New tools to block legacy authentication in your organization

Two years after this post I am just now finding it as I try to make sure all our legacy auth is blocked. The security center scorecard keeps warning me telling me to update my clients, but when it comes to attackers, I can't just ask them to please update to modern authentication. As a smaller organization with maximum security being very important, where's the checkbox to just disable all legacy/insecure access for my organization? I have to learn a new query language I've never heard of? How was this ever considered acceptable? With an on-prem Exchange server I could just disable legacy protocols on the server, block the ports on my firewall, and call it a day. I keep digging deeper and deeper into this rabbit hole and every single recommendation is followed up with 'but you'll need to do THIS after you've done that'. Set a policy for existing users, but you have to set another policy for new users, but that's still only going to cover users but not the organization as a whole. HOW is this considered acceptable from a company that is supposed to have shifted its focus to improved security? I found this wonderful document: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online stating that MS was going to start disabling legacy auth for customers *who don't use it* and giving them the option to *opt out*. What I want to know is how can I opt IN? Just make my life easier and disable all this legacy insecure garbage.