Update troubleshoot-publisher-verification.md

xurobertMSFT · web-flow · commit 42ba2ce3d154 · 2023-03-08T20:47:37.000-08:00
Adding remediation steps for each given error  - adding links to relevant sections of the doc when available. We've been receiving customer reports of developers finding remediation steps unclear for errors, so adding specific steps for each error is intended to reduce the friction for this process.
diff --git a/articles/active-directory/develop/troubleshoot-publisher-verification.md b/articles/active-directory/develop/troubleshoot-publisher-verification.md
@@ -44,11 +44,7 @@ Below are some common issues that may occur during the process.
     Go to the [MPN User Management page](https://partner.microsoft.com/pcv/users) and filter the user list to see what users are in various admin roles.
 
 - **I am getting an error saying that my MPN ID is invalid or that I do not have access to it.**
-    1. Go to your [partner profile](https://partner.microsoft.com/pcv/accountsettings/connectedpartnerprofile) and verify that: 
-        - The MPN ID is correct. 
-        - There are no errors or “pending actions” shown, and the verification status under Legal business profile and Partner info both say “authorized” or “success”.
-    2. Go to the [MPN tenant management page](https://partner.microsoft.com/dashboard/account/v3/tenantmanagement) and confirm that the tenant the app is registered in and that you're signing with a user account from is on the list of associated tenants. To add another tenant, follow the instructions [here](/partner-center/multi-tenant-account). Be aware that all Global Admins of any tenant you add will be granted Global Administrator privileges on your Partner Center account.
-    3. Go to the [MPN User Management page](https://partner.microsoft.com/pcv/users) and confirm the user you're signing in as is either a Global Administrator, MPN Admin, or Accounts Admin. To add a user to a role in Partner Center, follow the instructions [here](/partner-center/create-user-accounts-and-set-permissions).
+    See the remediation guidance [here](#mpnaccountnotfoundornoaccess).
 
 - **When I sign into the Azure AD portal, I do not see any apps registered. Why?** 
     Your app registrations may have been created using a different user account in this tenant, a personal/consumer account, or in a different tenant. Ensure you're signed in with the correct account in the tenant where your app registrations were created.
@@ -150,53 +146,87 @@ The MPN ID you provided (`MPNID`) doesn't exist, or you don't have access to it.
     
 Most commonly caused by the signed-in user not being a member of the proper role for the MPN account in Partner Center- see [requirements](publisher-verification-overview.md#requirements) for a list of eligible roles and see [common issues](#common-issues) for more information. Can also be caused by the tenant the app is registered in not being added to the MPN account, or an invalid MPN ID.
 
+**Remediation Steps**
+    1. Go to your [partner profile](https://partner.microsoft.com/pcv/accountsettings/connectedpartnerprofile) and verify that: 
+        - The MPN ID is correct. 
+        - There are no errors or “pending actions” shown, and the verification status under Legal business profile and Partner info both say “authorized” or “success”.
+    2. Go to the [MPN tenant management page](https://partner.microsoft.com/dashboard/account/v3/tenantmanagement) and confirm that the tenant the app is registered in and that you're signing with a user account from is on the list of associated tenants. To add another tenant, follow the instructions [here](/partner-center/multi-tenant-account). Be aware that all Global Admins of any tenant you add will be granted Global Administrator privileges on your Partner Center account.
+    3. Go to the [MPN User Management page](https://partner.microsoft.com/pcv/users) and confirm the user you're signing in as is either a Global Administrator, MPN Admin, or Accounts Admin. To add a user to a role in Partner Center, follow the instructions [here](/partner-center/create-user-accounts-and-set-permissions).
+
 ### MPNGlobalAccountNotFound
 
 The MPN ID you provided (`MPNID`) isn't valid. Provide a valid MPN ID and try again.
     
 Most commonly caused when an MPN ID is provided which corresponds to a Partner Location Account (PLA). Only Partner Global Accounts are supported. See [Partner Center account structure](/partner-center/account-structure) for more details.
 
+**Remediation Steps**
+    1. Navigate to your [partner profile](https://partner.microsoft.com/pcv/accountsettings/connectedpartnerprofile) > Identifiers blade > Microsoft Cloud Partners Program Tab
+    2. Use the Partner ID with type PartnerGlobal
+
 ### MPNAccountInvalid
 
 The MPN ID you provided (`MPNID`) isn't valid. Provide a valid MPN ID and try again.
     
 Most commonly caused by the wrong MPN ID being provided.
 
+**Remediation Steps**
+    1. Navigate to your [partner profile](https://partner.microsoft.com/pcv/accountsettings/connectedpartnerprofile) > Identifiers blade > Microsoft Cloud Partners Program Tab
+    2. Use the Partner ID with type PartnerGlobal
+
 ### MPNAccountNotVetted
 
 The MPN ID (`MPNID`) you provided hasn't completed the vetting process. Complete this process in Partner Center and try again. 
     
 Most commonly caused by when the MPN account hasn't completed the [verification](/partner-center/verification-responses) process.
 
+**Remediation Steps**
+    1. Navigate to your [partner profile](https://partner.microsoft.com/pcv/accountsettings/connectedpartnerprofile) and verify that There are no errors or “pending actions” shown, and that the verification status under Legal business profile and Partner info both say “authorized” or “success”.
+    2. If not, view pending action items in Partner Center and troubleshoot with [here](https://learn.microsoft.com/en-us/partner-center/verification-responses)
+
 ### NoPublisherIdOnAssociatedMPNAccount
 
 The MPN ID you provided (`MPNID`) isn't valid. Provide a valid MPN ID and try again. 
    
 Most commonly caused by the wrong MPN ID being provided.
 
+**Remediation Steps**
+    1. Navigate to your [partner profile](https://partner.microsoft.com/pcv/accountsettings/connectedpartnerprofile) > Identifiers blade > Microsoft Cloud Partners Program Tab
+    2. Use the Partner ID with type PartnerGlobal
+
 ### MPNIdDoesNotMatchAssociatedMPNAccount
 
 The MPN ID you provided (`MPNID`) isn't valid. Provide a valid MPN ID and try again.
     
 Most commonly caused by the wrong MPN ID being provided.
 
+**Remediation Steps**
+    1. Navigate to your [partner profile](https://partner.microsoft.com/pcv/accountsettings/connectedpartnerprofile) > Identifiers blade > Microsoft Cloud Partners Program Tab
+    2. Use the Partner ID with type PartnerGlobal
+
 ### ApplicationNotFound
 
 The target application (`AppId`) can’t be found. Provide a valid application ID and try again.
     
-Most commonly caused when verification is being performed via Graph API, and the ID of the application provided is incorrect. Note that the ID of the application must be provided, not the AppId/ClientId.
+Most commonly caused when verification is being performed via Graph API, and the ID of the application provided is incorrect. 
+
+**Remediation Steps**
+    1. The Object ID of the application must be provided, not the AppId/ClientId. See "id" on the list of application properties [here](https://learn.microsoft.com/en-us/graph/api/resources/application?view=graph-rest-1.0)
+    2. Log in to [Azure Active Directory](https://aad.portal.azure.com/) with a user account in your organization's primary tenant > Azure Active Directory > App Registrations blade
+    3. Find your app's registration to view the Object ID
+
 
 ### ApplicationObjectisInvalid 
 
 The target application's object ID is invalid. Please provide a valid ID and try again. 
 
 Most commonly caused when the verification is being performed via Graph API, and the ID of the application provided does not exist. 
 
-> [!NOTE] 
-> The Object ID of the application must be provided, not the AppId/ClientId. See "id" on the list of application properties at [application resource type - Microsoft Graph v1.0 | Microsoft Learn](/graph/api/resources/application).
+**Remediation Steps**
+    1. The Object ID of the application must be provided, not the AppId/ClientId. See "id" on the list of application properties [here](https://learn.microsoft.com/en-us/graph/api/resources/application?view=graph-rest-1.0)
+    2. Log in to [Azure Active Directory](https://aad.portal.azure.com/) with a user account in your organization's primary tenant > Azure Active Directory > App Registrations blade
+    3. Find your app's registration to view the Object ID
 
  
-
 ### B2CTenantNotAllowed
 
 This capability isn't supported in an Azure AD B2C tenant.
@@ -211,6 +241,9 @@ The target application (`AppId`) must have a Publisher Domain set. Set a Publish
 
 Occurs when a [Publisher Domain](howto-configure-publisher-domain.md) isn't configured on the app.
 
+**Remediation Steps**
+    1. Follow the directions [here](https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-configure-publisher-domain#set-a-publisher-domain-in-the-azure-portal) to set a Publisher Domain
+
 ### PublisherDomainMismatch
 
 The target application's Publisher Domain (`publisherDomain`) either doesn't match the domain used to perform email verification in Partner Center (`pcDomain`) or has not been verified. Ensure these domains match and have been verified then try again. 
@@ -219,18 +252,37 @@ Occurs when neither the app's [Publisher Domain](howto-configure-publisher-domai
 
 See [requirements](publisher-verification-overview.md) for a list of allowed domain or sub-domain matches. 
 
+**Remediation Steps**
+    1. Navigate to your [partner profile](https://partner.microsoft.com/pcv/accountsettings/connectedpartnerprofile), and view the email listed as Primary Contact
+    2. The domain used to perform email verification in Partner Center is the portion after the “@” in the Primary Contact’s email
+    3. Log in to [Azure Active Directory](https://aad.portal.azure.com/) > Azure Active Directory > App Registrations blade > (`Your App`) > Branding and Properties
+    4. Click “Update Publisher Domain” and follow the instructions to “Verify a New Domain”
+    5. Add the domain used to perform email verification in Partner Center as a New Domain
+
+
 ### NotAuthorizedToVerifyPublisher
 
 You aren't authorized to set the verified publisher property on application (<`AppId`).
   
 Most commonly caused by the signed-in user not being a member of the proper role for the MPN account in Azure AD- see [requirements](publisher-verification-overview.md#requirements) for a list of eligible roles and see [common issues](#common-issues) for more information.
 
+**Remediation Steps**
+    1. Sign in to the [Azure AD Portal](https://aad.portal.azure.com) using a user account in your organization's primary tenant.
+    2. Navigate to [Role Management](https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RolesAndAdministrators).
+    3. Select the desired admin role and click “Add Assignment” if you have sufficient permissions.
+    4. If you do not have sufficient permissions, contact an admin role for assistance
+
+
 ### MPNIdWasNotProvided
 
 The MPN ID wasn't provided in the request body or the request content type wasn't "application/json".
 
 Most commonly caused when the verification is being performed via Graph API, and the MPN ID wasn’t provided in the request. 
 
+**Remediation Steps**
+    1. Navigate to your [partner profile](https://partner.microsoft.com/pcv/accountsettings/connectedpartnerprofile) > Identifiers blade > Microsoft Cloud Partners Program Tab
+    2. Use the Partner ID with type PartnerGlobal in the request
+
 ### MSANotSupported 
 
 This feature isn't supported for Microsoft consumer accounts. Only applications registered in Azure AD by an Azure AD user are supported.
@@ -243,16 +295,18 @@ Occurs when multi-factor authentication (MFA) hasn't been enabled and performed
 
 The error message displayed will be: "Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to proceed."
 
+**Remediation Steps**
+    1. Ensure [multi-factor authentication](../fundamentals/concept-fundamentals-mfa-get-started.md) is enabled and **required** for the user you're signing in with and for this scenario
+    2. Retry Publisher Verification
+
 ### UserUnableToAddPublisher
 
 When a request to add a verified publisher is made, many signals are used to make a security risk assessment. If the user risk state is determined to be ‘AtRisk’, an error, “You're unable to add a verified publisher to this application. Contact your administrator for assistance” will be returned. Please investigate the user risk and take the appropriate steps to remediate the risk (guidance below): 
 
+**Remediation Steps**
 > [Investigate risk](../identity-protection/howto-identity-protection-investigate-risk.md#risky-users)
-
 > [Remediate risk/unblock users](../identity-protection/howto-identity-protection-remediate-unblock.md)
-
 > [Self-remediation guidance](../identity-protection/howto-identity-protection-remediate-unblock.md)
-
 > Self-serve password reset (SSPR): If the organization allows SSPR, use aka.ms/sspr to reset the password for remediation. Please choose a strong password; Choosing a weak password may not reset the risk state.  
 
 > [!NOTE] 
@@ -275,4 +329,4 @@ If you've reviewed all of the previous information and are still receiving an er
 - TenantId where app is registered
 - MPN ID
 - REST request being made 
-- Error code and message being returned
+- Error code and message being returned
