Block Legacy Authentication

1. We had the "Block Legacy Authentication" conditional access policy enabled for POP/IMAP/SMTP on all of our mailboxes which was overriding the per-mailbox SMTP Auth setting. Added our backup mailbox as an exclusion in that policy, works now. Nice.
2.  
3. Instructions for those that might find themselves in the same boat...
4.  
5. Log in to your Azure tenant and go to Azure Active Directory > Security > Conditional Access Policies. This will show a list of all CAPs and their On/Off state. Select one of the policies to view its settings. Cllick Users and Groups to see who it applies to(probably all users). Click Exclude and add mailboxes to exclude them from that policy. In my case the policy was called Block Legacy Authentication, and I'm not sure if this is a default policy or something we added, but it was blocking pop/imap/smtp authentication for all lof our mailboxes and the fix was to exclude the mailboxes we want to use for SMTP auth, then in Office 365 admin portal > active users > select mailbox > mail > mail apps we enabled the SMTP Authentication setting for that mailbox. That setting is overridden by the above CAP unless the mailbox is excluded from it.