@bdelamotte83 So I don't know if you're still looking for an answer to this, but it certainly is possible and it works well. Microsoft has even built functionality in to Office 365 to allow for this, they just don't recommend it because (of course) they prefer you use their product as opposed to someone else's.
I'm writing this assuming you route your email through a third-party email security gateway, which then passes email along to Office 365. The feature you are looking for is called Enhanced Filtering for Connectors in Exchange Online: "Enhanced Filtering for Connectors (also known as "skip listing") allows you to filter email based on the actual source of messages that arrive over the inbound connector." In fact, this feature is designed just for the scenario you're describing: "Enhanced Filtering for Connectors is meant to show the value of Exchange Online Protection (EOP) and Advanced Threat Protection (ATP) ... Although it is possible to keep Enhanced Filtering enabled as a permanent solution..."
We use Proofpoint's email security gateway and wondered the same thing as you - can we layer on Exchange EOP protection in order to increase email security for our end users? The answer is yes, and we've just rolled this out to our entire organization. Using this feature also allows you to see what sort of emails EOP would have blocked without actually blocking them. EOP still analyzes the emails, but if you have a rule bypassing this filtering, it won't actively block them until this rule is in place.
I'm happy to give you more details on how exactly this works and how you can perform phased testing for some users - let me know if you're interested. There is not a lot of documentation on the mechanics of enhanced filtering, but I can attest to the fact that it works well, blocking a lot of additional phishing, BEC, and junk email that Proofpoint doesn't catch.
