For the sake of this discussion, we'll use the fictitious domain name "widget.com" as our example.
widget.com is hosted on Office365 and the client would like to have Emails sent between users to be scanned by Proofpoint Essentials.
Normally, when userA@widget.com emails userB@widget.com, the Email never travels through the internet - it stays on Office365 -- similarly to any on-prem mail server solution. However there's a trick you can do to have Email from two different users on Office365 to be forced to get scanned by Proofpoint Essentials.
You will need to setup a separate rule for external destinations so they route through proofpoint normally via the outbound smarthost.
First, you need to create a bypass connector that will be called by a mail flow rule that will use MX resolution.
Then next next next ... test the connector in enable.
Once the connector is created, time to make the mail flow rule.
The result:
When userA sends an email to userB@widget.com - the email will show up in the incoming message log @ proofpoint. The only drawback of using this technique is you will need to put in an allow rule to prevent Emails coming inbound like this from getting caught as spoofing. Like so:
The drawback is your inter-user emails won't be scanned for spam but they will be scanned for viruses, attachments, attachment defense and URL defense should still kick in.