From a long time ago we use the SPF record to avoid that spam are sent using your e-mail adresses. But SPF is not enough (especially for cloud based service, but with Office 365 you are not to much subject to this remark ...).
Anyway there is service that is automatically set on your initial Office 365 domain (xxx.onmicrosoft.com): DKIM (DomainKeys Identified Mail). You will have to activate it and finalise the setup for your custom domain but it's very simple and quick.
This is in fact a "PKI light" service that will act on your mail header only by stamping it and the receiver will found the public key by your DNS and so can authenticate the header -> your mail address.
You have here the complete setup guide :
This will also help if you have to use a mailing provider on your behalf.
Concerning the DMARC it's an extension that will give more power to indicate what to do with your mail by your receiver regading the SPF and DKIM process.