Microsoft Verification Guide
This article will explain how to join the Microsoft Partner Network (MPN), create an Azure application, and verify your application.
Overview
Why Is This Process Required?
Starting in November 2020, end-users will no longer be able to grant consent to most newly registered multi-tenant apps without verified publishers if risk-based step-up consent is enabled. A warning will be displayed on the consent screen informing users that these apps are risky and are from unverified publishers.
Microsoft recommends restricting user consent to allow users to consent only for applications from verified publishers, as well as only for permissions you select. For apps that don't meet this policy, your organization's IT team will be responsible for making any decisions. This means that if you aren't verified, you'll likely need admin consent from O365 organizations before any users can connect their individual accounts. This can block adoption.
If you run into any issues, you can read more about troubleshooting publisher verification on Microsoft's website.
Is This Similar to Google's Verification Process?
Yes and no. While it serves the same general purpose for end user security, you’ll find that Microsoft’s process is far less time-consuming and resource intensive.
For more information on Microsoft's publisher verification, check out their guide.
Verification Instructions
The steps below will guide you on becoming a verified publisher.
Step 1: Become a Verified Member of the Microsoft Partner Network (MPN)
As a Microsoft partner, you’ll have access to resources, programs, tools, and connections. Discover a community designed to help you grow. See the Membership page for instructions on how to join.
Step 2: Verify Your Domain with Microsoft
To verify a new domain for your app, follow the steps below:
- Create a file named "microsoft-identity-association.json" and paste the following JSON code snippet:
{
"associatedApplications": [
{
"applicationId": "YOUR-APP-ID-HERE"
},
{
"applicationId": "YOUR-OTHER-APP-ID-HERE"
}
]
}
- Replace the placeholder "YOUR-APP-ID-HERE" with the application (client) ID that corresponds to your app.
- Host the file at
https://"YOUR-DOMAIN-HERE".com/.well-known/microsoft-identity-association.json
- Replace the placeholder "YOUR-DOMAIN-HERE" to match the verified domain.
- Click Verify and save domain.
You're not required to maintain the resources that are used for verification after a domain has been verified. When the verification is complete, you can remove the hosted file.
Step 3: Create an Azure App
Follow our guide on creating an Azure app
Step 4: Add your Partner Global Account (PGA) ID to your Azure App
You can find your PGA ID on Microsoft's website.
Once you’ve found it, add it to your Azure app. Navigate to the Azure AD Portal > Branding to add it to your application.
Congrats!
Once you’ve completed all of the steps, you’re all done and your app is verified! To confirm, verify that a blue checkmark appears next to your publisher display name in the Publisher Verification section.
FAQ
I Didn’t Receive Confirmation That My App Was Verified. What Gives?
This is expected behavior. Unlike Google, Microsoft does not explicitly notify you once you're verified.
The best way to confirm completion is to verify that a blue checkmark appears next to your publisher display name in the Publisher Verification section.
How Long Does the Verification Process Take?
This process can typically be completed from beginning to end within a few business days.