I managed to find a solution for personal Microsoft accounts. Sending from those accounts requires these two settings enabled in app registration in Azure:
The first one is logical and I had it on from the start, the second one however makes no sense since I am using authorization code flow, but turning it on allows sending over SMTP from personal accounts.
One big catch after all this trouble and a week of trying to figure out how to get around the rigid implementation of authentication libraries and lack of proper documentation:
Sending over SMTP using OAuth 2.0 still requires office 365 users to disable security defaults and enable SMTP Authentication!!!
This makes no sense and is definitely not an improvement on security. Documentation on basic authentication deprecation states that we need to migrate to secure authentication flows but using OAuth on SMTP requires clients to enable basic authentication as well. I know they can be disabled separately by an admin and only XOAUTH left enabled but that is complicated and completely unnecessary. SMTP with XOAuth authentication should be enabled by default. All this does is force us to use Graph API to send emails, which is in no way related to security. If every email provider decided we have to use their APIs to send emails and not a standard protocol, we would need a new developer just for implementing sending emails which should be a trivial matter.