Table of Contents
Before you begin
If your tenant was created on or after October 22, 2019, security defaults may be enabled in your tenant. To protect all of our users, security defaults are being rolled out to all new tenants at creation.
But Security Defaults does not support app password, so you should disable it then using Per-user MFA instead.
No option to create an app password in Microsoft 365
Let’s say the users are logged in and they go to their Microsoft 365 Account where they can add multiple Authentication Methods. Shortcut for that is https://mysignins.microsoft.com/security-info
And they don’t get to create an App Password by default. To enable it, you need Enforce Users to use MFA.
Enforce Users to use MFA
You can visit https://aka.ms/mfaportal to go to the legacy multi-factor authentication portal directly or:
1. Login into Microsoft admin center using global admin account.
2. Navigate to Users | Active users in the left nav.
3. In the active users section, select Multi-factor authentication link.
4. Now, in the multi-factor authentication page, you’ll see the users as whether they are using MFA or not. But, let click on the service settings first.
Be certain the option Allow users to create app passwords to sign in to non-browser apps is selected.
5. As you see below, Tom’s account is Enabled for Multi-Factor Authentication, but not Enforced. So, you have to click on Enforce button to enforce the MFA.
6. Now, click on enforce multi-factor auth button to confirm.
7. Once enforced, you’ll see the below status is updated on whoever this is enforced on.