In order to use Exchange Sync, you need to create a new username or use one of your existing users and convert it to a service account. So this will be an account with impersonation rights for the mailbox of each Exchange Sync user
Impersonation enables the service account to impersonate other user accounts to be able to access and sync other Exchange users mailboxes with Salesforce. Your Office 365 administrator will need to grant any service account that will be impersonating other users the "ApplicationImpersonation" role from the Office 365 Exchange Admin Center
How to create a user for a service account
A service account is just an account that you use for an Exchange Web Services connection. It can be any account with a mailbox.
To add a user account
1. Sign in to Office 365 with your credentials.
2. Go to the Office 365 admin center by selecting the app launcher icon in the upper-left and choosing Admin.
3. On the left select ACTIVE USERS select the + sign to Add new users
4. On the Create new user account, populate the necessary fields.
5. Uncheck the box for Make this user change their password with Outlook Web App on next login. and click on Create
Additional information is available on this topic by Microsoft. How to Add users individually to Office 365 - Admin Help
Enabling a service account
Now that you created a new user, you would need to assign the "ApplicationImpersonation" role to it so it can act as a service account for other user's mailboxes. To do so,
1. Go to the following URL: https://outlook.office365.com/ecp/
2. Provide your credentials to log into Office 365.
3. Exchange Admin Center ( EAC ) opens in your browser window:
4. Under Permissions, click on admin roles
5. Hit the plus sign above the table to create a new Role group
6. On the New Role group pop up window, type in a name in the Name field
7. Hit the plus sign below the Roles: area and select ApplicationImpersonation in the list under DISPLAY NAME then click the add - > button and then click OK
8. Under the Members: section click on the plus sign and select the user that you created previously as a service account to use with Exchange Sync
9. Select the add - > button and then click OK
NOTE: Rather than adding the actual user mentioned to the "Role group" there may be advantages assigning the user to a "Security group" instead and adding the Security group here instead of the user.
10. Your should have something similar to this
11. You have successfully created your service account. So the username: ServiceAccount1 will act as your service account to impersonate other user's mailboxes that your Salesforce Administrator will configure in the Exchange Sync Configurations
To check that the correct user has the ApplicationImpersonation role, in the Permissions window, in the Exchange Admin Center (EAC) highlight the name of the Role you created which in our example it would be Exchange sync role group and in the right hand pane observe the Assigned Role and Members
The validity of the role applied and the permissions of the user can be tested using the Microsoft Remote Connectivity Analyzer