Allow users to create App Passwords in Office 365 | Multi-factor Authentication

If you are an Admin User who wish to create App Passwords so that you can use them in your code/web applications so that you don’t have to store credentials in your application? Example: Azure Function you are developing shouldn’t store the password of the User.

At times, you must’ve noticed that why you can’t create App Passwords even when you are having MFA enabled for yourself!

Here’s why –

Scenario

Let’s say the users are logged in and they go to their Office 365 Account where they can add multiple Authentication Methods. Shortcut for that is https://mysignins.microsoft.com/security-info

  1. Once they are in Security Info in order to add new method of Authentication as below

  2. And they don’t get to create an App Password by default.


    Let’s enable users to be able to create their own App Passwords from Azure Portal.

Enforce Users to use MFA

Let’s say the Conditional Access above is already set. Now, you need to enforce users to use MFA.

  1. In O365, go to the User in Active User whom you want to allow creation of Azure App Passwords.

    Select the user and click on Multi-factor Authentication.

  2. Now, in the multi-factor authentication page, you’ll see the users as whether they are using MFA or not.
    As you see below, CRM Admin is Enabled for Multi-Factor Authentication, but not Enforced.

    So, you have to click on Enfore button to enforce the MFA.



  3. Now, when you click on Eforce, you’ll see the below message


  4. After enforcing, you’ll get a success message as below.


  5. Once enforced, you’ll see the below status is updated on whoever this is enforced on.




Create App Passwords from My Sign-ins page

Now that we have enforced the User to use MFA, here’s how you can create App Passwords

  1. As shown in the beginning, try to Add a new method


  2. This time, you’ll be able to see App Passwords as an option to select. Select it and click on Add




  3. Next, you can give a name to the App Password you are setting. You can give it a suitable name keeping in mind the purpose of the App Password you are creating.



    I’ll just give a sample name here since I want to use it in Azure Functions which I’m working on.


  4. And once it is created in a few moments, make sure you copy it before clicking on Done. Else, you can’t retrieve this later and it will be created without you noting it down.


  5. And it’ll be listed among other authentication methods

Additionally, it is recommended to also review setting up Conditional Access policies too while setting up Azure AD Multi-Factor Authentication – https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa?WT.mc_id=DX-MVP-5003911

Hope this was helpful! Here are some more D365 posts which you might be interested in –

  1. Filter records in a View owned by a Team you are a member of | Dynamics 365 CRM
  2. Get GUID of the current View in Dynamics 365 CRM JS from ribbon button | Ribbon Workbench
  3. Dynamics 365 App For Outlook missing on SiteMap in CRM? Use shortcut link [Quick Tip]
  4. Import lookup referencing records together in Dynamics 365 CRM | [Linking related entity data during Excel Import]
  5. Mailbox Alerts Hide/Show behavior in Dynamics 365 CRM
  6. Excel Importing Notes (Annotation) entity in Dynamics 365 CRM
  7. Enable/Disable the need to Approve Email for Mailboxes in Dynamics 365 CRM CE
  8. Call Azure Function from Dynamics 365 CRM using Webhooks
  9. Show Ribbon button only on record selection in Dynamics CRM
  10. Accessing multiple occurrences of a field in Business Process Flow using JS in D365 CRM

Thank you!!

Turn Teams On / Off at Org Level, provisioning users | M365 Admin Center Tip

Here’s a tip you’ll probably need. You can quickly turn Teams On/Off at the Org level.

Typically, if the Teams is not enabled at the Org Level, you’ll see this error message

if you click on the Enable Teams button, it’ll take you to this Microsoft Docs page – https://docs.microsoft.com/en-us/MicrosoftTeams/office-365-set-up?WT.mc_id=DX-MVP-5003911

Turn Teams On or Off at Org Level

To skip searching through the Microsoft Documentation on turning Teams On at the Org Level, do the following –

  1. Go to the Microsoft 365 Admin Center, then look for Settings, expand it. Then, go to Org settings


  2. Now, look for Microsoft Teams in the list of Services. Click on it.

  3. Once the Teams’ Settings open, you can see that you can either enable the Team On or Off for all Users. Also, you can manage Guest Access as well.

Check Teams Provisioning Access

Post the above, there might be a few users or new users who might have been Teams provisioned through their licenses.

Here’s how you can check it –

  1. Use this link to check if Teams has bee provisioned to the users or not – https://admin.microsoft.com/AdminPortal/Home#/teamsprovisioning

  2. If not assigned yet, make sure you enable Microsoft Teams for the users by going into their Licenses and expanding Apps section.

    And then, look for Microsoft Teams

  3. Teams should then be enabled for Users.

Hope this helps. Here are some more Office 365 / Microsoft 365 Admin / Teams related posts you might want to check –

  1. Adaptive Cards for Teams to collect data from users using Power Automate | SharePoint Lists
  2. Adding a Canvas PowerApp to Teams
  3. Import multiple Users in Office 365
  4. Office 365 Admin: Quickly Enable Multi-factor authentication for users
  5. Create new Sandbox and copy Production over to it in PowerPlatform Admin Center
  6. Restrict User Access to a D365 instance using Security Groups
  7. D365 Quick Tip: Audit User Access in Dynamics 365 v9 CRM

Thank you!