Minecraft servers (well, at least the java ones -- that's the only ones I'm familiar with) have always validated that the client connecting is logged in with a valid Mojang, er, Microsoft account.
That said, this could be turned off, but it opened the server up to abuse as accounts were not validated in any way. (Of course, this also allowed people to play even without an account at all -- they just had to download the client from somewhere, and now they can play Mic
Since Microsoft controls the authentication servers used even by private servers, they should be able to deny service to abusers.
That said, I haven't looked at this stuff in a long time. I see no reason why the developers of the modded private servers couldn't rip out Microsoft's authentication service and add in their own., and maybe they have.
Either way, from what I've heard, Microsoft is moving away from the java Minecraft version, but this is the version that's been modded by everybody and always has been the most interesting version because of this, even if the non-java versions probably perform better.
So they're probably locking down the non-java versions more, but the java versions will offer the server operators more options, for example if they want to permit banned users to play they could do so.