My SMTP was not blocked because I have another email domain that uses basic auth and that works fine.
It's also not my oAuthV2 plugin because receiving vie IMAP works. (And my tokens are valid and pull through to MS365)
If I whitelist my Server IP on MS365, I can send mails from from OST via MS365 without auth, but then it gets flagged on the received side as spam.
I managed to get mine working by simply downgrading my OST to v1.17.4.