Hero Banner

Multi-Factor Authentication (MFA)

Learn and ask questions on how to implement MFA

Visitor 1

App Passwords only available with Azure AD Premium?

I need to enable APP passwords in order to setup an IMAP connector for my PSA ticketing system. I am unable to get APP Passwords to work with Azure AD Security Defaults enabled. It looks like it requires Azure AD Premium. If this is required, why isn't Microsoft including Azure AD P1 with our Internal Use Rights???


@kweiss You can not use app passwords when you enable security defaults, no matter of what licenses you have. In order to use App passwords you need to enable the specific user account for MFA (might also be combined with conditional access rules you use for triggering MFA) - and disable security defaults.


Enabling the user account for MFA requires Office 365 Enterprise plans or AAD Premium P1 (and it is free if the user account has global admin permissions), conditional access requires AAD Premium P1. Since you can't use security defaults, you need to have respective licenses for all users in the tenant.


See also: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates



To add - For Partner AAD P1 licenses are included in "EM+S E3" (Enterprise Mobility & Security) - so you need to look for EM+S in the internal use benefits section in Partner Center, not for AAD Premium.

Level 2 Contributor

Do you have an action pack or a Silver/Gold partnership? One of those might include some P1 licenses. I know our Silver does but it also depends what area its for on what licenses you get.