Update: The full timeline for retirement of Basic Authentication in Exchange Online is now published in Basic Authentication Deprecation in Exchange Online – September 2022 Update.
In February 2021...
Updated Sep 01, 2022
Version 19.0
Blog Post
Wish the past dates had stuck, but I appreciate the hard stance once again!
Ironically once basic authentication is dead, we'll likely be re-enabling legacy protocols like IMAP/EAS on mailboxes to gives users more flexibility in 3rd party apps. If basic auth is not functional, they have to use something that supports that protocol *with* Modern Authentication. (e.g. Thunderbird currently supporting IMAP with OAuth 2.0) If it supports it, great, they do their MFA and carry on. If it doesn't, it just doesn't work because basic auth is dead. Right now we selectively enable IMAP on mailboxes but block basic auth for specific users via Conditional Access, so the above will let us stay hands-off again while allowing these 3rd party apps.