Score:0

Azure AD Publisher verification - This capability is not supported in an email-verified tenant

ws flag

I have created an application in Azure AD and already have verified MPN ID to associate with this application.

When I add MPN ID I get the error:

This capability is not supported in an email-verified tenant.

There is a custom domain in the tenant, and it shows as "verified". The verification was done by uploading a json file to a .well-known folder.

Please clarify, how can I properly proceed with this and correctly associate MPN ID. I am sure it is something simple, but after hours of looking I cannot find anything related to this.

The only thing similar I found is this post: https://learn.microsoft.com/en-us/answers/questions/289672/34email-verified-tenant34-error-when-attempting-to.html?childToView=1084329

But it doesn't clarify where to actually continue verification using the TXT record (I know how to add a TXT record). But I don't even think that is needed, because the domain verification was done with the JSON file and the code in it - TXT record from all that I found could have been the old verification method for the domain.

Any thoughts?

Coder12345 avatar
ws flag
Why the downvote?
Jevgenij Martynenko avatar
us flag
My advise would be to contact Microsoft Support. They will be able to solve the issue
Score:1
ws flag

I solved the problem myself.

Under the page - partner.microsoft.com where the MPN ID is approved, I had to go to User Management tab in the left side, and then click a link to become administrator and owner which is shown there. By default, when the account is created, it is only email-authorized, but in order for it to become domain-verified, you also have to make it as administrator, after it is created initially.

Once I clicked that link, it presented a screen with the TXT value for DNS entry which I added it to my domain and after clicking the "Verify" button, it worked and it converted my account into Account admin, Referrals admin, MPN partner admin, Owner. Some of the steps and button names are from memory as I didn't document them along the way but this is very much how the process went.

Then I was able to add verified MPN ID to the application created in the portal.azure.com (Branding & properties section) and now it shows the verified blue badge.

One pitfall I had is that also under the partner.microsoft.com - User management tab - Azure AD Applications sub-tab, I added my application. That was a mistake - don't do that. When I tried to add MPN ID under portal.azure.com it warned me that I was not the owner. After removing the app from Azure AD Applications in the partner.microsoft.com it worked then and I was able to add MPN ID under the portal.azure.com.

This process could certainly be much easier than it is, it is very unintuitive as it is IMHO. There are many ways to fail, many unnecessary steps like linking the partner account with azure AD portal account, it is not clearly explained and I spent days to locate what basically took 2 minutes once I knew where to look. A good video tutorial by Microsoft would be more helpful.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.