This is how ours looks like, with the right SMTP Relay settings of course. We add our Epicor Servers and TA Server to SPF.

Direct Send

Features of direct send

• Uses Microsoft 365 or Office 365 to send emails, but does not require a dedicated Microsoft 365 or Office 365 mailbox.
• Doesn’t require your device or application to have a static IP address. However, it is recommended for your device or application to have a static IP address, if possible.
• Doesn’t work with a connector; never configure a device to use a connector with direct send because such a configuration can cause problems.
• Doesn’t require your device to support TLS.

Direct send has higher sending limits than SMTP client submission. Senders are not bound by the limits described in Option 1.

Requirements for direct send

• Port: Port 25 is required and must be unblocked on your network.
• Static IP address is recommended: A static IP address is recommended so that an SPF record can be created for your domain. The SPF record helps avoid your messages being flagged as spam.
• Does not require a Microsoft 365 or Office 365 mailbox with a license.

Limitations of direct send

• Direct send cannot be used to deliver email to external recipients, for example, recipients with Yahoo or Gmail addresses.
• Your messages will be subject to antispam checks.
• Sent mail might be disrupted if your IP addresses are blocked by a spam list.
• Microsoft 365 and Office 365 use throttling policies to protect the performance of the service.

If you need more flexibility, usually you install your own SMTP Relay on-prem and then have that relay with better AUTH options to O365. You can find plenty of local SMTP Servers that can take a basic SMTP and forward it with more power!