[jabroni_salad]

The IMAP blocking is for different draconian reasons. Office365 does not support Modern Auth with IMAP, which is considered a security baseline now.

[corty]

Office365 supports Kerberos with IMAP, which would be the proper thing to do anyways. Giving passwords to a browser or email application is wrong.

[tialaramex]

"modern Auth" means OAUTH, so, you aren't giving passwords to the email application.

If you have IMAP on GMail you get two choices, you can admit you're sacrificing security, and they'll mint a random password just for that IMAP application, or you can use OAUTHBEARER. As I understand it if enabled IMAP for Office365 can do OAUTHBEARER.

The nice thing about OAUTH is that it's a natural integration for your multi-factor authentication, which as I understand it doesn't fit well into Kerberos. But to be sure Kerberos is much better than yet another human memorable secret password exchange.

[nerf_javascript]

It's the complete opposite, Office365 only supports OAuth with IMAP and is phasing out/has phased out Basic Auth for IMAP. Additionally more often than not organizations are actually running Microsoft Exchange under the hood -- the majority of MS Exchange servers have Basic Auth disabled for IMAP (I believe since 2017 it's been off by default).

[zerocrates]

I'm pretty sure they do? I definitely set up a O365 account in Thunderbird using IMAP and OAuth, which I assume is sufficiently "modern auth."