Advanced Office 365 Routing: Locking Down Exchange On-Premises when MX points to Office 365

Rana_Banerjee this solution can works fine if your Exchange is behind a third-party antispam solution, I explained the reason here: "Basically, the rule doesn’t rely on the Internal/External condition, but it will looking for the X-OriginatorOrg presence. If we find any header containing X-OriginatorOrg, we are sure that someone sent it bypassing the 3^rd-party antispam. The reason is that X-OriginatorOrg is only accepted by Exchange if the message was sent through mail.protection.outlook.com STARTTLS. Your antispam will accept this header, but when the antispam send the message to the Exchange, this header should be stripped as your antispam doesn’t has mail.protection.outlook.com certificate."

No caveat as far as I know, just be sure that you are not using Externally Secured in your Exchange receive connector and you don't have too many domains to add in the rule exception, otherwise you probably will reach the size limit of the transport rule.