Search code examples
azure-app-registrationmicrosoft-partner-center

Issue setting the MPN (Microsoft Partner Network) id to an App Registration

I have an MPN id and I'm trying to set this id on the "Branding & properties" section to have the verified badge on the logging process of my apps. I've tried to use the Graph API, Graph CLI and set this programatically with C# but I'm having issues.

When I use a token generated by the App Registration that was used to create the App Registration I want to update, I receive a 404 error in Postman and when I use a token generated by the App Registration I’m trying to update, I receive a 403 error.

What will be the minimum permission required to update the App Registration to set the MPN id?

Mother APP Registration permissions enter image description here

App registration to update permissions enter image description here

Graph API request with postman enter image description here

Graph CLI enter image description here

Solution

  • Error: Insufficient priveleges to complete the operation

    As mentioned in this MsDoc,To resolve the error and to set the verifiedPublisherID you should have at least Delegated type Application.ReadWrite.All API Permission.

    Registered Microsoft Entra Single Tenant Application, Added and Granted Delegated type Application.ReadWrite.All API permission like below:

    enter image description here

    To generate the access token for Delegated type Application.ReadWrite.All using authorization_code flow.

    Firstly, To get code, I ran below authorization request in browser:

    
https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/authorize? 
&client_id=<app_id>
&redirect_uri= https://jwt.ms
&response_type=code  
&response_mode=query  
&scope=https://graph.microsoft.com/.default

    enter image description here

    Now, I generated Access token using authorization_code flow :

    GET https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token 
client_id=<app_id>
client_secret = <client_secret>
redirect_uri= https://jwt.ms
code=<code which generated from browser>
scope= https://graph.microsoft.com/.default
grant_type = authorization_code

    enter image description here

    Use same access token in to set verified publisher:

    POST https://graph.microsoft.com/v1.0/applications/{id}/setVerifiedPublisher

Content-type: application/json

{
    "verifiedPublisherId": "<ID>"
}

    If operation successful, this method returns a 204 No Content response code.

    Reference:

    SetVerifiedPublisher