A lot of the problems related to O365, are do to the enforced "STARTTLS" protocol. More specifically, O365 by default requires OAuth2.
This combination of protocols (STARTTLS + OAuth2) provides a holistic security model for their system and your environment, as it pertains to O365. This combination is like a pseudo-VPN between the points of interest.
Be advised, that if you lessen the connectivity requirements to "SSL/TLS + Normal Password" (the old way, Exchange), then you are compromising your communication chatter for M-I-M skimming and source-destination spoofing.
I personally, like Zoho's approach to Email Client access. You create a 3rd-party App (Quickbooks Desktop, Thunderbird, Android Mail, etc.) a specific password for it to use, that is not your webmail password. It is my preference but may not be doable for everyone.
