In my experience, Microsoft has always had issues with autoconfig, especially Outlook. Just as a test, use a different client like Thunderbird and see if it works with autoconfig. If it does, then you know it’s just the typical issues on Windows clients that you need to work on. If Thunderbird doesn’t work either, then there’s probably more to it than that.
StartTLS on 587 is the default port and has been for a long time. SSL/TLS on 465 was the planned configuration for SMTPS back in the mid 1990’s, but was already deprecated by… I’m thinking 1998? I remember it was right around the turn of the century.
Although it’s still allowed as a message submission port (with implicit TLS), Port 465’s primary assignment is IGMP for source-specific multicasting.
At this point, I keep 465 available as a fallback in case clients can’t connect over 587 for whatever reason, since the most-common reasons for it not working would be beyond my control anyway. Autoconfig uses 587, and the instructions I give them specify StartTLS over 587. Only if that doesn’t work do I tell them to try SSL/TLS over 465.