That's not something Network Firewall is able to do. First, the traffic between the user and Office 365 is likely to be encrypted. And even if Network Firewall could inspect encrypted traffic, a user connecting to Office 365 isn't going to have a single (or even a few) sessions to one or (a few) servers - it's going to be a lot of different connections that need to be inspected and dealt with as a single entity. That's really difficult.
You might explore tenant restrictions and see if that helps at all.
Network Firewall logs unusableasked 10 months ago
AWS Network Firewall to allow particular Office 365 tenantasked a month ago
AWS Network Firewall limiationsasked 2 months ago
Transit Gateway and AWS Network FirewallAccepted Answerasked a year ago
When to propose AWS Network Firewall vs 3rd party options?asked 5 months ago
SSM Network firewall auditasked 9 months ago
AWS Network Firewall Domain list Portasked 5 months ago
AWS Network Firewall Managed Signaturesasked 5 months ago