Certain applications, like the native email clients found on iOS/Android devices, and also Skype for Business/Lync clients that need to connect to Exchange/Exchange Online for calendar and contact information, cannot use anything but the username and password during authentication. When an organization introduces multi-factor authentication, for example with Specops Authentication, and still want to use these types of clients/software, App Passwords must be used.
Before users can create App Passwords, you will need to allow, and configure their use.
- Sign in to the O365 Administrator Portal with O365 administrator privileges: https://portal.office.com/adminportal
- Navigate to Users, and click Active users.
-
Select the More drop-down, and click
Setup Microsoft Entra multi-factor auth.This will open a configuration page for multi-factor auth settings where the users that should be able to use App Passwords are listed. The multi-factor authentication and App Password settings are closely related – this can be confusing when multifactor is delivered elsewhere, e.g. via Specops Authentication.
-
Select the service settings page to configure the general settings.
- Enable Allow users to create app passwords to sign in to non-browser apps.
-
Select which verifications options are to be available to users.
By default all four options are enabled, but given that this will be a one-time operation, Call to phone and/or Text message to phone are recommended.
-
Click Save.
- Browse back to the users page of the settings, select the users that should be allowed to use App Passwords, and select Enable.
Selected users will now be able to use App Passwords.