looking to see how you all roll out multifactor and to see if there is a way to cut down on the added help desk support after enabling. We see a lot of end users needing help with setting up app passwords and also setting up the authentication app. We have set the “microsoft recommended settings” and added an authentication method in azure. by adding their cell number as the first authentication method and having the microsoft recommended settings will automatically send a text to the end user and kind of cuts out the step where they are prompted for “need additional info”. this is good for us because it cuts down on calls for help with the app. So my question to you all is how do you cut down on getting outlook/office apps set up with the end users and also what determines whether or not outlook will need an app password. some users are just prompted for office 365 sign in which in turn sends them the MFA text and some of them the outlook password box keeps prompting over and over and we then create a app password to fix. With over 200 users we would love to remotely administer this process and hopefully get rid of the need to hand hold the end users through getting app passwords set up as it can be confusing to them. Any and all of your thoughts on this would be appreciated.<\/p>","upvoteCount":6,"answerCount":4,"datePublished":"2021-09-13T12:54:59.000Z","author":{"@type":"Person","name":"markhigley9209","url":"https://community.spiceworks.com/u/markhigley9209"},"acceptedAnswer":{"@type":"Answer","text":"

Advertisement

Close

Any device that uses Modern Authentication doesn’t need an app password. That’s Outlook 2016 or later (and Outlook 2013 with a registry change) as well as all current versions of the iPhone and Android mail apps.<\/p>\n

Advertisement

Close

If a mail profile is created after ModernAuth is enabled on your tenant, it usually has to be removed and recreated to get it to use ModernAuth.<\/p>\n

I use -zero- app passwords in the environments I support.<\/p>","upvoteCount":3,"datePublished":"2021-09-13T13:10:51.000Z","url":"https://community.spiceworks.com/t/office-365-mfa-administration/810965/2","author":{"@type":"Person","name":"da-schmoo","url":"https://community.spiceworks.com/u/da-schmoo"}},"suggestedAnswer":[{"@type":"Answer","text":"

looking to see how you all roll out multifactor and to see if there is a way to cut down on the added help desk support after enabling. We see a lot of end users needing help with setting up app passwords and also setting up the authentication app. We have set the “microsoft recommended settings” and added an authentication method in azure. by adding their cell number as the first authentication method and having the microsoft recommended settings will automatically send a text to the end user and kind of cuts out the step where they are prompted for “need additional info”. this is good for us because it cuts down on calls for help with the app. So my question to you all is how do you cut down on getting outlook/office apps set up with the end users and also what determines whether or not outlook will need an app password. some users are just prompted for office 365 sign in which in turn sends them the MFA text and some of them the outlook password box keeps prompting over and over and we then create a app password to fix. With over 200 users we would love to remotely administer this process and hopefully get rid of the need to hand hold the end users through getting app passwords set up as it can be confusing to them. Any and all of your thoughts on this would be appreciated.<\/p>","upvoteCount":6,"datePublished":"2021-09-13T12:54:59.000Z","url":"https://community.spiceworks.com/t/office-365-mfa-administration/810965/1","author":{"@type":"Person","name":"markhigley9209","url":"https://community.spiceworks.com/u/markhigley9209"}},{"@type":"Answer","text":"

There is a screen you can view in AzureAD which will show everyone still using basic authentication.<\/p>\n

Before I enabled MFA, I sent instructions to everyone in that list to delete/readd their mail to their phones before a certain date.<\/p>","upvoteCount":2,"datePublished":"2021-09-13T13:30:19.000Z","url":"https://community.spiceworks.com/t/office-365-mfa-administration/810965/3","author":{"@type":"Person","name":"da-schmoo","url":"https://community.spiceworks.com/u/da-schmoo"}},{"@type":"Answer","text":"

same here. no app passwords and unless you have something really old still in use you should not need them. If you do need them you seriously need to look at replacing what ever is requiring them.<\/p>\n

on a side note if you don’t know the tool anydesk.com<\/a> take a look at it. They have a free version and it works to remote view users cell phones (and computers) so you can see what the end user is doing when they are struggling to set up MFA (or any other issue) tools like that are a life saver in our line of work. Because no mater what the end user says I make them show me as 90% of the time what they say they are doing and what they actually do are not the same thing.<\/p>\n

LOL<\/p>","upvoteCount":0,"datePublished":"2021-09-13T19:35:15.000Z","url":"https://community.spiceworks.com/t/office-365-mfa-administration/810965/4","author":{"@type":"Person","name":"molan","url":"https://community.spiceworks.com/u/molan"}}]}}