Share via

Unable to Verify Custom Domain in Azure App Registration Despite Correct DNS and Validation File

Devesh Tiwari 180 Reputation points
2026-06-25T08:59:24.9733333+00:00

I am trying to verify a custom domain for Publisher Verification in Azure App Registration, but the verification continues to fail even though all validation requirements appear to be correctly configured.

Domain: avistais.com

Validation File URL: https://avistais.com/.well-known/microsoft-identity-association.json

The file is publicly accessible and returns the following:

{
  "associatedApplications": [
    {
      "applicationId": "0d5471d1-50e2-426a-afdb-4b1f4c87a589"
    }
  ]
}

HTTP Response:

  • Status: 200 OK
  • Content-Type: application/json
  • HTTPS enabled with valid SSL certificate

Response headers:

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0

Additional checks performed:

  • The JSON file is accessible from browsers and curl.
  • No AAAA (IPv6) records are configured for the domain.
  • The hosting provider has confirmed the DNS records are correctly configured.
  • The domain is verified in Microsoft Partner Center.

Despite this, Azure App Registration continues to fail domain verification.

Has anyone encountered a similar issue where the validation file is accessible and correctly configured, but Azure is still unable to verify the domain? Are there any backend validation logs, known issues, or additional checks that can be performed?

Any guidance would be appreciated. Cache-Control: no-store, no-cache, must-revalidate, max-age=0

Additional checks performed:

  • The JSON file is accessible from browsers and curl.
  • No AAAA (IPv6) records are configured for the domain.
  • The hosting provider has confirmed the DNS records are correctly configured.
  • The domain is verified in Microsoft Partner Center.
  • Microsoft support has indicated that the issue may be related to Azure App Registration Publisher Verification / MPN domain validation and advised us to contact the appropriate Azure team.

Despite this, Azure App Registration continues to fail domain verification.

Has anyone encountered a similar issue where the validation file is accessible and correctly configured, but Azure is still unable to verify the domain? Are there any backend validation logs, known issues, or additional checks that can be performed?

Any guidance would be appreciated.

Azure DNS
Azure DNS

An Azure service that enables hosting Domain Name System (DNS) domains in Azure.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alex Burlachenko 22,925 Reputation points MVP Volunteer Moderator
    2026-06-25T13:15:55.4033333+00:00

    hi Devesh Tiwari & thx for sharing urs issue here at Q&A portal,

    If the file is public and looks correct, I’d check the exact app/domain relationship next.

    For Publisher Verification, the applicationId in microsoft-identity-association.json has to match the Application/client ID of the app registration being verified, not the object ID and not another app in the tenant. Easy thing to miss.

    The file should be reachable exactly here https://avistais.com/.well-known/microsoft-identity-association.json

    & MS doc https://learn.microsoft.com/en-us/entra/identity-platform/howto-configure-publisher-domain

    A few things that can still break validation even when browser/curl works

    applicationId mismatch

    redirect before the JSON is served

    WAF/CDN blocking Microsoft validation user agent/IPs

    wrong content-type or extra HTML wrapper from hosting

    cert chain issue from Microsoft’s validator path

    apex domain vs subdomain mismatch

    stale publisher/domain state in Partner Center or Entra backend

    I’d test with

    curl -I https://avistais.com/.well-known/microsoft-identity-association.json

    curl -L https://avistais.com/.well-known/microsoft-identity-association.json

    Make sure there’s no 301/302 chain to another host, no auth/cookie challenge, no bot protection page, and the final body is raw JSON only. Since Partner Center already shows the domain verified, this may be a Publisher Verification backend sync issue between Partner Center/MPN and Entra app registration. Best move is open a Microsoft Entra ID / App registrations support case w/ tenant ID, app/client ID, publisher domain, Partner Center verification proof, the validation URL, and UTC timestamps of failed attempts. Ask them to check backend publisher-domain validation logs for that app. The portal doesn’t expose those logs, unfortunately.

    rgds,

    Alex

    &

    If my answer was helpful pls mark it and additional thx if u follow me at Q&A portal

    and at my blog https://ctrlaltdel.blog/

     

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.