MicrosoftDocs
diff --git a/‎articles/active-directory/develop/TOC.yml
Lines changed: 8 additions & 0 deletions b/‎articles/active-directory/develop/TOC.yml
Lines changed: 8 additions & 0 deletions
diff --git a/‎articles/active-directory/develop/mark-app-as-publisher-verified.md
Lines changed: 77 additions & 0 deletions b/‎articles/active-directory/develop/mark-app-as-publisher-verified.md
Lines changed: 77 additions & 0 deletions
diff --git a/‎articles/active-directory/develop/media/publisher-verification-overview/consent-prompt.png
51.6 KB b/‎articles/active-directory/develop/media/publisher-verification-overview/consent-prompt.png
51.6 KB
diff --git a/‎articles/active-directory/develop/publisher-verification-overview.md
Lines changed: 70 additions & 0 deletions b/‎articles/active-directory/develop/publisher-verification-overview.md
Lines changed: 70 additions & 0 deletions
@@ -433,6 +433,8 @@
       href: supported-accounts-validation.md
     - name: Single tenant and multi-tenant apps
       href: single-and-multi-tenant-apps.md
+    - name: Publisher verification (preview)
+      href: publisher-verification-overview.md
   - name: Permissions and consent
     displayName: Scopes
     items:
@@ -503,6 +505,12 @@
       href: howto-configure-publisher-domain.md
     - name: Configure Terms of Service and Privacy Statement
       href: howto-add-terms-of-service-privacy-statement.md
+    - name: Configure publisher verification for your app  
+      items:
+      - name: Mark your app as publisher verified (preview)
+        href: mark-app-as-publisher-verified.md
+      - name: Troubleshoot publisher verification (preview)
+        href: troubleshoot-publisher-verification.md
   - name: Work with Microsoft Authentication Library
     displayName: MSAL
     items:
 
@@ -0,0 +1,77 @@
+---
+title: Mark an app as publisher verified - Microsoft identity platform | Azure
+description: Describes how to mark an app as publisher verified. When an application is marked as publisher verified, it means that the publisher has verified their identity using a Microsoft Partner Network account that has completed the verification process and has associated this MPN account with their application registration.
+services: active-directory
+author: rwike77
+manager: CelesteDG
+ms.service: active-directory
+ms.subservice: develop
+ms.topic: conceptual
+ms.workload: identity
+ms.date: 05/08/2020
+ms.author: ryanwi
+ms.custom: aaddev
+ms.reviewer: jesakowi
+---
+
+# Mark your app as publisher verified (preview)
+
+When an application is marked as publisher verified, it means that the publisher has verified their identity using their Microsoft Partner Network (MPN) account and has associated this MPN account with their application registration. This article describes how to complete the [publisher verification (preview)](publisher-verification-overview.md) process.
+
+## Quickstart
+If you are already enrolled in the Microsoft Partner Network (MPN) and have met the [pre-requisites](publisher-verification-overview.md#requirements), you can get started right away: 
+
+1. Navigate to the preview [App Registration portal](https://aka.ms/PublisherVerificationPreview).
+
+1. Choose an app and click **Branding**. 
+
+1. Click **Add MPN ID to verify publisher** and review the listed requirements.
+
+1. Enter your MPN ID and click **Verify and save**.
+
+For more details on specific benefits, requirements, and frequently asked questions see the [overview](publisher-verification-overview.md).
+
+
+## Mark your app as publisher verified
+Make sure you have met the [pre-requisites](publisher-verification-overview.md#requirements), then follow these steps to mark your app(s) as Publisher Verified.  
+
+1. Ensure you are signed in with an organizational (Azure AD) account that is authorized to make changes to the app(s) you want to mark as Publisher Verified and on the MPN Account in Partner Center. 
+
+    - In Azure AD this user must either be the Owner of the app or have one of the following roles: Application Admin, Cloud Application Admin, Global Admin. 
+
+    - In Partner Center this user must have of the following roles: MPN Admin, Accounts Admin, or a Global Admin (this is a shared role mastered in Azure AD). 
+
+1. Navigate to the preview version of the App Registration portal:  
+
+1. Click on an app you would like to mark as Publisher Verified and open the Branding blade. 
+
+1. Ensure the app’s Publisher Domain is set appropriately. This domain must be: 
+
+    - Be added to the Azure AD tenant as a DNS-verified custom domain,  
+
+    - Match the domain of the email address used during the verification process for your MPN account. 
+
+1. Click **Add MPN ID to verify publisher** near the bottom of the page. 
+
+1. Enter your **MPN ID**. This MPN ID must be for: 
+
+    - A valid Microsoft Partner Network account that has completed the verification process.  
+
+    - The Partner global account (PGA) for your organization. 
+
+1. Click **Verify and save**. 
+
+1. Wait for the request to process, this may take a few minutes. 
+
+1. If the verification was successful, the publisher verification window will close, returning you to the Branding blade. You will see a blue verified badge next to your verified **Publisher display name**. 
+
+1. Users who get prompted to consent to your app will start seeing the badge soon after you have gone through the process successfully, although it may take some time for this to replicate throughout the system. 
+
+1. Test this functionality by signing into your application and ensuring the verified badge shows up on the consent screen. If you are signed in as a user who has already granted consent to the app, you can use the *prompt=consent* query parameter to force a consent prompt. 
+
+1. Repeat this process as needed for any additional apps you would like the badge to be displayed for. You can use Microsoft Graph to do this more quickly in bulk, and PowerShell cmdlets will be available soon. See [Making Microsoft API Graph calls](troubleshoot-publisher-verification.md#making-microsoft-graph-api-calls) for more info. 
+
+That’s it! Let us know if you have any feedback about the process, the results, or the feature in general. 
+
+## Next steps
+If you run into problems, read the [troubleshooting information](troubleshoot-publisher-verification.md).
@@ -0,0 +1,70 @@
+---
+title: Publisher verification overview - Microsoft identity platform | Azure
+description: Provides an overview of the publisher verification program (preview) for the Microsoft identity platform. Lists the benefits, program requirements, and frequently asked questions. When an application is marked as publisher verified, it means that the publisher has verified their identity using a Microsoft Partner Network account that has completed the verification process and has associated this MPN account with their application registration.
+services: active-directory
+author: rwike77
+manager: CelesteDG
+ms.service: active-directory
+ms.subservice: develop
+ms.topic: conceptual
+ms.workload: identity
+ms.date: 05/08/2020
+ms.author: ryanwi
+ms.custom: aaddev
+ms.reviewer: jesakowi
+---
+
+# Publisher verification (preview)
+
+Publisher verification (preview) helps admins and end users understand the authenticity of application developers integrating with the Microsoft identity platform. In other words, is the publisher a known source or a bad actor disguising themselves as a well-known publisher? When an application is marked as publisher verified, it means that the publisher has verified their identity using a [Microsoft Partner Network](https://partner.microsoft.com/membership) account that has completed the [verification](/partner-center/verification-responses) process and has associated this MPN account with their application registration. 
+
+A blue "verified" badge appears on the Azure AD consent prompt and other screens:
+![Consent prompt](./media/publisher-verification-overview/consent-prompt.png)
+
+This feature is primarily for developers building multi-tenant apps that leverage [OAuth 2.0 and OpenID Connect](active-directory-v2-protocols.md) with the [Microsoft identity platform](v2-overview.md). These apps can sign users in using OpenID Connect, or they may use OAuth 2.0 to request access to data using APIs like [Microsoft Graph](https://developer.microsoft.com/graph/).
+
+## Benefits
+Publisher verification provides the following benefits:
+- **Increased transparency and risk reduction for customers**- this capability helps customers understand which apps being used in their organizations are published by developers they trust. 
+
+- **Improved branding**- a “verified” badge appears on the Azure AD [consent prompt](application-consent-experience.md), Enterprise Apps page, and additional UX surfaces used by end users and admins. 
+
+- **Smoother enterprise adoption**- admins can configure new User Consent Policies, and publisher verification status will be one of the primary policy criteria. 
+
+- **Improved risk evaluation**- Microsoft’s detections for “risky” consent requests will include publisher verification as a signal. 
+
+## Requirements
+There are a few pre-requisites for publisher verification, some of which will have already been completed by many Microsoft partners. They are: 
+
+-  An MPN ID for a valid [Microsoft Partner Network](https://partner.microsoft.com/membership) account that has completed the [verification](/partner-center/verification-responses) process. This MPN account must be the [Partner global account (PGA)](/partner-center/account-structure#the-top-level-is-the-partner-global-account-pga) for your organization. 
+
+-  An Azure AD tenant with a DNS-verified [custom domain](/azure/active-directory/fundamentals/add-custom-domain). The custom domain must match the domain of the email address used during verification in the previous step. 
+
+-  An app registered in an Azure AD tenant, with a [Publisher Domain](howto-configure-publisher-domain.md) configured using the same domain as previously used. 
+
+-  The user performing verification must be authorized to make changes to both the app registration in Azure AD and the MPN account in Partner Center. 
+
+    -  In Azure AD this user must either be the Owner of the app or have one of the following [roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles): Application Admin, Cloud Application Admin, Global Admin. 
+
+    -  In Partner Center this user must have of the following [roles](/partner-center/permissions-overview): MPN Admin, Accounts Admin, or a Global Admin (this is a shared role mastered in Azure AD).
+    
+-  The publisher agrees to the [Microsoft identity platform for developers Terms of Use](/legal/microsoft-identity-platform/terms-of-use).
+
+Developers who have already met these pre-requisites can get verified in a matter of minutes. If the requirements have not been met, getting set up is free. 
+
+## Frequently asked questions 
+Below are some frequently asked questions regarding the publisher verification program. For FAQs related to the requirements and the process, see [mark an app as publisher verified](mark-app-as-publisher-verified.md).
+
+- **What information does publisher verification __not__ provide?**  When an application is marked publisher verified this does not indicate whether the application or its publisher  has achieved any specific certifications, complies with industry standards, adheres to best practices, etc. Other Microsoft programs do provide this information, including [Microsoft 365 App Certification](/microsoft-365-app-certification/overview).
+
+- **How much does this cost? Does it require any license?** Microsoft does not charge developers for publisher verification and it does not require any specific license. 
+
+- **How does this relate to Microsoft 365 Publisher Attestation? What about Microsoft 365 App Certification?** These are complementary programs that developers can use to create trustworthy apps that can be confidently adopted by customers. Publisher verification is the first step in this process, and should be completed by all developers creating apps that meet the above criteria. 
+
+  Developers who are also integrating with Microsoft 365 can receive additional benefits from these programs. For more information, refer to [Microsoft 365 Publisher Attestation](/microsoft-365-app-certification/docs/attestation) and [Microsoft 365 App Certification](/microsoft-365-app-certification/docs/certification). 
+
+- **Is this the same thing as the Azure AD Application Gallery?** No- publisher verification is a complementary but separate program to the [Azure Active Directory application gallery](/azure/active-directory/azuread-dev/howto-app-gallery-listing). Developers who fit the above criteria should complete the publisher verification process independently of participation in that program. 
+
+## Next steps
+* Learn how to [mark an app as publisher verified](mark-app-as-publisher-verified.md).
+* [Troubleshoot](troubleshoot-publisher-verification.md) publisher verification.