Symptoms for missing Multi Factor Authentication (MFA) app password in O365:
- You enabled Multi-factor Authentication (MFA) on Office 365 (O365) portal or Microsoft 365
- MFA works, and your user(s) are able to log on to the office.com website using it.
- You don’t see the “app password” listed anywhere, and the Account Settings view seems to be missing that section.
- You set up a conditional access policy for Multi Factor, per the Microsoft how-to article.
What are app passwords in office 365 or Azure?
App passwords are unique passwords used to authenticate legacy software to Office 365.
The primary use case is Outlook 2010 , or Outlook 2016. For example, these could have been standalone deployments before Office 365 was adopted. These older versions of Office may not know how to handle a multi-factor prompt.
If your organization uses Office 365, I recommend installing the latest version of Office 365 from office.com. The latest versions know how to handle multi-factor and don’t need app passwords.
Most users don’t use app passwords.
What does missing app password look like?
You should be able to view or create app passwords from the user’s account settings in Office 365.
If you are having this issue, the area for app passwords is blank.
Root cause for missing multi-factor app password:
The Office 365 admin portal has two separate ways to enable MFA for users. One way is to use the Admin > Users > Multi-factor Authentication menu for individual users. The second way is to set up a Conditional Access Policy. Microsoft articles say to use the Conditional Access Policy, but there is a problem with that.
There appears to be a bug where app passwords aren’t enabled properly when you use Conditional Access Policies by themselves.
To fix the problem, you need to enable multi factor using the Users menu, not conditional access policies.
The good news is that you don’t need to abandon your conditional access policy entirely. Just use this fix for individuals who need an app password, not everyone.
How to fix missing multi-factor authentication app password in Office 365
To enable application passwords in O365, you need to use the Multi-factor authentication page in admin center.
Navigate to Office 365, log on with your admin account
Click Admin from the menu
Click Users > Active Users from the menu
In the center, you will see a link to “Multi-factor authentication”. Click this link.
Your users list will display. You can filter for individual users here.
Pick the user that needs an app password and click “Enable”.
Enable the user here even if you have already set up a conditional access policy for MFA that includes the user.
You should be fixed now. When I tested, this took effect immediately and I create my app password as the user within 30 seconds.
Where can I manage Office 365 app passwords for multi factor?
Log on to office.com with the user account that needs an app password
Click on your account icon at the top right corner (normally shows your initials)
Now click My Account
Click Security and Privacy
Expand Additional Security Verification
Click Create and manage app passwords
From here, you can create your app password.
This is what it is supposed to look like.