The 'Log' checkbox cannot be selected within the Microsoft 365 Authorization interface.
You cannot select Log only (do not reject mail with invalid X-OriginatorOrg header). option that is available under Dashboard > Platform > Outbound Routes: Microsoft 365, Configure:

Email Security.cloud accepts email from your Microsoft 365 tenants when the envelope sender domain matches a domain in My Domains or Third-party Domains, and the Microsoft 365 X-OriginatorOrg header matches the envelope sender domain.

If your tenant’s organization ID does not match the sender domain, add the organization ID below. The table may include X-OriginatorOrg values that Email Security.cloud has detected in email from your domains. If you recognize an organization ID and want Email Security.cloud to relay the email, authorize it.
If you do not recognize an ID, another Microsoft 365 tenant may be either:
a) redirecting emails sent to it from you, or
b) abusing your domain.
If you suspect abuse, report the issue to Microsoft.

We are going to keep this option disabled, so please review data collected on your tenant in the table above and authorize every organization ID you recognize is sending emails on your behalf.

Contact Technical Support to temporarily enable log-only mode when troubleshooting mail delivery problems.