Sender Rewriting Scheme (SRS) functionality was added to Office 365 ( and other platforms ) to resolve a problem in which autoforwarding is incompatible with SPF.

SRS rewriting does not fix the issue of DMARC passing for forwarded messages. Although an SPF check will now pass by using a rewritten P1 From address, DMARC also requires an alignment check for the message to pass. For forwarded messages, DKIM always fails because the signed DKIM domain does not match the From header domain. If an original sender sets their DMARC policy to reject forwarded messages, the forwarded messages are rejected by Message Transfer Agents (MTAs) that honor DMARC policies.

So if you are forwarding emails , you can set SPF to Hard Fail , but DMARC you will not be able to fail due to DKIM