Knowledge Base

Microsoft security policies prevent creating app passwords in Office 365

Problem:

After enabling multi-factor authentication (MFA) for the entire organization (or for admins only) by using Azure AD Identity Protection or Microsoft 365 security center, app passwords may no longer be available for the affected users. This prevents you to use app passwords in your CodeTwo software in order to connect to your Office 365 organization (e.g. when using CodeTwo backup and migration tools or Custom Attributes Sync App of CodeTwo Email Signatures for Office 365). 

Solution:

Normally, app passwords can be created on the Security & privacy page in Office 365 (Office 365My account > Security & privacy) under the Additional security verification options. However, when MFA is forced by other means than using the MFA portal, these options may not be available (as shown in Fig. 1.).

821-1
Fig. 1. The Security & privacy page in Office 365 with the missing Additional security verification options.

This is because the MFA status might still appear as Disabled (Fig. 2.) in the MFA portal.

The MFA portal showing that MFA is disabled for the selected user
Fig. 2. The MFA portal showing that multi-factor authentication is disabled for the selected user.

To enable the Additional security verification options, follow the steps below.

Important

You can apply the same steps even if the MFA status is shown as Enabled but you still don't see the Additional security verification options on the Security & privacy page. However, instead of simply enabling multi-factor authentication in the MFA portal (as shown in step 4), disable it first, and then reenable it. 

  1. Open Microsoft 365 admin center (Office 365 admin center).
  2. Go to Users > Active users.
  3. Without selecting any user, click Multi-factor authentication (Fig. 3.).

Accessing the MFA settings in Office 365
Fig. 3. Accessing the MFA settings.

  1. Find the admin account that you use in your CodeTwo software, select it and click Enable. Next, confirm your choice by clicking enable multi-factor auth.

821-4
Fig. 4. Enabling multi-factor authentication for an admin account used in your CodeTwo software.

  1. Sing in to Office 365 with the admin account for which you’ve just enabled MFA, go to My account > Security & privacy. The Additional security verification options should now be available (Fig. 5.).

Accessing the Additional security verification options in Office 365
Fig. 5. Accessing the Additional security verification options in Office 365.

Important

If that admin account is already signed in to Office 365, it may be necessary for the account to sign out and sign in again for the Additional security verification options to appear.

Once you have access to app passwords, follow these steps to learn how to generate them and use with your CodeTwo software.