Further investigation has indicated that Microsoft have backtracked on their plans to disable SMTP AUTH entirely. Their last two updates indicate they will not turn it off if it is in use, and they intend to give at least 12 months notice before they would do that.
04 Feb 2021
“The first change is that until further notice, we will not be disabling Basic Auth for any protocols that your tenant is using. When we resume this program, we will provide a minimum of twelve months notice before we block the use of Basic Auth on any protocol being used in your tenant.“
16 Jun 2021
“Up until the point at which we start to disable Basic Auth for protocols which are in-use – we are still planning on doing that and will have news on that later this year)”
Therefore any emails received from Microsoft about this should only be for MS tenants that are not currently using this feature, and we don't expect a disruption to Totara email sending in the short term.
We have described the results of our investigation on an improvement ticket TL-31706. We are still putting this change forward as an improvement to be prioritised for the next quarter (which would allow us to support OAuth2 for email sending/receiving), but at this stage don't envisage needing a short-term fix.