"Admin is not allowed to create session using app password"
So you’ve decided to secure your Office 365 environment as much as possible and created a separate account with Administrator access with Two Factor Authentication enabled.
Next, you want to do some work using PowerShell on Office 365 and try to authenticate as you normally do, but unfortunately you get an “Access Denied” error. You even get an error if you use an App Password to try and authenticate, which says “Admin is not allowed to create session using app password”
Unfortunately you cannot connect to Office 365 using an Administrator account that has two factor authentication enabled.
The only way around this is to create ANOTHER Admin account that you enable only when you need to do PowerShell related tasks. This is annoying, but unfortunately the only way to be as secure as possible when administering Office 365.
All these tips can also be found in our previous Office 365 Administrator Account Best Practices article.