SPF records to validate your email as 'ham' (not spam)

We recommend that you add a Sender Policy Framework (SPF) TXT record to your DNS record to help prevent spoofing. SPF identifies which mail servers are allowed to send mail on your behalf. Basically, SPF along with other technologies supported by Office 365 help prevent spam.

SPF is added as a special DNS record that is used by email servers to identify which mail servers are allowed to send email for your domain name. Receiving mail servers can check this record to determine whether a message from your domain comes from an authorized messaging server. If it does not, they can filter it as spam. If your domain does not have an SPF record, some servers may reject the message entirely.

If you are just using Office 365 & Exchange Online, your SPF record should look like this:

v=spf1 include:spf.protection.outlook.com -all

If you use Sharepoint Online, then you may need the following record instead:

v=spf1 include:sharepointonline.com -all
You should be able to find the required base record within the domain section of Office 365. Run a domain check on the domain in question, and it should present the records required for your particular domain.
Things to consider
You may send email from other locations, therefore you will need to add these into the SPF record. This includes, but is not limited to your devices within the office (scanners for Scan-to-Email functionality), other internet-based services such as Xero or Mailchimp.
These services should provide documentation on what records should be added to your SPF record. Usually you will need to add their record and merge it into yours.
For instance, if you use Mailchimp to send some marketing emails, their published SPF record is:
v=spf1 include:servers.mcsv.net -all
What you will need to do is to take the 'include:' statement and add it to your SPF record, so it should then read:
v=spf1 include:spf.protection.outlook.com include:servers.mcsv.net -all 
Although SPF is designed to help prevent spoofing, there are spoofing techniques that SPF cannot protect against. In order to protect against these, once you have set up SPF, you should also configure DKIM and DMARC for Office 365. To get started, see the Microsoft article Use DKIM to validate outbound email sent from your domain in Office 365.