@Vasil Michev Thanks very much. Because of your comment I looked up the method to create and apply a new authentication policy. I made one that blocked all basic authentication, then modified it to allow authenticated SMTP. Then I applied it on a per user basis.  This seemed to work well and like you said it should stop it before it gets into the Azure AD.  Thanks so much.