Basic Authentication is still used by many companies for Exchange Online. The login process is based on usernames and passwords, which can be vulnerable to brute force attacks, password spray attacks, etc. The longer you continue to use Basic Authentication, the greater the risk of an attack.
Microsoft's next move?
Microsoft will disable Basic Authentication in its global multi-tenant service as of October 1, 2022. Each tenant is processed in random order. An alert and a note will appear on the Service Health Dashboard seven days prior to the change.
When basic authentication is turned off for one of the affected protocols, users will not be able to connect. An HTTP 401 error message will appear with a bad username or password error. That’s not something you want users to see.
What should I do?
A user who is already signed in to another Microsoft 365 app, such as Teams, will likely not see any authentication prompts since they are already verified. In the tenant, Microsoft disables Basic Authentication for MAPI/RPC, so it enables this setting for customers.
As soon as Basic Authentication is disabled, Microsoft wants Outlook to be able to connect to Modern Authentication. However, Outlook does not support OAuth with POP3 or IMAP. If you want to use POP and IMAP with a client app, you will need another app.