How To Change Your Office 365 App Password

Posted on 11 CommentsPosted in ADFS, app password, Azure, IAmMEC, MFA, multi-factor auth, Multi-Factor Authentication, Office 365

If you are enabled for Multi-Factor Authentication (MFA) in Office 365 then you will need an App Password for some applications that do not support MFA. The user interface for creating a new App Password is well hidden in Office 365 (its not on the Password page for example).

Post updated in 2016 to take account of the changes in the Office 365 portal.

Post updated in 2017 to show that Microsoft have added a short URL to reach this page. You can skip the below and go to http://aka.ms/CreateAppPassword

Post updated in Aug 2018 to take consideration of the new SSPR and MFA converged UI. If you have this turned on then App Password changes are as described at https://docs.microsoft.com/en-gb/azure/active-directory/user-help/security-info-app-passwords. If you have not enabled this yet (late 2018 it will probably become the default regardless) then the above link will work for you.

Here is how to find it now:

  1. The user logs into Office 365 portal (http://portal.office.com) and clicks their photo to the top-right of the page
  2. Click My Account
  3. Click Security and Privacy menu to the left or the Manage Security and Privacy link on the main area of the page
  4. Click Additional Security Verification
  5. Click Create and manage app passwords
  6. This takes you to https://account.activedirectory.windowsazure.com/AppPasswords.aspx. You can (and therefore should) bookmark this page now so you don’t need these instructions again!
  7. Create yourself an additional app password and give it a description.
  8. Use the new app password in the program that you need to login to.

Here is how to find it (in the old Office 365 portal)

  1. The user logs into Office 365 portal (http://portal.office.com) and clicks the cog icon to the top-right of the page
  2. Click Office 365 Settings
  3. Scroll down past Password and choose Additional Security Verification
  4. Click Update my phone numbers used for account security
  5. Answer your phone to approve your request to go to this page (you might not be asked for this)
  6. Click “app passwords” on the top menu. This takes you to https://account.activedirectory.windowsazure.com/AppPasswords.aspx. You can (and therefore should) bookmark this page now so you don’t need these instructions again!
  7. Create yourself an additional app password and give it a description.
  8. Use the new app password in the program that you need to login to.