Am I correct in that the server the "Exchange" setup doesn't allow OAuth authentication which is now required by Microsoft? I must use the imported connector for the OAuth email config? And then I must re-authenticate it after the time expires?
You are right, and the requirement for OAuth was a primary factor that prompted the development of the 'imported connector' flow. When using OAuth with Exchange, it is indeed necessary to import the authenticated Exchange connector (mind that in this case, the source connector loses authentication).
However, re-authentication is not required as long as the imported connector is used regularly - for instance, if notifications are sent on a weekly basis. In such case, its authentication tokens will be automatically updated, eliminating the need for manual re-authentication.