How can I verify my Azure application domain if I cannot host a .json file in the .well-known directory?

Vinicius Dreher 0 Reputation points
2025-01-04T08:49:35.7566667+00:00

I am trying to verify my domain for an Azure application, VIDA-Walk, but I am encountering limitations due to my website hosting platform. Azure requires the JSON file (microsoft-identity-association.json) to be hosted at the following exact path:

https://vida-engineering.com/.well-known/microsoft-identity-association.json

However, my website hosting platform (123 Reg) does not allow uploading .json files or creating a .well-known directory at the root level of my domain. As a result, I cannot meet the Azure verification requirements directly.

To work around this limitation, I have created a public webpage on my website that displays the required JSON content. The page is accessible at:

https://vida-engineering.com/identity-verification

The JSON content hosted on this page is as follows:

{"associatedApplications":[{"applicationId":"bd7bf68a-7ba7-4c57-8526-b9f29b26b329"}]}	

My questions are:

  1. Is there an alternative way to verify my domain using the above URL, considering I cannot host the JSON file in the .well-known directory?
  2. Are there any other Azure-supported methods for domain verification, such as DNS records or manual verification?
  3. Would Azure support be able to assist in verifying the domain using this alternative hosted URL?

I am open to any suggestions or best practices that can help resolve this issue without switching hosting providers. Thank you for your assistance!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,991 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Vinodh247 27,281 Reputation points MVP
    2025-01-04T10:17:38.8833333+00:00

    If your hosting platform prevents hosting the microsoft-identity-association.json file in the .well-known directory, here are some alternative solutions to verify your azure application domain:

    DNS Record Verification: Azure supports domain verification using DNS records. Add a TXT record with a specific verification code provided by Azure to your domain's DNS settings. This method does not require hosting files and is compatible with most platforms.

    Azure Support Assistance: Reach out to Azure Support and explain the limitation with your hosting platform. While Azure requires the JSON file to be in the .well-known directory, support might provide guidance or accept your alternative hosted URL for verification, though this is not guaranteed.

    Switching to a Proxy Setup: If possible, use a reverse proxy or middleware (e.g., Azure Front Door, Application Gateway) to route requests to the .well-known path to your custom verification page. This method allows the .well-known path to be virtually created without modifying your hosting platform's constraints.

    Consider Alternate Hosting for Verification: Temporarily switch the domain’s hosting to a platform that supports the .well-known directory. Once verification is complete, revert to the original hosting provider.

    DNS verification is the most straightforward and commonly supported solution. If feasible, prioritize this method to bypass the constraints of your hosting platform.

    0 comments No comments

  2. Raja Pothuraju 11,515 Reputation points Microsoft Vendor
    2025-01-07T19:36:15.79+00:00

    Hello @Vinicius Dreher,

    Thank you for posting your query on Microsoft Q&A.

    Based on the information provided, it appears you are attempting to verify a publisher domain for an application on your Entra tenant via the microsoft-identity-association.json method and are exploring alternative options. Please find the answers to your queries below:

    Is there an alternative way to verify my domain using the above URL, considering I cannot host the JSON file in the .well-known directory?

    Ans: Yes, you can quickly verify your publisher domain for your application through the Azure Portal UI by entering the custom domain name. Please refer to the screenshot below for guidance.

    User's image

    Are there any other Azure-supported methods for domain verification, such as DNS records or manual verification?

    Ans: If the domain is already verified under the custom domain names in your tenant, you can navigate to: Microsoft Entra IDApp registrationsSelected applicationBranding and propertiesUpdate domain → Select a verified domain.

    User's image

    Would Azure support be able to assist in verifying the domain using this alternative hosted URL?

    Ans: Yes, if it is in file format of microsoft-identity-association.json.

    Additionally, ensure that your custom domain is verified in your tenant by adding the required TXT and MX records to your DNS settings.

    For more details, please refer to the following documents:

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Thanks,
    Raja Pothuraju.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.