Ever since we announced our intention to disable Basic Authentication in Exchange Online we said that we would add Modern Auth (OAuth 2.0) support for the IMAP, POP and SMTP AUTH protocols.
Today,...
Updated Jun 30, 2022
Version 6.0
Blog Post
1 MIN READ
Announcing OAuth 2.0 support for IMAP and SMTP AUTH protocols in Exchange Online
The best two source documents are from this team with titles:
Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online - dated 7/1/2020
Basic Authentication and Exchange Online - July update - dated 28/07/2020
This latter document is especially important as it discusses the partial overlap in function between Security Defaults and Exchange Authentication Policies.
The first document covers the use of Powershell cmdlets to give more granular control over what is enabled/disabled.
In answer to your specific point, a tenant can run any mix of OAuth2 and Basic Auth on its various mailboxes - very necessary for a large transition - although you may need to switch Security Defaults off.
We make extensive use of PHPMailer for SMTPing from our various websites and eventually needed to write a wrapper* that supported OAuth2 and Basic Auth for both MSFT 365 and GMail
* decomplexity/SendOauth2 on GitHub and Packagist