Disable Legacy Authentication

Trying to get my head around this task “Disable legacy authentication” 

Looked in AAD sign-ins (and in the legacy Workbook) and there’s a lot of user sign-in with legacy auth.

But I do not understand some of these e.g.

• User G - uses a browser (seen in the legacy workbook) - when looking under the device info the user is running Windows 10 and browser is Chrome 85.0.4.4183
  – why is this reported as legacy auth.?   

• User T – under Sign-ins the ‘Client app’ column report this as “Other clients” and the Application is 'Skype for business Online '- looking into device info there’s seen ‘Windows 10’ and lync.exe
  Does Lync not support Modern Auth.?
  
  
• User O – the ‘Client app’ report ‘Exchange ActiveSync’ – looking into ‘device info’ seeing 'iOS' and browser used are ‘Mobile Safari’
  If I disable ‘Exchange ActiveSync’  will all the iOS devices then start using Modern auth. automatic or do all the end users have to do something?

powershell ‘Get-OrganizationConfig | Format-Table Name,OAuth* -Auto' – returns True

With over +200000k Sign’ins that use Legacy auth. How to one continue getting these legacy protocols disabled?