How this relates to my set-up.
I have disabled Active Sync in my tenant by de-selecting "Exchange Active Sync (EAS)" in my tenant Settings-Org settings-Modern Authentication.
I do not see any more sign-ins with Client App "Exchange Active Sync".
But still I had a case where user wanted to set up native iOS mail app and this did not work - mails were not synced. When I have enabled ActiveSync on CasMailbox settings, mails were synced, but I still do not see in sign in logs that actually Active Sync basic authentication was used. I have "iOS Accounts" app registered and enabled for users to signin. Still this example user was not prompted to request consent but Active Sync needed to be enabled on user Cas Mailbox settings. I am now really confused with Active Sync and iOS native mail app. Why enabling Active Sync on a user helps if this is disabled on a tenant level and I still do not see in sign in logs that basic auth Active Sync has been used to sign in?