How to Create an App Password in Office 365 Step by Step?

  Mohit Kumar Jha
Written By Mohit Kumar Jha
Anuraag Singh
Approved By Anuraag Singh  
Modified On July 7th, 2025
Reading Time 6 Minutes Reading

How to create an app password in Office 365 is a common question among users who want to link their M365 account to a third-party application.

To make the entire process easier, we have split it into distinct phases with visualizations of what you have to do. So let’s get started.

Phase 1: Visit the M365 Advanced Security Page to Create an App Password in Office 365

  • Step 1. Open your browser.
  • Step 2. Log in to any Microsoft 365 web app, Outlook/OneDrive, etc.
  • Step 3. Then, tap on your profile icon and select “My Microsoft account”.
    Screenshot showing where to click on the profile icon to select 'My Microsoft account'.
  • Step 4. Once you are on the main Microsoft page, switch to the Security tab with the help of the vertical menu pane on your left.

Note: Sometimes when you switch, you may be asked to log in again. Nothing to worry about; this is the default protocol. This happens even if you were already logged in, as the security tab is a highly sensitive part of your account; this extra caution on the part of Microsoft is welcome.

  • Step 5. On the security page, click on the “Manage how I sign in” button.
    The Security tab in a Microsoft account, highlighting the 'Manage how I sign in' button for users wondering how to create an app password office 365.

This opens the advanced security page. Now proceed to the next Phase.

Phase 2: Enable 2FA to Generate an App Password for Office 365

On the advanced security page. If you have Two-step verification (see the top bar) in the OFF position, first turn it on. Otherwise, you won’t be able to make that app password.

  • Step 1. So, click on “Manage >” in the top toolbar or “Turn on” under the Two-step verification part of the Additional Security section.
    Advanced security page showing the Two-step verification option is off, with an arrow pointing to the 'Turn on' link.
  • Step 2. On the Two-Step Verification page, read the instructions and press Next.
    The Two-Step Verification setup screen with instructions on how to enable app password office 365 by first enabling 2FA.

From here on, the pages may appear diffrent depending on what your situation is

  • Step 3.1 Accounts that are adding 2FA for the first time: Your screen will show a question, “How else will you verify your identity?” Choose one of the 3 options:
    • an App (Microsoft Authenticator, Google Authenticator, etc.),
    • an email address,
    • or a Mobile.
      Options for two-factor authentication including an authenticator app, an email address, or a phone number.
  • Step 3.2 Accounts that had 2FA earlier and are re-enabling: You will be prompted to set up the Microsoft Authenticator App; you can choose to set it up or ignore it and press cancel.

Remember, if you select an email address or mobile number, it can’t be the same account/number you used at the time of creating this account. If you try to add it, the setup screen throws an error. Use something different.

  • Error message shown when the email address for 2FA is already associated with the Microsoft account.
  • Step 4. Press Next.
    Verifying identity by entering a code sent to an email address during the 2FA setup process.
  • Step 5. Then, you will receive a notification that Two-Step Verification is on. The screen also has a unique security code; we suggest you save it somewhere. If you ever lose access to your account, this text can help you regain access. Press Next.
    Confirmation screen for Two-Step Verification being turned on, a required step for those who want to set up app password office 365.
  • Step 6. Step On “Set up your smartphone with an app password,” press Next.
  • Step 7. Again, on the “Some other apps and devices need an app password too” page, press Finish.

Also Read: Best Google Takeout Alternative

Admins can check out this video to figure out how to turn on 2FA/MFA for every user in an organization, then users can continue on their own.

Phase 3: How to Generate and Use App Password for Any Office 365 Account

You will be taken back to the advanced security page.

  • Step 1. Now, scroll down; you will notice you can scroll down a bit more than before. This is because you now have the option to set App passwords, among other things.
  • Step 2. Then, click on “Create a new app password”.
    Advanced security options page showing how to generate app password in office 365 by clicking 'Create a new app password'.
  • Step 3. A screen opens with a 16-character text (alphabet only); this is your app password. Before you click anything else, select the entire thing and copy it to a clipboard or notepad, as app passwords are only viewable once; after that, they disappear.
    However, don’t get confused; you can use the app password, but you cannot see it again within the Microsoft 365 settings.
  • Step 4. Press Done to close the app password portal. Once you click on “Create another app password”, this page refreshes, and a new 16-character text appears. Be careful and only make more if you have used the app password you made earlier.
    A pop-up window displaying the newly created 16-character app password, with a prompt to copy it before closing.
  • Step 5. Put this app password in place inside the password field of the application you want to give access to your O365 account.

Why Use and Create App Passwords in Office 365?

If we already have an account password, why can’t we just use that? Why go through the trouble of setting an app password at all? These are all legitimate questions, and the answer to such queries is also simple.

Security.

We dont want our official Office 365 account to get compromised by registering it directly into an unknown service.

Plus, even if the app is legitimate, there is always the risk of cyber attacks that gain unauthorized access to the database, which stores all the credentials.

So, if you use your real password, you can be in serious trouble, as hackers now have your account credentials, and it will already be too late by the time you find out.

Also Read: How to Create DAG Exchange Server Step by Step?

App passwords, on the other hand, are secure and only work once, so even if they get leaked, a nefarious entity can’t use them to gain unauthorized access to your main account.

A precondition for using app passwords is enabling 2FA/MFA; This again enhances the security of your Microsoft 365 account.

Once an account has 2FA, simply knowing your password is no longer enough to gain access. A hacker must also have the security code. Making it way more difficult to hack into any account.

Common Queries While Creating and Managing Application Passwords in Microsoft 365 Cloud

  • Q. Do O365 app passwords ever expire? 

No, app passwords have no built-in expiry date; you can use them for as long as you have them / don’t delete them, or delete the account they were made from. 

  • Q.  Can I use the same app password for multiple applications?

Although there is no restriction on using a single app password everywhere, you are strongly advised not to. Same reason you don’t keep one key for all of your rooms. This is because if one of your apps gets compromised, all of them do.

  • Q. How many total App passwords can I make?

Microsoft allows you to set a maximum of 40 different app passwords. If you want to add the 41st, you must delete the old ones. 

  • Q. If I create app passwords and then disable 2FA, do all my app passwords expire automatically?

Yes, they do. The moment you turn off 2FA, all the app passwords stop working and are effectively deleted from your account.

  • Q. How to remove these app passwords from the Office 365 account?

My Account > Security > Manage how I sign in > Scroll to App passwords > Remove existing app passwords > Remove > Ok.
Managing app passwords, including the option to 'Remove existing app passwords', is key to knowing how to use app password office 365.

Note: Every app password is removed at once, you dont get to choose.

Conclusion

Here we taught you how to create an App Password in Office 365. The process is rather simple. All you need to do is enable 2FA in an M365 account. Then, follow the steps outlined in this blog.

  Mohit Kumar Jha

By Mohit Kumar Jha

With 6+ years of experience, Mohit is a Microsoft Certified expert known for his expertise in cloud migration, cybersecurity, and digital forensics. He specializes in Microsoft 365, Exchange Server, and Azure AD migration. Mohit's insights are drawn from extensive practical experience and rigorous testing of the methods and tools discussed, ensuring accurate and actionable guidance for users. As a tech writer, researcher, and editor, he delivers reliable, accurate, and expert-backed insights you can trust.