As per Microsoft, Basic Authentication will be deprecated in Exchange Online effective October 1, 2022. This ability will be removed from Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB), Outlook for Windows, and Mac.
I know it is not listed, but I want to double check if anybody knows for certain if the ability to authenticate with username/password to a Microsoft O365 application via the Microsoft Graph API will be removed. It is worth noting that this application will have access to Exchange mailboxes, which is where the confusion comes in if Microsoft's deprecation statement about Exchange Online will affect this flow or not.
There is a note that talks about disabling Basic Authentication in cloud environments that may include this ask, but it is not clear to me. The note in Microsoft's notice is as follows:
In Office 365 Operated by 21Vianet, we will begin disabling Basic authentiction on March 31, 2023. All other cloud environments are subject to the October 1, 2022 date.