Basic Authentication Deprecation in Exchange Online – What’s Next

Codepoet80 - You, as the admin of a tenant who admits not knowing this was coming, should be able to answer your own question of 'why can't we let tenant admins control this themselves?'. Sadly, huge numbers of admins don't read the Message Center, and have no idea what's coming. You are not alone, and so we are taking action to protect your users, and your data. I'll also add that many of those same admins have already been breached using basic auth, and they don't know it. I have personally broken the news to too many of them over the past year or so, and some of those are some of the world's largest companies. Basic auth is a huge risk to your data and accounts. Period. Jetze Mellema nailed it.

To answer your other question, it's impractical in a multi-tenant service with millions of tenants to allow admins of every tenant to maintain some kind of IP basic auth 'allow list' against which every connection is evaluated, for tenant/IP specific settings. It would have a detrimental effect on performance, and lest we forget, source IP is not really reliable as a determining factor. VPN/TOR etc etc. 

Get off POP and IMAP, use ActiveSync, native apps that work with OAuth, Outlook mobile, or switch to OWA on those tablets. If the devices need updating, update them. Or go without email.