Thanks for the information, I would like to stress that most of the documentation for this stuff is developer oriented, while most of the people using mail flows for applications are NOT developers. Trying to walk a non-developer through getting an access token for Oauth grant flows, instead of just filling out the username/password fields in a nice gui that worked for years is proving to be VERY problematic.
I applaud increasing security, however I must state how much more of a burden this puts on admins as the usability factor on this new method is beyond awful. I am very surprised that this went forward after 2 years of being on hold, without improvements to the user interaction experience. Also, you may want to emphasize the user of the offline permissions so people dont end up having to request new token constantly.