Starting this month through May 2022, Microsoft will incrementally roll out outbound DANE support (*enabled by default*) for all hosted Exchange Online domains:
https://m365admin.handsontek.net/upcoming-release-outbound-smtp-dane-and-dns...
As previously announced in the blog post Support of DANE and DNSSEC in Office 365 Exchange Online, we will be adding support for SMTP DANE and DNSSEC to Exchange Online (EXO). DANE combined with DNSSEC is the state-of-the-art for securing email, and to optimize its effectiveness both standards will be enabled by default at the system level for all EXO customers.
If your cert rollover practices are sloppy, with transient certificate chain validation failures after each key/cert rollover, as stale TLSA records age out from caches or are only updated after problem reports, then this is a good time to either up your game, or stop publishing TLSA records. Having stale TLSA records that delay or break email delivery does neither you nor the people sending you email any good.
Please follow best-practice and pre-publish matching TLSA records for the upcoming certs a few TTLs before certificate deployment. If that's too hard, disable DANE until you can implement a more robust rollover process.