Wow. Click bait.
Exchange allows multiple protocols to connect it it. Including legacy protocols like SMTP, POP3, IMAP etc. It also includes older Ms Office clients which were built before modern authentication methods were developed. This is well documented and Microsoft guidance is to disabled access via these protocols through ADFS or Conditional access. Microsofts own mobile client, office apps, and all browsers support modern Auth and CA rules. It's the orgs choice what they choose to support as part of their security posture.
What is more concerning is how proof points unimpressive CASB is supposed to solve this problem. It won't and they lack a world class Identity and Access Management solution (unlike Microsoft who has Azure AD) to truly address identity.
Brute force, password spray attacks and other identity attacks are dramatically rising. I agree. But use the right technology to address it this is just a marketing campaign to try to dump people in believing a 2nd class CAS is the answer. If you want identity protection use Azure ad. If you want a Cas, we'll Microsoft has that too and it integrates nicely with O365.