You can find out more about these settings here. These two settings will provide administrators with the granularity required to allow most mailboxes to have SMTP AUTH disabled, and a few select mailboxes to have it enabled. Additionally, we ensured that each mailbox has a setting to override the tenant setting and enable SMTP AUTH. We previously added a setting to make it possible for tenants to disable SMTP AUTH for their entire organization.
For that reason Basic Authentication will need to be supported in Exchange Online for the foreseeable future, though it is still very wise to turn off SMTP AUTH in Office 365 tenants when possible. As we have previously indicated we are working on adding support for OAuth with SMTP AUTH, but we also know that many clients have yet to add support for OAuth. All clients have ever needed to send messages was a username and password, and these credentials are all too often obtained and used by attackers. SMTP AUTH (also known as authenticated SMTP client submission) is a legacy internet protocol which does not support OAuth by design.
Email clients such as Outlook rarely use this protocol anymore and instead make use of other protocols secured with Modern Authentication (OAuth).
#Online exchange client software
The majority of the clients connecting to Exchange Online like this are devices such as multi-function printers or some piece of software that send automated emails. The SMTP AUTH protocol is used to submit millions of emails every day.