P=Reject when using hosted email security?

PaulC

We are aiming to set a DMARC policy of P=Reject on our domain but a third-party tool we use to monitor DMARC reports (Dmarcian) shows that outbound emails sent by/through Hosted Email Security are only 85% compliant.

It looks like the Sonicwall sends out 15% emails with the organisation From: address, but SPF address of e.g. ams0vm-hesra06.colo.sonicwall.com and no DKIM

I can't tell what these emails might be because I can only see summary reports

Has anyone else got P=reject implemented?

Thank you