I fully agree with the move away from plain passwords in this case, given that it's no longer "just" the password to a mail account, but to much, much more.

Now while I think OAuth adds some features that can be useful in certain settings, I'll be inclined to agree that requiring OAuth isn't the best move.

However the alternatives would probably require a lot of extra work on Microsoft's behalf, like being able to set up device-specific passwords or similar.

So, given the need to move away from plain account passwords, I can understand why they wouldn't want to do that and just use what they already had.