I had originally posted this to the Office 365 community but it was suggested I post it here.
Pretty lightweight environment here. Basically just use Office 365 Standard licenses for apps and exchange online. Not really using Azure services for anything and I don't have a lot of interconnected systems. So the basic auth shutdown wasn't really at the forefront of my mind. Everything fits the requirements: All clients are 2016 or newer, all mobile devices are new iPhones or new Pixel phones.
I ran sign in logs from the Azure portal and if I'm interpreting them correctly, everything is still using basic auth. Specifically exchange activesync (phones using native client I bet) and Exchange Web Services (Outlook clients? Useragent is showing up as web browsers for these, so perhaps OWA, but why would that still use basic auth?)
When I switch the sign in log to show only Modern authentications (mobile and desktop clients) there are no results.
Researched this some. iPhones should be able to switch to Modern Auth automatically. I don't have any Outlook clients older than 2016 which should all be using Modern Auth on by default. Checked some user machines' Outlook Connect Status windows. The Authn column reads "Bearer" which is the sign you're on Modern Auth... so why is everything in the sign in logs still showing legacy auth?
Last week I created a report-only conditional access rule in Azure for all users which should block any Basic Auth attempts and checked the results. So far everything comes back as "Not applied". I'm pretty confused.
I'm thinking about signing a few users out in the Office 365 admin portal for a couple people just to see if their fresh login appears in the modern auth log.