If you apply 2FA and keep 'normal password' authentication, the usual requirement is to apply an app password inn place of the regular account password. Remove the current passwords in Options/Security/Passwords/Saved Passwords, restart TB, enter the app password when prompted.

https://support.microsoft.com/en-us/account-billing/how-to-use-two-step-verification-with-your-microsoft-account-c7910146-672f-01e9-50a0-93b4585e7eb4

See also https://support.mozilla.org/en-US/questions/1305803

Thanks - this is helpful, but I don't think it will work in my situation. If I understand correctly, after 2FA is enabled on my Microsoft account, I will see an option to get an app password (as distinguished from an authentication app for my phone), which I can then use as my password on my TB O365 account. I can see how this works on my non-institutional Microsoft account (different email)....however my institution's O365 Microsoft account - which is the one I need to use for O365 email - is not recognized at the standard Microsoft account login (https://login.live.com/) it says an account does not exist - and when I do sign to the institutional O365 account (which is https://login.microsoftonline.com/common/oauth2/authorize.....), there is no Security Basics link, only a "Security Info" link, and no option or indication that an "app password" option is available for 2FA. So I guess whether the "app password" option will work for me will depend on the settings the institution has allowed. So - I appreciate that there is a way to work with non-2FA-enabled clients, and it may be useful to keep in mind, but it appears that this easy way to deal with it without changing TB versions may not work with institutionally-controlled Microsoft accounts. The info is much appreciated, though. The other link you provided suggests that TB78+ can work with 2FA, but with alot of mucking around....

If you don't want to use TB 78, and you can't set an app password, you should consider disabling 2FA, if it doesn't offer any significant additional security.

I won't have a choice about using 2FA for emails - it will be required at some point to access institutional emails. I was just getting ready... I can update to v68 or beyond - but I'd still like to know exactly how 2FA it will work, and if it will work with O365, what glitches people have experienced with O365 , will I need to do the 2FA authentication every time TB runs, every time my browser opens, etc... From looking at the TB forums, it looks there may be alot of "issues"...and I want to be prepared for them.

Thanks.

I recommend you just try it in a separate profile with 78. With OAuth2, the token is created once and stored in Saved Passwords, and with 2FA I think you only have to verify 'trusted' devices once.

That is true for authenticating a device, but this is for logging in to an email account, which happens every time TB contacts the 365 server to synchronize the email folders. Currently, it needs to send a password each time, so am I correct in thinking that after 2FA is required, it will need to 2FA authenticate each time as well?

The link provided a few messages above is the only one I have seen in which someone tried to use TB68 or TB78 with 2FA O365 Enterprise - and it is clear there were issues, and it was unclear how they were solved.

I would be interested to know of anyone else's experience - with TB68 or TB78 - implementing 2FA for an existing O365 Enterprise account.

Thanks -