Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,651 questions
Hi @Erwin Sinniah ,
There are a few things to check:
Make sure that MFA is enabled on the account. If you are the admin of the account, you can follow the steps to enable MFA or make sure that security defaults are enabled. You can then go to aka.ms/mfasetup to configure your MFA methods.
Then, I would double check that your MPN associated with Azure AD and the current directory are same. You cannot associate an MPN with different directory other than one approved.
As long as you created the App Registration where the domain is primary domain (used to verify MPN ID in the Partner Center), and enabled MFA for the user who is trying to add MPN ID to Application, you should be able to resolve this issue.
I don't think this applies to your situation based on the error message you included, but I will also note that you can get blocked if your account has been identified as a "risky user." If the user is on the “risky users” list, you or your admin may need to perform remediation steps to eliminate user risk. Reference: Remediate risks and unblock users in Azure AD Identity Protection | Microsoft Learn. After remediating, it will take several hours to invoke dismiss process in our backend, and then you can try adding the MPN ID again.
Let me know if these steps help.
Marilee
Apologies for the delayed reply! If you plan to have users from both tenants accessing the app, you can register the app as a multi-tenant app in the named directory. https://learn.microsoft.com/en-us/azure/active-directory/develop/single-and-multi-tenant-apps
If you plan to keep all of your resources in one directory you could also merge them, but doing so usually involves recreating most of your resources and is a pretty long and complicated process, and it seems like in your case the multi-tenant app registration would be sufficient.