Great write up only have one piece of feedback to share. I feel this change should have been better communicated in relation to what all will be affected when admin decides to make changes using the new Modern Auth policy UI.
I wasn't aware of any mention of MS Cloud team setting up Org wide Default Authentication policy in our tenant. I would of rather created my own Default Org policy prior to making changes via this new UI in the Modern Authentication section of Azure Portal. I would send additional communication to bring more attention to the fact if you don't currently have Default Org policy making any changes to the protocols will create a new Default Org Policy and set as default when prior to that change there was no policy set.
I think it's great to see Microsoft Security team continuing to advance security in the environment as often as possible. I think it would be beneficial to include multiple notices in the O365 & Azure changes emails and include updates in the O365 message center to reduce the chance of admins not knowing a change has occurred because no notice was given when said changes were made via the modern authentication UI.