MS has clarified the requirements for split tunnel configuration when used with Office/MS365 products. They have also released an onboarding tool that checks whether the VPN is correctly configured for Office365 split tunnelling.
UPDATE: I have this completely wrong. This will cause just Office 365 traffic to be tunnelled - rather than excluded. You need to make sure you only specify your internal subnets instead. I have removed the broken answer.