Update: The full timeline for retirement of Basic Authentication in Exchange Online is now published in Basic Authentication Deprecation in Exchange Online – September 2022 Update.
It’s been a few ...
Updated Sep 01, 2022
Version 7.0
Blog Post
Greg Taylor - EXCHANGE
Microsoft
MicrosoftKevin Fletcher - We feel you, don't worry. A switch like this can be nerve-racking. I was there the day we switched our own on-prem forest to Hybrid Modern Auth, and had missed registering an SPN so all hell broke loose. But, that's how you learn not to do that. You do not need to enable Modern Auth on-prem (what we refer to as Hybrid Modern Auth typically) to enable it in EXO. You can leave that using whatever it does today. There are benefits to enabling HMA on-prem, but that can wait for another day. Plan it for a period of low usage, communicate the change, and try it. You can always roll back.
JasonSCarter - not really, it's not an EAS protocol thing, it's a client implementation thing.
Glenn Van Rymenant - it's confirmed right here in the comments. 
stukey (and others) - the 250k limit -
There is a Graph API to download sign-in logs, but the admin will need an AADP premium license https://docs.microsoft.com/en-us/graph/api/signin-list?view=graph-rest-1.0&tabs=http - the API limit is 1M records per call (and you could string many calls together).
stukey - PowerShell scripts - you are correct (and the PM we both know and I are discussing this), that using the PowerShell v2 module if you have a password manager/vault solution which your scripts can access would allow you to run non-interactive scripts using OAuth. There are some scenarios that this won't work for (or if you don't have a vault solution), so for that we're working on the CBA route.