This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 85%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
During set up of the Identity verification on Trusted Signing we are being asked for domain purchase invoices and registry records. We are unable to provide these and we challenge that these are very insecure ways to verify domain ownership and require divulging more information than is needed (i.e. Microsoft doesn't need to know what domain registrar we use or what else was purchased at the same time, or how much we paid. This is all over-reach).
The rest of Azure uses TXT DNS domain records to prove CURRENT ownership, which is a much more secure way to do this.
Security risk: If I bought a domain 11 months ago and since sold it on, I can still be verified under this approach, even if I no longer have access to the domain. With the use of TXT DNS records I could not bypass this security check, making this option much more secure.
Please allow us to use TXT DNS records to verify domain ownership and not this inconsistent and insecure method.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Richard S Thank you for reaching out to us, As per our documentation - https://video2.skills-academy.com/en-us/azure/trusted-signing/quickstart?tabs=registerrp-portal%2Caccount-portal%2Ccertificateprofile-portal%2Cdeleteresources-portal Trusted Signing at this time can onboard only legal business entities that have verifiable tax history of three or more years by verifying the domain via txt record wont meet this requirement.
However tagging my colleague @Meha-MSFT for more information on the above ask.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 52%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Thanks for the feedback, we will share it with the team. However, at this moment the team can only process the request based on the documents required vs provided.
I understand this need but you've not asked for 3 years of tax documentation, you've asked for a purchase invoice within the last 12 months. Please advise what tax information we can provide.
As a business registered in England, UK, all our business filings are public and searchable on the Government's website: https://find-and-update.company-information.service.gov.uk/
Please advise what you need and we will provide it.
Dear @Givary-MSFT @Meha-MSFT
I understand the need for providing tax history but that's not what you've asked for, you've asked for a domain purchase invoice from the last 12 months.
As a business registered in England, all our business filings are public and searchable on the Government website: https://find-and-update.company-information.service.gov.uk/
Please advise what you need and we will provide it, but we will not provide invoices for domains for proof of ownership as these are not a valid way to prove ownership and these include a lot more information than we want (or should be asked to) share.