Office 365: How to Create an App Password?

As technology continues to advance, security is a cornerstone of all online activities, especially when dealing with sensitive information in business environments. While modern authentication methods such as multi-factor authentication (MFA) provide an extra layer of protection, some apps and devices may not support these advanced features. This is where app passwords come into play.

Office 365, a popular suite of productivity tools, offers a convenient way to create app passwords. These passwords allow secure access to your Office 365 account for applications that do not support two-step verification. In this step-by-step guide, we will explain what app passwords are, when you should use them, and provide step-by-step instructions on generating and managing them.

Key Takeaways:

• App passwords provide an alternative authentication method for apps or devices that don’t support modern authentication with Office 365.
• You must enable and enforce MFA for user accounts to be able to create app passwords.
• App passwords can’t be created for Administrators
• Users can create and delete their app passwords through their Office 365 account settings.
• Using app passwords only when necessary is recommended since they can bypass MFA.

Introduction to Office 365 App Passwords

App passwords in Office 365 provide a secure way to log in to external applications or third-party tools that require access to your Office 365 account. These passwords ensure compatibility with apps that do not support 2FA verification while maintaining the security of your data. With app passwords, you can bypass the regular login procedure that involves multifactor authentication and use your account in various third-party tools or services without compromising your Office 365 account.

In this comprehensive guide, we will explore the importance of enhanced security in Office 365, delve into the specifics of Office 365 app passwords, and learn how to enable, set up, and manage them effectively. We will also discuss troubleshooting common issues and best practices for Office 365 app password security. By the end of this guide, you will be well-equipped to strengthen your Office 365 security with app passwords.

In the following sections, we will discuss the specifics of Office 365 app passwords and how they can be utilized to enhance the overall security of your Office 365 account.

Understanding Office 365 App Passwords

An Office 365 app password is a unique, randomly generated password that is used in place of your regular account password when accessing Office 365 applications on devices that do not support modern authentication. These devices may include older versions of Outlook, third-party email clients, or certain mobile apps. By using an app password, you can ensure that even if your primary account password is compromised, your Office 365 account remains secure.

App passwords are particularly useful for organizations that have implemented multi-factor authentication (MFA) for their Office 365 accounts. MFA adds an extra layer of security by requiring users to provide a second form of verification, such as a fingerprint or a one-time passcode sent to their mobile device, when signing in. However, not all devices and applications are compatible with MFA. In these cases, app passwords can be used to provide an additional layer of security.

“App passwords provide a secure method of accessing your Office 365 account while maintaining compatibility with applications that do not support two-step verification.”

Using app passwords offers several benefits:

• Enhanced security: App passwords provide an additional layer of security for your Office 365 account when using apps that do not support modern authentication.
• Convenience: With app passwords, you can easily authenticate your account using various third-party tools or services without complex verification processes.
• Compatibility: App passwords ensure compatibility with a wide range of third-party apps, allowing you to integrate Office 365 with your preferred tools and services seamlessly.

How to Enable App Passwords in Office 365?

Before you can create and use app passwords, you must first enable them in your Office 365 account. To take advantage of the security benefits offered by Office 365 app passwords, you must first enable the MFA for the user account and then “Enforce” it to enable the app passwords for the individual user. Please note that the user must not be an Administrator (No Administrator role assigned). App passwords for Administrators are disabled for security reasons.

To enable an app password in a Microsoft 365 user account, follow these steps:

1. Log in to the Microsoft 365 admin center using a global admin account.
2. Expand “Users,” click on “Active Users,” and select the user for whom you want to create an app password.
3. Click on the “Multi-factor authentication” button on the toolbar.
4. This takes you to the page where you can enable multi-factor authentication for the user (Legacy per-user MFA).
5. Select the user to enable MFA and click on the “Enable” link.

   

6. Confirm the prompt to enable multifactor authentication for the user.

   

7. Once done, Enforce the MFA by clicking the “Enforce” link.

   

That’s all.

Once MFA is enabled and enforced, you can create app passwords by going to your Office 365 Security Info settings and clicking on the “Add sign-in method”.

Step-by-Step Guide to Create App Password in Office 365

Once you have enabled app passwords for your Office 365 account, it is time to set up your first app password. To do so, follow these steps:

1. Open https://www.office.com/, Sign in with your credentials, click on the user profile picture in the top-right corner, and click on “View account” (Shortcut: Office 365 account).

   

2. Click on the “Security Info” tab of your accounts page.
3. Click the “Add sign-in method” button on the security info page.

   

4. On the “Add a method” popup, select “App Password” and then click on the “Add” button.

   

5. On the following page, You will be prompted to provide a name for your app password. Enter the name for your App password (e.g., “Outlook on Desktop”).

   

6. After you have provided a name, click “Next” to generate your app password. Microsoft 365 generates a random password that can be used to log in to your Office 365 account via the selected application. Be sure to make a note of this password, as you will not be able to retrieve it later.

   

After creating an app password, When prompted to enter a password in the app or device, enter the app password that you generated instead of your regular password.

This method of creating app passwords is particularly useful for organizations that have implemented two-factor verification and need some backdoor ways for legacy applications that don’t support MFA. You can repeat these steps to create more than one app password.

Using App Passwords with Office 365 Applications

Once you have set up your Office 365 app password, you can begin using it with your Office 365 applications. To do so, enter your app password in place of your regular account password when prompted to sign in. Keep in mind that you may need to update the password settings within your email client or mobile app to use your app password.

For example, if you are using Outlook, you can update your password settings by navigating to “File,” “Account Settings,” and then “Account Settings” again. From there, select your Office 365 account and then click “Change.” Enter your app password in the “Password” field on the following screen, and then click “Next” to save your changes.

PowerShell Script to Connect to SharePoint Online using App Password

You can use the SharePoint Online Management Shell or CSOM PowerShell (which doesn’t support MFA as of today!) to connect to SharePoint with an App Password.

Import-Module "Microsoft.Online.SharePoint.Powershell"

$AdminCenterURL = "https://crescent-admin.sharepoint.com"
$username = "Alex@Crescent.com"
$Password = "qaswfddwayfbcrcp"

#Create a Credential object from given user name and password
$SecurePassword = convertto-securestring -String $Password -AsPlainText -Force
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $SecurePassword

#Connect to SharePoint online
Connect-SPOService -Url $AdminCenterURL -Credential $cred

#Get All Sites
Get-SPOSite

Similarly, You can use App Passwords to connect to SharePoint Online from CSOM PowerShell scripts. Here is an example:

#Reference SharePoint Online CSOM assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#Parameters
$SiteURL = "https://crescent.sharepoint.com/sites/Sales"
$username = "Steve@Crescent.com"
$Password = "qawcfsdwyfxrrcdphgx"  #App password

#Create a Credential object from given user name and App password
$SecurePassword = convertto-securestring -String $Password -AsPlainText -Force
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $SecurePassword

#Set up the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteUrl)
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)

#Get the Web
$Web = $Ctx.web
$Ctx.Load($Web)
$Ctx.ExecuteQuery()

#Get the Title of the Web
Write-host $Web.Title

Tips: PnP PowerShell doesn’t support connecting with App Passwords! Your options are using Azure App ID/certificates for unattended scripts!

Managing and Deleting Your Office 365 App Passwords

Each user is allowed a maximum of 40 app passwords, so if you reach this limit, you’ll need to delete existing passwords to create new ones. However, it’s important to note that app passwords do not expire, so you can use them for an extended period of time.

You can create and delete your app passwords with these steps:

1. Sign in to your Office 365 account, and then navigate to the Security Info section of your account settings.
2. On the Security info page, you will see a list of your existing app passwords, along with the option to create new ones or delete existing ones.

   

3. To delete an existing app password, simply click “Delete” next to the password you wish to delete.
4. You can create a new app password following the steps outlined in the previous section.

Creating app passwords through the Security info page ensures that users can securely access their Office 365 accounts using apps that do not support two-step verification. This feature enhances the overall security of the Office 365 suite while allowing users to integrate their preferred applications into their workflows seamlessly.

Troubleshooting Common Office 365 App Password Issues

Occasionally, you may encounter issues when using Office 365 app passwords. Some common problems and their solutions include:

1. Invalid app password: If you receive an error message indicating that your app password is invalid, double-check that you have entered it correctly. If the problem persists, consider creating a new app password and trying again.
2. App password not working with a specific application: If your app password works with some Office 365 applications but not others, ensure that the application in question supports app passwords. If it does not, you may need to find an alternative authentication method or update to a version that supports modern authentication.
3. The app password option is missing: If the option to create an app password is missing from your account settings, ensure that Multifactor Authentication (MFA) is enabled and enforced on your account. The app password feature is only available when MFA is active. In addition, users with Admin roles may not have the App password option. Also, the App passwords won’t be available if you have the “Security Defaults” enabled on your Microsoft 365 Tenant.

If you continue to experience issues with your Office 365 app passwords, consider contacting Microsoft support for further assistance. Here is the Microsoft article: Create app passwords from the Security info (preview) page

Best Practices for Office 365 App Password Security

In order to maximize the security benefits of Office 365 app passwords, it is important to follow best practices for their use. Some key considerations include:

1. Use App Passwords Sparingly: Only use app passwords when absolutely necessary, such as with applications that do not support modern authentication methods.
2. Regularly update your app passwords: As previously mentioned, it is crucial to update your app passwords regularly in order to maintain optimal security. Consider setting a reminder to update your app passwords every few months.
3. Use unique app passwords for each application/device: Avoid using the same app password for multiple applications or devices, as this can increase your vulnerability to cyberattacks.
4. Keep track of your app passwords: Store your app passwords in a secure location, such as a password manager, and avoid sharing them with others.
5. Disable app passwords when no longer needed: If you no longer require app passwords for a particular application or device, be sure to remove them to minimize potential security risks.
6. Monitor for Suspicious Activities: Regularly monitor accounts for any suspicious activities. If an app password is compromised, it could potentially give unauthorized access to your Office 365 data.
7. Prepare for Phasing Out App Passwords: Microsoft is moving towards eliminating app passwords in favor of more secure authentication methods. App passwords provide a workaround for applications that do not support 2FA, but they are still technically just another password that could be hacked. So, prepare to transition to newer technologies.

By following these best practices, you can ensure that your Office 365 app passwords are being used effectively to enhance the overall security of your account. While app passwords allow applications to bypass MFA, they are still considered safe as long as they are used properly. Always use strong, unique app passwords for different applications and monitor their usage regularly.

Conclusion

In conclusion, App passwords are crucial for securing and enhancing the functionality of Office 365 accounts. By creating app-specific passwords, users can securely access various applications and services that do not support multi-factor authentication. Throughout this step-by-step guide, we have explored the specifics of app passwords, and how to enable, set up, and manage them effectively. By following the provided steps, you can easily generate app passwords and provide an alternative authentication method for your favorite apps and tools, ensuring compatibility without compromising security.