Same issue and it was for users resolving mail for O365. Not all users, but some were being routed to Melbourne AUS from North America.
I did note that destination AUS IP outbound request was alternating from normal O365 ops to one that looked like a high availability URL.
DNS was initial suspect but noticed same internal resolvers looking for O365 would target the 40.100.x.y ip space in AUS occasionally vs the normal MS ranges in us 52.x.y.z. ONLY clients resolving all or even a few 40.100.x.y were having issues.
Microsoft's response to fix was to advise setting external resovlers to a different public resolver.
Believe some (unknown if all) systems were originally pointed at Google 18.104.22.168 when issue occurred.
Original concern was ZuoRAT MitM DNS redirects - but confirmed at least half of the users were behind corp controlled firewall (DNS backhauled and inspected so no tampering), so ruled that out.
Requested Microsoft to NOT send traffic to foreign countries for regular mailbox access, but no direct control over that that I am aware of.
Interesting to note the Australian Government passed the horrendous anti-encryption act - curious if any tie in there...data goes to Aus, 5 eyes, no encryption, no warrant pulling of data..