It's not actually, but it doesn't show how to do it from the new Exchange Admin Center.
So if you're using
https://admin.exchange.microsoft.com
Expand Recipients on the left, click mailboxes.
You'll see a list of mailboxes, tick the box at the very top to select them all, then click edit -> app settings.
Something you can check beyond that is in
https://admin.microsoft.com, settings -> Org Settings -> Modern Authentication.
Both boxes should be checked, the lower one enforces modern auth for SMTP/POP3/IMAP, which for many purposes turns those services off. There are modern clients that can work, and those are OK because they'll MFA normally. Just make sure it's enforced.
These settings are overridden by conditional access.