By Jason Sandys – Sr. Program Manager | Microsoft Intune
Two significant actions on Windows devices require code-signing using a trusted, code-signing certificate:
Third-party application u...
Updated Nov 11, 2024
Version 10.0
Blog Post
Jason_Sandys thanks for confirming the as-designed behavior, i will stop banging my head against that wall. This is for a small home lab so i can do that easily (there is only me!). (oops this is alexbal, wasn't paying attention to which account i was using)
However it occurred to me that in an IT pro shop when scripts change a lot, by many individuals, one would have to implement a secrets vault and make signing hard to use the one long lived cert and if the cert was compromised or more likely an admin went rogue one has to re-sign everything.
If one could issue per-admin code signing certs then just the rogue admin's certs could be revoked. But for this to be feasible from a management perspective one wouldn't want to distribute potentially hundreds of certs - especially for machines nor domain joined.... (i only learnt about the intune cert connector today, and have no clue how that would work on say, linux). Was just a thought, can't help being a PM 🙂