Harland,
First a disclaimer: I am not an IT professional.
I assume you have automatic certificates working.
Setting up the secure protocols for the ports is pretty straight-forward. You simply choose the encryption (SSL/TLS) and it will change the port if needed. Either way, it uses the encryption method the server supports, hopefully TLS, SSL/TLS is really more of a distinction of the connection method. There's another thread on that. If you want, say, SMTP (TLS) and SMTP (SSL), you will need to add one of them.
DKIM and DMARC are straight-forward. Smartemail gives you the selector (name) and data for the DNS entry
MTA-STS is a little more complicated. There is only one place to put your policy file, you can't specify it. it has to be in wwwroot/.well-known, which you have to create. SmarterTools has not to my knowledge confirmed that .well-known is OK for us to use as we see fit, that they won't stomp on it at some point, but auto certs still worked when I was done. All of my domains have mx records to a single mx, not related to the domain name. So my policy file is simple. You can have multiple mx in the policy file, but I haven't tried multiple domains. Since my policy file is a different domain from any domain that uses it, I'm guessing it will be OK.
It might be better to wait until SmarterTools officially adds the feature, and I would assume in a way that they synthesize a simple policy file for each domain. If you or anyone else wants me to go deeper into it, I can, but there is a lot of info out there. DM me if you want to discuss it further.
BIMI is easy, but really not all that meaningful without an expensive verified mark certificate. I just set it up so my smartermail accounts can see each other's BIMI images. The hardest part is creating the .svg image, but after that you just drop it in wwwroot, or any website that can host it and create a DNS record that points to it.