Common problems publishing an app with Verified publisher

 

As Microsoft explain here.

Publisher verification gives app users and organization admins information about the authenticity of the developer's organization, who publishes an app that integrates with the Microsoft identity platform.

When an app has a verified publisher, this means that the organization that publishes the app has been verified as authentic by Microsoft. Verifying an app includes using a Microsoft Cloud Partner Program (MCPP), formerly known as Microsoft Partner Network (MPN), account that's been verified and associating the verified PartnerID with an app registration.

Keep in mind that the verified publisher is always a business who is part of the Microsoft Partner ecosystem and also, behind the MPN partnering there is, at least, an Azure tenant.

My post of today collects and explains you how to solve every problem that can appear during the process of getting the blue verified badge indicating the trusted publisher of the app.

This is the representation of the steps you have to keep for getting the registration made successfully. The known problems (in red) are explained below in this article:

Some obstacles that I usually find are so common in the scenario:

1. Lot of times you are publishing an app from different tenant that is associated to the MPN, may be from a tenant of your developers.

2. The above situation leads us to deduce that the domain filled in the MPN partnering as an email contact of your business, is not added in the secondary tenant too. Because a domain is only able to be added in one tenant as a custom domain. therefore. the domain .onmicrosoft.com cannot be used in this process and this domain cannot be the domain of the user who makes the registration (Problem in the steps 2 & 4).

3. Sending an invitation as guest is some times complicated, because the identity that you want to invite, doesn't has a mailbox and the invitation is sent as email. 

The ways to get over the difficulties shown above are:

1. You decide don't make the registration from the main tenant, it needs you to add this second tenant in the MPN Center.

2. You have to verify the domain used in the mail contact filled in MPN Partner Center- organization  profile - Legal Info using a microsoft-identity-association.json 

And the user who makes the registration needs to be a user with a custom domain, in the login name.  So you have to add a custom domain in your tenant previously. 

Example.: user@contosoapp.onmicrosoft.com is not allowed.

It fix this problem: 

The target application's Publisher Domain (publisherDomain) either doesn't match the domain used to perform email verification in Partner Center (pcDomain) or has not been verified. Ensure these domains match and have been verified then try again.

3. After the invitation to a guest has been sent, you are able to get the link that has to be accepted, going to the guest object, and clicking on the Resend Invitation.

For more information: Troubleshoot publisher verification - Microsoft Entra | Microsoft Learn

I hope it helps you.