To allow the users of our platform to sign in using their Microsoft account, we've created an app in our Azure Active Directory as per the documentation. I configured everything appropriately, until noticing you're required to be a verified publisher to let users from other Azure tenants actually use your app:
Starting November 9th, 2020 end users will no longer be able to grant consent to newly registered multitenant apps without verified publishers.
To comply with this, I've signed up for Microsoft Partner Network as per the documentation, which lists the following requirements:
An MPN ID for a valid Microsoft Partner Network account that has completed the verification process. This MPN account must be the Partner global account (PGA) for your organization.
I have the global MPN ID for our accountAn app registered in an Azure AD tenant, with a Publisher Domain configured.
App is configured, has our Azure-AD domain set (company.tld)The domain of the email address used during MPN account verification must either match the publisher domain configured on the app or a DNS-verified custom domain added to the Azure AD tenant.
I used my company email address (me@company.tld), the custom domain is DNS-verified tooThe user performing verification must be authorized to make changes to both the app registration in Azure AD and the MPN account in Partner Center.
I am a global administrator to bothThe user performing verification must sign in using multi-factor authentication.
I am signed in using MFAThe publisher agrees to the Microsoft identity platform for developers Terms of Use.
Yes, I've sold my soul to Microsoft
Regardless, upon entering our MPN ID into the appropriate field, the following error message appears:
A verified publisher cannot be added to this application. Please contact your administrator for assistance. [
AOXM7kbHnu1OFc9wRGbqMN
]
I have copied the ID verbatim, and entering a malformed ID triggers another error, so I'm fairly confident it's the right one.
I've researched and found several reports of this problem, which seem to have resolved after waiting 48 hours:
I've thoroughly waited for three days now, but the issue did not resolve by itself. Is there anything I've missed, any requirement not listed on the docs page, or a debugging step I can do to fix this? After all, I just wanted to have a "Sign in with Microsoft" button, which took approximately 5 minutes to set up with every other provider out there.
Update: A week after trying to set the MPN ID for the first time, it has been accepted now. I didn't want to post this as an answer, though, because it isn't one: Nothing in the documentation of the process makes it clear there's a week-long waiting period.
Maybe there is something prolonging the process others could seek to avoid?