"Owned applications" in AzureAD "App registrations" appear with unverified domain

Mark Babayev 226 Reputation points
2022-05-01T11:58:38.637+00:00

Hello.
We have a number of registered applications in Azure AD. The Azure AD is administrated by the personal account trustifidev@Stuff .com.
We have both "owned applications" and "applications from personal account".
We have verified domain "trustifi.com" and also all application IDs (from both sides) exist in the https://trustifi.com/.well-known/microsoft-identity-association.json.
The "owned applications" have verified "Publisher domain" and when clicking on the "Update domain" it also allows to select a verified domain.

The problem is that the "trustifi.com" domain still appears unverified for the users. It happens only for "owned applications". The "applications from personal account" behave correct.
Maybe, for the "owned applications" it is required to associate them with the MPN ID to see them as verified?
We have a MPN ID (6559341), but it is registered to our work account (***@trustificorp.com) and it is impossible to connect it to the "gmail.com" account.

An example of the problematic application ID - 2a65007f-6337-4156-9553-679ef3306ecc.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,576 questions
0 comments No comments
{count} votes

Accepted answer
  1. Siva-kumar-selvaraj 15,601 Reputation points
    2022-05-11T19:56:37.487+00:00

    Hello @Mark Babayev ,

    Thanks for reaching out and apologies of the delayed response.

    Based on your query understand that you are using your personal account in Azure AD as administrated for managing App registration and for Publisher Verification, but which is not right approach in this case because personal accounts can't be used for publisher verification i.e., apps registered via personal account aren't eligible for publisher verification.

    Therefore, you need to use a Azure AD account to register applications instead of personal account. To learn more, refer to the pre-requisites for publisher verification. Hope this helps.

    If you have any other questions, please let us know. Thank you for your time and patience throughout this issue.

    -----
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Mark Babayev 226 Reputation points
    2022-05-12T08:01:54.98+00:00

    Hello! Thank you for an answer.

    So, it seems that we have 2 options:

    From one side we must use v1.0 endpoint because we don't know an admin tenant when registering new Exchange Server client and v2.0 endpoint doesn't allow using common tenants. From another side we cannot publish owned application because the personal account cannot be linked to the MPN ID.

    Are all my assumptions correct?

    1 person found this answer helpful.
    0 comments No comments