As Microsoft explain here.
Publisher verification gives app users and organization admins information about the authenticity of the developer's organization, who publishes an app that integrates with the Microsoft identity platform.
When an app has a verified publisher, this means that the organization that publishes the app has been verified as authentic by Microsoft. Verifying an app includes using a Microsoft Cloud Partner Program (MCPP), formerly known as Microsoft Partner Network (MPN), account that's been verified and associating the verified PartnerID with an app registration.
Keep in mind that the verified publisher is always a business who is part of the Microsoft Partner ecosystem and also, behind the MPN partnering there is, at least, an Azure tenant.
My post of today collects and explains you how to solve every problem that can appear during the process of getting the blue verified badge indicating the trusted publisher of the app.
This is the representation of the steps you have to keep for getting the registration made successfully. The known problems (in red) are explained below in this article:
Some obstacles that I usually find are so common in the scenario:
1. Lot of times you are publishing an app from different tenant that is associated to the MPN, may be from a tenant of your developers.
2. The above situation leads us to deduce that the domain filled in the MPN partnering as an email contact of your business, is not added in the secondary tenant too. Because a domain is only able to be added in one tenant as a custom domain. therefore. the domain .onmicrosoft.com cannot be used in this process and this domain cannot be the domain of the user who makes the registration (Problem in the steps 2 & 4).
The ways to get over the difficulties shown above are:
1. You decide don't make the registration from the main tenant, it needs you to add this second tenant in the MPN Center.
2. You have to verify the domain used in the mail contact filled in MPN Partner Center- organization profile - Legal Info using a microsoft-identity-association.json
And the user who makes the registration needs to be a user with a custom domain, in the login name. So you have to add a custom domain in your tenant previously.
Example.: email@example.com is not allowed.