Share via

How can I set up Application Passwords when organization doesn't let me disable MFA

Reneta Trifonova 40 Reputation points
2025-09-04T16:22:10.8033333+00:00

I am trying to add an authentication method through the security tab but there is no way of selecting it:User's image

However, for this to work, MFA should be disabled. I tried to disable it but it does not allow it:
User's image

This is application password is needed for me to be able to send emails through Jenkins. Is there a way I can use application passwords or maybe an even more secure method exists?

Outlook | Web | Outlook on the web for business | Security
0 comments
Answer accepted by question author
  1. Kristen-L 7,360 Reputation points Microsoft External Staff Moderator
    2025-09-08T17:58:56.5033333+00:00

    Hi @Reneta Trifonova,

    Thank you for your follow-up question.

    You're right - Basic Authentication, including App Passwords, is being retired for SMTP AUTH in Exchange Online. Here're some of alternatives you can use:

    1. OAuth 2.0 (Modern Authentication)

    This is the primary and most secure alternative. Microsoft recommends switching to OAuth for all SMTP AUTH scenarios.

    • OAuth tokens are time-limited, scoped, and revocable, making them far more secure than static passwords.
    • OAuth supports multi-factor authentication (MFA) and integrates with Microsoft Entra ID (formerly Azure AD).

    2. Azure Communication Services email

    • For sending emails to both internal and external recipients, Azure Communication Services Email is a scalable and secure alternative.

    3. High Volume email for Microsoft 365

    • If you're only sending emails internally within your tenant, this service is a suitable replacement for Basic Auth SMTP.

    4. Exchange Server On-Premises (Hybrid Configuration)

    • Organizations with hybrid setups can continue using Basic Auth with their on-prem Exchange Server or configure a receive connector for anonymous relay.

    This is recommended next steps you can consider using OAuth to send emails:

    • Audit current usage: Use the SMTP AUTH Clients Submission Report in the Exchange Admin Center to see which clients are still using Basic Auth vs. OAuth.
    • Enable OAuth in your applications: If supported, configure IMAP/POP/SMTP to use OAuth - Microsoft provides step-by-step instructions at Deprecation of Basic authentication in Exchange Online
    • Plan for devices that don’t support OAuth: Choose between SMTP relay, Direct Send, or setting up an SMTP proxy depending on your environment and security needs.
    • Explore new services if needed: If use cases involve large or mixed recipient scenarios, evaluate High Volume Email and Azure Communication Services.

    I hope this information is helpful. Please follow these steps and let me know if it works for you. If not, we can work together to resolve this.  

    As other users will also search information in this community, your valuable vote will definitely also help other users who have similar queries easily to find the correct channel and useful information more quickly.

    Thank you for your patience and your understanding. If you have any questions, please feel free to reach out.  

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment”.    

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.  

    1 person found this answer helpful.
Answer accepted by question author
  1. Kristen-L 7,360 Reputation points Microsoft External Staff Moderator
    2025-09-04T18:39:39.1766667+00:00

    Hi @Reneta Trifonova,

    Good day! Thank you for reaching out to the Microsoft Q&A forum and sharing your detail.

    To set up an Application Password, you first need to make sure MFA is enabled for the user:

    • Go to Microsoft Entra admin center > Per-user multifactor authentication:
    • Select the user you want to configure.
    • Check their MFA status:
      • If it says "Disabled", click Enable to turn on MFA for that user.

    User's image

    • Once MFA is enabled, go to the Service settings tab > make sure the option “Allow users to create app passwords to sign in to non-browser apps” is checked.

    User's image

    • Scroll down and review the “Methods available to users” section.
    • Ensure all four options are checked, then click Save.

    User's image

    • After making these changes, please allow 10–15 minutes for them to take effect for the affected user.

    How to create an App Password:

    • Sign in to your Microsoft 365 account at https://mysignins.microsoft.com/security-info
    • Click “Add sign-in method”
    • From the dropdown, select “App password”.
    • Enter a name for the app password (e.g., “Jenkins SMTP”).
    • Click Next and copy the generated password. You won’t be able to view it again later.
    • Use this password in the legacy app (e.g., Jenkins, Outlook 2010) instead of your regular password.

    I hope this information is helpful. Please follow these steps and let me know if it works for you. If not, we can work together to resolve this. 

    Thank you for your patience and your understanding. If you have any questions, please feel free to reach out. 

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.