Thanks to your previous hints. I've managed to get XOAUTH2 working in SASL and use it with mbsync. Here is how I got it working on my Ubuntu 20.10:

Install the Cyrus SASL OAuth2

# Clone the Cyrus SASL OAuth2 sources.
git clone https://github.com/moriyoshi/cyrus-sasl-xoauth2.git

# Configure and make.
cd cyrus-sasl-xoauth2
./autogen.sh
./configure

# SASL2 libraries on Ubuntu are in /usr/lib/x86_64-linux-gnu/; modify the Makefile accordingly
sed -i 's%pkglibdir = ${CYRUS_SASL_PREFIX}/lib/sasl2%pkglibdir = ${CYRUS_SASL_PREFIX}/lib/x86_64-linux-gnu/sasl2%' Makefile

make
sudo make install

# Verify XOAUTH2 is known to SASL.
saslpluginviewer | grep XOAUTH2

mbsync

Older versions (up to 1.3.1?) have PassCmd buffer set to 80 -- and this is not enough for OAuth2 tokens. I compiled the current 1.4.0:

# Clone the isync/mbsync 1.4 sources.
git clone --branch 1.4 --depth 1 https://git.code.sf.net/p/isync/isync isync-isync

# Configure and make.
cd isync-isync
./autogen.sh
./configure
make

mutt_oauth2.py

Download mutt_oauth2.py from https://gitlab.com/muttmua/mutt/-/blob/master/contrib/mutt_oauth2.py and make it executable. Execute it to create a socket with OAuth2 tokens.

You can then access the tokens by downloading them:

curl --unix-socket ~/.mutt/oauth2.socket x

mbsyncrc

Configure mbsync to use XOAUTH2 and set Pass to execute the above curl command:

IMAPAccount <account-name>
Host outlook.office365.com
User <[email protected]>
AuthMechs XOAUTH2
PassCmd "curl --unix-socket ~/.mutt/oauth2.socket x"
SSLType IMAPS
SSLVersions TLSv1.1 TLSv1.2

mbsync then works as expected; notice the output from curl below:

$ mbsync -a
C: 0/1  B: 0/0  F: +0/0 *0/0 #0/0  N: +0/0 *0/0 #0/0  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1963    0  1963    0     0   479k      0 --:--:-- --:--:-- --:--:--  479k
C: 1/1  B: 15/15  F: +0/0 *0/0 #0/0  N: +847/847 *0/0 #0/0