SendGrid sent to spam on internal domain

I’m using SendGrid with a whitelabel to send email from my domain name, a-non-existent-account@example.com. The whitelabel works perfectly for outside delivery, but when sending to an inside account on O365 internal.user@example.com the messages are trapped in the O365 spam filter.

The headers are showing a passing dkim for my traffic, which I should be able to build a transport rule on but I have no idea how to do it.

Authentication-Results: spf=pass (sender IP is 208.117.55.133) smtp.mailfrom=whitelabel.example.com; example.com; dkim=pass (signature was verified) header.d=example.org;example.org; dmarc=temperror action=none header.from=example.org;compauth=pass reason=111 

I’m thinking I need a transport rule based off the whitelist Authentication-Results header, but I’m at a loss as how to do it. I don’t want to have to pay for a static IP from SendGrid unless absolutely necessary.

This is really a tiny issue in the grand scheme, but really annoying at the same time.