https://www.bleepingcomputer.com/news/security/25-percent-of-phishing-emails-bypass-office-365-default-security/

Roughly 25% of all phishing emails found in a batch of 55 million analyzed emails were marked as clean by the Office 365 Exchange Online Protection (EOP) and reached the users' inboxes, while another 5.3% were whitelisted instead of getting blocked because of admin configurations.

The rest of 69.7% of phishing emails were blocked by Office 365 EOP, with 49% of them getting marked as spam and 20.7% getting tagged as "phishing."