Hi Bart,
Do you have SPF, DKIM and DMARC configured?
You should not have to resort to transport rules to block phishing emails.
ATP just added blacklisting capability so that you can add URL's into the ATP blacklist, avoiding the need to create transport rules.
I understand that is not in your budget though.
Another option is you can report these phishing emails to Microsoft. In the OWA interface, there is a junk menu - click that and in the drop down select Phishing.
Another thing you can try is to make sure that 'Enable safe list' is not checked in the EOP Connection Filtering option. This is because some spammers will use legitimate websites like Godaddy to send emails which are technically in that safe list, so you may see a reduction of spam/phishing emails if you uncheck that box.
In the EOP Spam Filter "Bulk email" settings, I recommend setting the threshold at '5'
Lastly, in the EOP Spam filter advanced options, I recommend setting 'SPF record: hard fail: to ON" as this will make it harder for those sending phishing emails to get through SPF checks.

Try those out for a few days and let us know if that helps. I had another client try these settings and they said it was a big help for them.

Check out the Best practices for configuring EOP and make sure these are being adhered to. Also, have a look at the Implement Microsoft Exchange Online Protection presentation (from last year) for tips on spam/phishing prevention.  For more background info check out Terry Zink: Security Talk he has a lot of good info, like Why does spam and phishing get through Office 365? And what can be done about it?, though not a recent article. 

 

Before we moved to a third party email threat protection system, we found EOP to do a reasonable job at catching spam/phishing but the consistency wasn't always high enough.