![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 35%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Microsoft 365 and Office | Development | Other
Building custom solutions that extend, automate, and integrate Microsoft 365 apps.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 18%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAH%3C/text%3E%3C/svg%3E)
Welcome to Microsoft Q&A Forum!
Have a good day and I hope you're doing well!
Based on my research and the screenshot you provided regarding "Conditional Access," here is the situation: By default, users cannot create app passwords. This feature is often disabled by modern security policies and must be explicitly enabled in the legacy service settings before users can utilize them.
I have just performed this on my test environment to confirm the workflow. As an Admin, you need to complete the following steps to give users the ability to create app passwords:
Step 1: Enable App Passwords in Service Settings
1. Sign in to the Microsoft Entra admin center (as at least an Authentication Policy Administrator or Global Admin).
2. Browse to Conditional Access > Named locations > Select "Configure MFA trusted IPs"
3. On the Multifactor authentication page that opens, click on Service settings.
Under the app passwords section, select the checkbox: Allow users to create app passwords to sign in to non-browser apps.
Tip: If it is already checked, please uncheck it, save, and then check it again to ensure the setting applies correctly.
Reference: Allow users to create app passwords
Step 2: Enforce MFA for the User
1. After saving the settings in Step 1, switch to the Users tab on that same page.
2. Select the Admin account you want to generate the password for.
3. Click Enable MFA.
4. Once the status changes to Enabled, click on the user again and select Enforce MFA.
5. Ensure the status specifically reads enforced.
Step 3: Generate the Password
1. Go back to the My Sign-ins / Security Info page for that account.
2. Refresh the page. You should now see the App password option added to the "Add sign-in method" list.
I hope this helps resolve the issue, or at least guides you in the right direction. If you have any concerns, questions, or if anything remains unclear, please feel free to reach out anytime.
Best regards.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 43%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
