Deny All Traffic, Allow only Office 365

Currently receiving a request from customer which they want to offload Office365 traffic. May I know is there method to ONLY allow office 365 and deny ALL others traffics ?

Office 365 needs ports such as TCP 25, TCP 443, etc. opened up depending on features. I would confirm which ports are needed for each direction and add firewall rules accordingly with the default rule set to deny.

If I allow port 443 then user still can access to others https website.