I am trying to enable MFA in our Hybrid Azure AD environment.
While the MFA portion seems to be working correctly, I realized that some of our older apps aren't capable of MFA. Typically that isn't a problem, I would just create an App Password for those apps; however in our environment the App Password option is missing.
Azure seems to be constantly changing the interface. But currently an App Password should be able to be created on the users Security Info page. However, according to the documentation that option can be toggled on and off using the multi-factor authentication page linked to in the Conditional Access admin page.
Unfortunately for me, even though the option is enabled on that admin page, neither admins nor users can see the App Password choice when creating login options on their Security Info page.
Following the advice of someone on the Internet I tried turning the option off on the admin page, let it sit for a minute, then turned it back on. So far it has not had an effect.
As a part of troubleshooting, and to ensure legacy apps will work until I can figure this out, all MFA enforcement policies have been disabled; so they should not be a factor.
Any thoughts or suggestions about some action I can take to re-enable this feature? One thought I had was to create a special security group for app user accounts, and simply exclude them using the MFA policies.