Hello Michael, It's been a couple of years since my last organization migrated in a Hybrid scenario to Office 365. We had a Cisco Ironport device that handled email content similar to the Sophos UTM. We set up send and receive connectors to the Cisco Ironport that was in-between Office 365 and our on-Premise Exchange servers. Eventually we phased out the Ironport and had all filtering done by Office 365.
I can say that when we configured our email to go through Office 365 we HAD to change the MX records to point to their servers. Not sure you can set up your Sophos UTM as the main MX and then route through Office 365. You may get errors in Office 365 when it checks for your domain's DNS settings.
Sophos Central is the unified console for managing all your Sophos products. Sign into your account, take a tour, or start a trial from here. To provide you with the best possible protection and the latest technology, Sophos Central is available for trial. Sophos PureMessage has entered the End of Sale/End of Life phase of the product lifecycle. For more information on product retirements, see the Product Lifecycle Page. Mar 06, 2019 Currently, our mx records point to our Sophos UTM, which is a SMTP proxy, that relays to our Exchange Server. I still want to have all email routed via our Sophos UTM, whether cloud O365 mailboxes or on premise, to take advantage of all scanning/filtering etc. Sophos Email is integrated into Sophos Central, the intuitive cloud-based console for managing all your Sophos products. Only Sophos Central lets you build and manage multiple lines of defense from email-borne threats, allowing you to respond to threats faster. This includes secure email, cybersecurity a. PureMessage 4.0.4 can be used with Microsoft Exchange 2013 and 2016.
I would keep the MX pointed to Office 365, set up send and receive connectors back to your Sophos device as a middle-man.
Sophos Utm Exchange
The link below has some good guidance.
Mail flow best practices for Exchange Online and Office 365 (overview)
Sophos Exchange 2019
Sophos Exchange Hack
That's my take.
Sophos Exchange Log
Hope it sheds some light .