Using Orchid Modules with Office 365 App Passwords

Note: This applies to Emailing from Orchid modules where Multi-Factor Authentication (MFA) is enabled.

Using App Passwords

You can use an App password if: 

  • Your account has MFA enabled

  • SMTP AUTH is enabled on the mailbox

  • You use SMTP as the email service in Orchid modules.

Tip: You can use Microsoft Graph as the email service if basic authentication is disabled. Office 365 and Microsoft Graph

What is an App password?

App passwords provide a way for applications to authenticate in Microsoft 365 when MFA policies are enforced. It is Microsoft's approach to allow non-interactive login with a user name and complex password. Within the Microsoft 365 environment, the user creates an app password for the particular instance when a non-interactive login is required. This password is not the user's regular password, randomly generated and 16 characters long to make it relatively secure.

Refer to the Microsoft website for details on using app passwords: https://support.microsoft.com/en-us/account-billing/using-app-passwords-with-apps-that-don-t-support-two-step-verification-5896ed9b-4263-e681-128a-a6f2979a7944

Key Steps

Step 1. Generate an App Password in Office 365. 

Refer to the Microsoft Help for details. The exact steps depend on your Office 365 subscription type. Below is a relevant example:

https://docs.microsoft.com/en-us/azure/active-directory/user-help/multi-factor-authentication-end-user-app-passwords

  • Login to your Microsoft Account as the user you want to use

  • Choose View Account (in the top right of the screen)

  • Go to Security Info

  • Select Add a Method or Create and manage app passwords

  • Select create

  • Give the password a name e.g. Sage . This is for reference only. You do not use the name in the Orchid module configuration.

  • Select next

Step 2. Copy the password to the clipboard

You might have to do that manually using CTRL-C

You can't view the password again, if you forget it, you need to create a new one in Step 1.

Step 3. Enter the password in the module Options > Email screen

The user name is the email address used in Step 1.

You only use the App password in the password field.

Save and test

Legacy Authentication

The option to Create an App password is not available anymore for SharePoint Online as Microsoft has retired support for Basic Authentication for SharePoint Online integration in April 2026.

If you are getting an error such as "The sign-in name or password does not match one in the Microsoft account system", your site in Office 365 blocks Legacy authentication.

Refer to Office365 and Legacy Authentication for detailed steps.