How To Change Your Office 365 App Password


If you are enabled for Multi-Factor Authentication (MFA) in Office 365 then you will need an App Password for some applications that do not support MFA. The user interface for creating a new App Password is well hidden in Office 365 (its not on the Password page for example).

Post updated in 2016 to take account of the changes in the Office 365 portal.

Post updated in 2017 to show that Microsoft have added a short URL to reach this page. You can skip the below and go to http://aka.ms/CreateAppPassword

Post updated in Aug 2018 to take consideration of the new SSPR and MFA converged UI. If you have this turned on then App Password changes are as described at https://docs.microsoft.com/en-gb/azure/active-directory/user-help/security-info-app-passwords. If you have not enabled this yet (late 2018 it will probably become the default regardless) then the above link will work for you.

Here is how to find it now:

  1. The user logs into Office 365 portal (http://portal.office.com) and clicks their photo to the top-right of the page
  2. Click My Account
  3. Click Security and Privacy menu to the left or the Manage Security and Privacy link on the main area of the page
  4. Click Additional Security Verification
  5. Click Create and manage app passwords
  6. This takes you to https://account.activedirectory.windowsazure.com/AppPasswords.aspx. You can (and therefore should) bookmark this page now so you don’t need these instructions again!
  7. Create yourself an additional app password and give it a description.
  8. Use the new app password in the program that you need to login to.

Here is how to find it (in the old Office 365 portal)

  1. The user logs into Office 365 portal (http://portal.office.com) and clicks the cog icon to the top-right of the page
  2. Click Office 365 Settings
  3. Scroll down past Password and choose Additional Security Verification
  4. Click Update my phone numbers used for account security
  5. Answer your phone to approve your request to go to this page (you might not be asked for this)
  6. Click “app passwords” on the top menu. This takes you to https://account.activedirectory.windowsazure.com/AppPasswords.aspx. You can (and therefore should) bookmark this page now so you don’t need these instructions again!
  7. Create yourself an additional app password and give it a description.
  8. Use the new app password in the program that you need to login to.

Tags:

Comments

12 responses to “How To Change Your Office 365 App Password”

  1. Danny avatar
    Danny

    Thank you Brian!!! Such a crucial function and it’s buried 12 layers deep…

  2. Robert Doisneau avatar

    once I can get into my application, can I DELETE the app password?

    1. Brian Reid avatar

      Yes you can, but within 24 your access to the application will stop working and a new app password will be required. The app password is used to create an access token, and that token will expire. Once it expires and the application attempts to authenticate again it will fail to do so. See https://support.microsoft.com/en-us/kb/2938852 for more on this.

  3. Rob Sutter avatar
    Rob Sutter

    Thanks for this, Brian! It seems the “new” version of the Office 365 console offers *no* way for the user to get to this option other than by using the link you posted.

    For a security feature, there are so many things wrong with this that I don’t know where to begin. Unfortunately, the support site is also so opaque that I can’t figure out where to submit a bug/feature request to get it fixed.

    1. Brian Reid avatar

      I know what you mean. It is hard to locate and should not be. I have raised it before now with Microsoft.

  4. Rob Sutter avatar
    Rob Sutter

    Disregard my last comment – my colleague found it double-buried. It’s been a frustrating week with Office 365.

  5. Ramon avatar
    Ramon

    Is it possible for an admin to generate the app password or does it have to be done through the users login?

    1. Brian Reid avatar

      AppPasswords are user driven. I would try and avoid these now though – make sure you are using apps that support Modern Auth (Office 2016 and later) to avoid the need for AppPasswords full stop.

  6. Simon Fjeldsted Nielsen avatar
    Simon Fjeldsted Nielsen

    Hello Brian,
    We are on the verge of enabling MFA in our organization. My concern is that, when you connect to your O365 tenant through powershell you have to use this auto generated password. My colleagues are going to get so frustrated with this..
    Is there no way to make this password yourself?

    Kind regards,

    1. Brian Reid avatar

      @simon. No, there is no way to create this yourself. The AppPassword is a cryptographically unique string and if you could create your own that’s just the same as a user password and likely to be as insecure.

      The question is why are MFA enabled accounts blocking your admins. AppPasswords are only for client applications that cannot use MFA and this is not the case now for PowerShell to Office 365.

  7. Jeffery Birks avatar

    If you want security in your passwords, then avoid the temptation to reuse the same password elsewhere. Accepted the complication of memorising multiple passwords is an issue, but if you must use some common element to your passwords in combination with a unique element that ensures the passwords are different with each use, and (ideally) ensure the password is one of several factors.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.