After enabling Mimecast for Inbound routing , Threat Protection Re-Writes the URLs for Safety. When this is enabled with the following 365 Spam Check : Image links to remote sites
Which : Messages that contain
<Img> HTML tag links to remote sites (for example, using http) are marked as spam.
All Inbound emails with Images with Hyperlinks get marked as Spam by Office365. Make sure this is turned off!