Deleted app passwords for Multi-Factor Authentication still work in Microsoft 365, Azure, or Intune
PROBLEM
After you delete an app password that's used for Azure Multi-Factor Authentication, the app password appears to continue to work.
CAUSE
This problem occurs because the token that's acquired after a user successfully signs in by using an app password continues to work until the token expires. The token works only on devices on which the user successfully signed in.
SOLUTION
Wait for the token to expire. This may take from 8 to 24 hours, depending on the service that the user is accessing. This practice follows the same guidelines for when passwords are changed or when users are deleted.
MORE INFORMATION
Still need help? Go to Microsoft Community or the Microsoft Entra Forums website.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for