Microsoft 365 MFA App-password

Software

9.9.0.0 and higher

Error Message

You are trying to create a backup set but you are always asked for an App-password.

Cause

When MFA is forced (not when it is optional) then it is mandatory to enter an App Password in the software to connect to the Microsoft 365 environment.

Solution

You can check the MFA status of the user you are trying to log into with Windows Azure.
The multi-factor auth status can be:
  • Disabled
  • Enabled
  • Enforced
If the status is Enforced then it is indeed necessary to Generate a App-password. (Security info > Add sign-in method > App password)

Conditional Access
Microsoft is introducing a new form of security called Conditional Access.
It is expected that version 8.5 of the software will officially support this. Until then, a user should be excluded of the policy and MFA will have to be manually enforced.
  1. Create a new user in Azure AD.
  2. Indicate under the conditional access policies that this user has to be 'Excluded' from the policy.
  1. Go to office.com admin portal
  2. Enable MFA for this user via this portal (You may see here that MFA is off for all users)
  3. Log in with this new user and create an App-password. (It may be that it is automatically created and shown after login)
  4. Use this user with the App-password to create the backup set.
    • Repeat the steps under Requirements for this User to access the other mailboxes.
BENELUX GERMANY AUSTRIA / SWITZERLAND
+31 (0) 570 56 23 43 +49 (0) 800 12 22 587 +31 (0) 570 71 43 06
info@mindtimebackup.nl info@mindtimebackup.de info@mindtimebackup.de