Manage app passwords for legacy applications - Multi-factor authentication

Sometimes you need an app password to allow a specific application to log into a mailbox without an MFA. This can be done through the steps below.
When using app passwords, it is important to remember:
- App passwords are automatically generated and must be created and entered once per app.
- There is a limit of 40 passwords per user. If you try to create one after that limit, you will be prompted to delete an existing password before you can create the new one.
Use My Sign-Ins to log into the security settings
Browse to: https://account.activedirectory.windowsazure.com/Proofup.aspx or to: My Sign-Ins (microsoft.com)
Press "Add Method"

Next, choose App Password

Give the application a clear name

Copy the password for use in the legacy application

App passwords are discouraged!
- Using an app password is less secure than logging in via Multi-factor authentication. Still, it is possible to provide a password to log in directly.
- Never use app passwords to log into regular applications!
Also read
Basic Authentication for Microsoft Exchange will cease as of Oct. 21, 2022
Making your organization more secure in one click with Azure AD Security Defaults
How to activate Multi-Factor Authentication (MFA) in Office 365?
Microsoft Teams security must-haves in 4 steps
Enable Azure Active Directory Self-Service Password Reset (SSPR)
Source: Manage app passwords for two-step verification (microsoft.com)