Outlook plugin to report and hopefully Microsoft should block these in future : https://www.microsoft.com/en-us/download/details.aspx?id=18275
Microsoft have actually now got a new filtering service for 365 however its paid for and by user you could maybe try : https://products.office.com/en-us/exchange/online-email-threat-protection
It’s not uncommon nowadays to have another third party appliance such as a barracuda or a hosted service such as post fix to filter items before they get to 365. It seems once a spammer figures out how to exploit 365 , all domains get the same spam. 2 layers of protection is safer!
1) Make sure your own SPF Records are in check : http://www.spfwizard.net/
2) Get your DKIM records in check : http://blogs.msdn.com/b/tzink/archive/2015/10/08/manually-hooking-up-dkim-signing-in-office-365.aspx
3) Get your DMARC Records in check : http://blogs.msdn.com/b/tzink/archive/2014/12/03/using-dmarc-in-office-365.aspx