If you are an Admin User who wish to create App Passwords so that you can use them in your code/web applications so that you don’t have to store credentials in your application? Example: Azure Function you are developing shouldn’t store the password of the User.
At times, you must’ve noticed that why you can’t create App Passwords even when you are having MFA enabled for yourself!
Here’s why –
Scenario
Let’s say the users are logged in and they go to their Office 365 Account where they can add multiple Authentication Methods. Shortcut for that is https://mysignins.microsoft.com/security-info
- Once they are in Security Info in order to add new method of Authentication as below
- And they don’t get to create an App Password by default.
Let’s enable users to be able to create their own App Passwords from Azure Portal.
Enforce Users to use MFA
Let’s say the Conditional Access above is already set. Now, you need to enforce users to use MFA.
- In O365, go to the User in Active User whom you want to allow creation of Azure App Passwords.
Select the user and click on Multi-factor Authentication. - Now, in the multi-factor authentication page, you’ll see the users as whether they are using MFA or not.
As you see below, CRM Admin is Enabled for Multi-Factor Authentication, but not Enforced.
So, you have to click on Enfore button to enforce the MFA.
- Now, when you click on Eforce, you’ll see the below message
- After enforcing, you’ll get a success message as below.
- Once enforced, you’ll see the below status is updated on whoever this is enforced on.
Create App Passwords from My Sign-ins page
Now that we have enforced the User to use MFA, here’s how you can create App Passwords
- As shown in the beginning, try to Add a new method
- This time, you’ll be able to see App Passwords as an option to select. Select it and click on Add
- Next, you can give a name to the App Password you are setting. You can give it a suitable name keeping in mind the purpose of the App Password you are creating.
I’ll just give a sample name here since I want to use it in Azure Functions which I’m working on.
- And once it is created in a few moments, make sure you copy it before clicking on Done. Else, you can’t retrieve this later and it will be created without you noting it down.
- And it’ll be listed among other authentication methods
