Sending over SMTP using OAuth 2.0 still requires office 365 users to disable security defaults

Sending over SMTP using OAuth 2.0 still requires office 365 users to disable security defaults and enable SMTP Authentication!!!

This makes no sense and is definitely not an improvement on security. Documentation on basic authentication deprecation states that we need to migrate to secure authentication flows but using OAuth on SMTP requires clients to enable basic authentication as well. I know they can be disabled separately by an admin and only XOAUTH left enabled but that is complicated and completely unnecessary. SMTP with XOAuth authentication should be enabled by default. All this does is force us to use Graph API to send emails, which is in no way related to security. If every email provider decided we have to use their APIs to send emails and not a standard protocol, we would need a new developer just for implementing sending emails which should be a trivial matter.

I would really like an official response to this and understand the logic behind it!