Multi Tenant App Registration, Error when Adding MPN ID to verify publisher

Simon Shaw 6 Reputation points
2022-02-10T08:47:02.373+00:00

Based on this tutorial I have registered a multi-tenant app in my Azure domain.
The tutorial does not relate to the "publisher verification" warning that appears in the "Branding & properties" section of the created app

Starting November 9th, 2020 end users will no longer be able to grant consent to newly registered multitenant apps without verified publishers.

When I attempt to "Add MPN ID to verify publisher", I either get one of the 2 following errors based on the MPN ID, I use:

  • Location: The MPN ID you provided (mpnid) does not exist, or you do not have access to it. Please provide a valid MPN ID and try again. Please refer to this link for additional information [AwhPVGfue77+ppG8sC/d4Z]
  • Global: You are unable to add a verified publisher to this application. Please contact your administrator for assistance. Please refer to this link for additional information [AwhPVGfue77+ppG8sC/d4Z]

In the partner portal the user that I have been testing with has the following roles:

  • Global admin
  • Account admin
  • MPN partner admin
  • Owner

My organization has verified ownership of the custom domain we are using in Azure AD using DNS verification.
I noticed that many of the questions on this issue claim that the problem disappeared after a few days (up to 5).
I registered the application 2 days ago and I am still seeing the problem.
What can I do to find the underlying cause of this as quickly as possible?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,297 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Marilee Turscak-MSFT 33,621 Reputation points Microsoft Employee
    2022-02-10T16:20:15.647+00:00

    Hi @Simon Shaw ,

    I understand that you are having an issue adding an MPN ID, even though you have the correct permissions and roles for the tenant, and you are seeing the following two errors:

    Location: The MPN ID you provided (mpnid) does not exist, or you do not have access to it. Please provide a valid MPN ID and try again. Please refer to this link for additional information.

    Global: You are unable to add a verified publisher to this application. Please contact your administrator for assistance. Please refer to this link for additional information.

    There are a few things to check if you have not done so already:

    1) Make sure that MFA is enabled on the account. Since you are the admin of the account, you can follow the steps to enable MFA or make sure that security defaults are enabled. You can then go to aka.ms/mfasetup to configure your MFA methods.

    2) Then, I would verify that your MPN associated with Azure AD and the current directory are same. You cannot associate an MPN with different directory other than one approved.

    As long as you created the App Registration where the domain is primary domain (used to verify MPN ID in the Partner Center), and enabled MFA for the user who is trying to add MPN ID to Application, you should be able to resolve this issue.

    I don't think this applies to your situation based on the error messages you included, but I will also note that you can get blocked if your account has been identified as a "risky user." If the user is on the “risky users” list, youmay need to perform remediation steps to eliminate user risk. Reference: Remediate risks and unblock users in Azure AD Identity Protection | Microsoft Learn. After remediating, it will take several hours to invoke dismiss process in our backend, and then you can try adding the MPN ID again.

    Let me know any of these steps help resolve the issue and if you still have trouble.

    Marilee

    -
    If this answer was helpful to you, please remember to "mark as answer" so that others in the community facing similar issues can more easily find a solution.

    0 comments No comments

  2. Simon Shaw 6 Reputation points
    2022-02-10T16:57:45.803+00:00

    Hi Marilee,
    Thanks for your quick and full response.

    1. MFA is enabled on the account
    2. I logged into the partner portal (to get the MPN ID) and Azure App Registrations (to apply the MPN ID) using the same user credentials. Is this what you mean?

    Additionally, I have tried with another user who is also global admin in AD (with MFA) and that did not work either.
    This has been the configuration since I started trying to get this work.
    Any other ideas on how to move forward on this?
    Simon

    0 comments No comments