Basic Authentication and Exchange Online – April 2020 Update

I have a pretty good idea why only 9% of companies have turned off legacy auth and IMHO the slow uptake has nothing to do with Android or iPhone (use Outlook for Android/iOS), organizations holding on to Outlook 10 or some of the other justifications in the forums. I'm all-in and ready to "flip the switch" to make our Exchange Online only tenant (E1) 100% modern auth.  The problem is after reading through a half dozen "the sky is falling--turn off legacy auth or perish!!!!" articles on the techcommunity I still can't find any guidance for actually doing it. Several articles and Identity Secure Score makes the recommendation "Enable policy to block legacy authentication" which would be great if I want to purchase Azure AD Premium P1 (or EM+S or M365) for all my users in order to use Conditional Access. I know AADP1 is great, but I don't have that budget. (BTW, the block legacy authentication policy has been deprecated anyways, so thanks for that.)  Why is there not simply a way to let the administrator disable legacy auth from the Exchange Online (or Azure AD) portal? If you REALLY cared about getting everyone off of legacy auth why isn't "Turn off legacy authentication" a high impact Identity Secure Score choice? The administrator opens it, flips the bit and their tenant is secure.  Either make it simpler to enable or stop pleading for us to make the change but requiring AADP1 subscriptions to make it possible.