FYI, it looks like Fortinet DNS servers are having issues with O365 today. Outlook web and desktop clients are providing invalid cert prompts for a cert that expired in 2010 for some non o365 URL. I opened a support case to Fortinet and they found that this appears to be a global issue with their DNS servers currently, regardless of the DNS protocol used. For now, we've adjusted DHCP to point to other public DNS servers to get customers working again.
I believe that the best approach is to use the DNS from your ISP provider or a DNS server from your country. You can change the interface DHCP settings from "Same as Interface IP" to "Specify" and put the DNS there. In the FortiGate DNS, you can still use the FortiGuard DNS servers.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.