Step 1: Check if the SLA Performance called 'Default_Office_365' has failed.

Step 2. Confirm if having the default 'Default_Office_365' SLA Performance is being used.  On CLI use the command 'diagnose sys sdwan health-check status'.

Health-check can be also verified via GUI, select SD-WAN -> Performance SLAs and edit 'Default_Office_365'.

Step 3: Confirm if there are routes on the database routing table using port2 that are marked as inactive.

In the above screenshot, the routing table does not have an entry for the default route to the Internet via port2, and the database table has one entry using port2 marked as inactive. 

Solution 1: Remove port2 from the 'Default_Office_365' health check, select 'OK'.

Or

Solution 2: Disable the 'Update static route' option inside the 'Default_Office_365' health check, and select 'OK'.

The routing table should have installed the default route via port2 and the database routing table should have changed the route to active.

Note: Microsoft also restricted HTTP protocol (port 80) access on www.office365.com. This will bring the status DOWN for participating SDWAN members in the relevant performance SLA. If instead Ping Protocol is used for office/office365 it will work. Need to check supported protocols on the probe server(s).