Try this first
- 1Inventory which users use app passwords: Entra > Users > Authentication methods column per user, or via PowerShell reporting.
- 2Per app password: figure out which application it is for. Ask the user. Usually an old smartphone mail app or a legacy tool.
- 3Find the modern equivalent: Outlook mobile, new iOS/Android Mail app, or the vendor's updated version. Almost everything supports OAuth now.
- 4Replace and test. Only after the app works without app password, remove it.
- 5Then disable app passwords entirely (Entra admin center > Protection > Multifactor authentication > Additional cloud-based MFA settings, or via the legacy MFA portal at account.activedirectory.windowsazure.com).
When to bring us in
Got a legacy line-of-business app that genuinely does not support modern auth? A service account with hard restrictions is safer than app passwords. We can advise.
See also
- I think I clicked a phishing linkNo shame, happens to everyone. The next fifteen minutes matter.
- A colleague's account is acting strangelySending mail in their name, rules hiding folders, unusual sign-ins. Suspicious.
- Lost the MFA app: new phone, no backup codesClassic problem after a phone upgrade. You are not the first to be locked out.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.