Share via

Problems with MPN id association. MFA required error

Versus Soft 1 Reputation point
2022-12-21T20:06:56.597+00:00

I want to develop a app to read IMAP email from O365 mailboxes. From now is required oAuth2 and to obtain Client ID i must register on Azure Portal. I understand.

I have registered as partner with user "user@myad.onmicrosoft.com". I have now a partner id

Also i have registered with Azure account with the same user "user@myad.onmicrosoft.com"

In Azure, App registration, when i try to enter MPN id show the error "Must use MFA to continue" . I think now the admin user of Azure must be MFA authenticated.

I have changed the user profile of "user@myad.onmicrosoft.com" to enable MFA and registered in MIcrosoft Authentication App. It's works: by example i can reset the password using MFA.
However when i auth to Azure portal, Microsoft only ask user and password and not use MFA to authenticate
Then can`t solve the above error .

I have read Azure AD MFA is a suscription service and and is needed to suscribe to Azure AD P2 to enable MFA and validate as MPN.

Then i can't develop a application to access IMAP O365 without paying a mensual suscription to Microsoft?

Even more. I have created another Microsoft account, enabled MFA authentication, and assigned it as an external AD user with global admin and cloud app admin privileges. Since it does not belong to the AD, it always authenticates me by MFA. However, the same error that the account does not have MFA continues to appear.

Regards,
Guillermo

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,992 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bruce (SqlWork.com) 58,856 Reputation points
    2022-12-21T20:57:22.68+00:00

    to access o365 mailbox with an application:

    using the desired o365 admin account, create the application id, and set the mailbox permissions via api configuration. the app will either delegate user permissions or use app permission. save the tenantid, clientid, & secret for the app;

    you use MPN when you publish an app that will be used by other organizations, not your own. this allows other organization to allow users to access your application even though its not defined in the same ad.

    to really setup MPN you need two ad domains. one for the partner verified app and one for the test client ad that will approve the partner app and assign user permissions to the app.

    0 comments