Hello @Rick Rietz ,
Thanks for reaching out.
There are two different way you can block legacy (basic) authentication to use modern authentication in your organization, One way is Blocking legacy authentication using Azure AD Conditional Access and another way of **Blocking legacy authentication service-side for **
Example: When you enable modern authentication in Exchange Online, Windows-based Outlook clients that support modern authentication (Outlook 2013 or later) use modern authentication to connect to Exchange Online mailboxes. For more information, see How modern authentication works for Office client apps.
When you disable modern authentication in Exchange Online, Windows-based Outlook clients that support modern authentication use basic authentication to connect to Exchange Online mailboxes. They don't use modern authentication.
Note: Modern authentication is enabled by default in Exchange Online, Skype for Business Online, and SharePoint Online.
To learn more, read Enable or disable modern authentication for Outlook in Exchange Online and Disable Basic authentication in Exchange Online
The following article is worth checking out as it walk you through a step-by-step guide to blocking legacy authentication also how you can analyze the impacts of making this changes in your organization: (https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302#)
Hope above information help you.
------------------------------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.