MFA is being discontinued?

luvsqlMy 1st question would be what is your current license for your tenant? are you on P1? perhaps consider upgrading to P1 as with this you can utilize a fairly advanced method of securing your users, things like conditional access policies and a much stricter, customizable MFA will be available to you.
Yes, modern auth should be used as this ensures that legacy auth methods (SMTP, POP) are not being utilized and exposing your tenant/ environment.

"For tenants created before August 1, 2017, modern authentication is turned off by default for Exchange Online and Skype for Business Online." I think this might explain why your ORG is currently using a deprecated auth method.

As per MSFT article "https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online"

You can enable security defaults but then again the MFA method in that option isn't granular as having a P2, P1, or E3 and E3 licenses, consider going through the MSFT docs for the different options and how they can best benefit your ORG.

Check this article out, outlining their roadmap: "https://developer.microsoft.com/en-us/office/blogs/end-of-support-for-basic-authentication-access-to-exchange-online-apis-for-office-365-customers/"