Allow MFA App Passwords to be compatible with Modern Authentication
MFA App Passwords are not compatible with Modern Authentication. We would like this changed.
We just finished a roll out of MFA to 500 clients. We set up MFA App Passwords for 500 Outlook 2016 and Exchange ActiveSync clients. We did not realize that Modern Authentication was disabled on our Office 365 tenant. We want to enable Modern Authentication now, but we have discovered that the MFA App Passwords will no longer function after Modern Authentication is enabled on the tenant. We discovered this through discussions with other firms that have gone through this, there is no available Microsoft document that discusses this limitation.
Microsoft support confirmed the limitation and also confirmed that no Microsoft document discusses the limitation.
If we enable Modern Authentication on the tenant now, all users will be prompted to re-enter their passwords and validate using their OTP all at one time. We would prefer that the MFA App Passwords continue to function, while we gradually transition our users away from MFA App Passwords.
We also wish that Microsoft would have made this limitation of MFA App Passwords clear in the documentation. If we knew this up front, we would have been sure to check that Modern Authentication was enabled on the tenant to begin with, and we never would have implemented the MFA App Passwords.