App passwords are considered less secure than using your phone for authentication. As an administrator, you can remove this option for users when enabling MFA.
- Login to the Microsoft 365 Admin Center.
- Go to Users > Active users.
- Without selecting any user, click Multi-factor authentication.
- Select the Service Settings tab.
- Select Do not allow users to create app passwords to sign in to non-browser apps.