Blog Post

Microsoft Security Community Blog
2 MIN READ

Trusted Signing is in Public Preview

rakiasegev's avatar
rakiasegev
Icon for Microsoft rankMicrosoft
Apr 22, 2024

Trusted Signing has launched into Public Preview! The Trusted Signing service (formerly Azure Code Signing) is a Microsoft fully managed end-to-end signing solution for developers.  

 

What is the Trusted Signing service? 

Trusted Signing is a complete code signing service with an intuitive experience for developers and IT professionals, backed by a Microsoft managed certification authority. The service supports both public and private trust signing scenarios and includes a timestamping service. With Trusted Signing, users enjoy a productive, performant, and delightful experience on Windows with modern security protection features enabled such as Smart App Control and SmartScreen.  

 

The service offers several key features that make signing easy: 

  • We manage the full certificate lifecycle – generation, renewal, issuance – and key storage that is FIPS 140-2 Level 3 HSMs. The certificates are short lived certificates, which helps reduce the impact on your customers in abuse or misuse scenarios. 
  • We have integrated into popular developer toolsets such as SignTool.exe and GitHub and Visual Studio experiences for CI/CD pipelines enabling signing to easily integrate into application build workflows. For Private Trust, there is also PowerShell cmdlets for IT Pros to sign WDAC policy and future integrations with IT endpoint management solutions. 
  • Signing is digest signing, meaning it is fast and confidential – your files never leave your endpoint. 
  • We have support for different certificate profile types including Public Trust, Private Trust, and Test with more coming soon! 
  • Trusted Signing enables easy resource management and access control for all signing resources with Azure role-based access control as an Azure native resource. 

 

Figure 1: Creating a Trusted Signing Account

 

Trusted Signing Pricing  

We want to make this affordable for ISVs and developers in a way that allows the community of all demographics to be able to sign. While we have two pricing SKUs, basic and premium accounts, the initial Public Preview release is free until June 2024. The details of each SKU are outlined below: 

 

Model type 

Basic 

Premium 

Base price (monthly) 

$9.99 

$99.99  

Quota (signatures / month) 

5,000 

100,000 

Price after quota is reached 

$0.005 / signature 

$0.005 / signature 

Includes 
  • Public and Private Signing 
  • 1 of each Certificate Profile type 
  • Public and Private Signing 
  • 10 of each Certificate Profile Type 

 

Try out Trusted Signing today by visiting the Azure portal.

Updated Apr 19, 2024
Version 1.0
azure

45 Comments

Sort By
Show More
  • akhanmsft's avatar
    akhanmsft
    Icon for Microsoft rankMicrosoft
    Apr 25, 2024

    Would this support code signing for Java binaries like Jar files? I could not find references on MS Learn site,

  • rakiasegev's avatar
    rakiasegev
    Icon for Microsoft rankMicrosoft
    Apr 25, 2024

    We currently can only support broadly organizations with 3+ years of business history. We are working on broader support for young organizations and individual developers for Trusted Signing. 

  • mickiwForce's avatar
    mickiwForce
    Brass Contributor
    Apr 25, 2024

    i have no examples how to sign a file using the powershell module.

    The PS help says the below example, but how do i authenticate, wit hpop up credentials for example or specifi a Managed identity?

    $params = @{
    Endpoint = "https://wus2.codesigning.azure.net/"
    CodeSigningAccountName = "my-account"
    CertificateProfileName = "my-cert-profile"
    FilesFolder = "bin/Release/net6.0-windows10.0.19041.0/win10-x64/"
    FilesFolderFilter = "exe,dll"
    FileDigest = "SHA256"
    TimestampRfc3161 = "http://timestamp.acs.microsoft.com"
    TimestampDigest = "SHA256"
    }
    Invoke-TrustedSigning @params

     

  • Mike_at_Bookup's avatar
    Mike_at_Bookup
    Copper Contributor
    Apr 24, 2024

    "We want to make this affordable for ISVs and developers in a way that allows the community of all demographics to be able to sign"

    The community of all demographics? But really only the demographic that is a business with three years of tax history?

    I paid a lot of money for a Sectigo dongle for code signing. I'd love the $9.99 a month solution. But even Sectigo only allowed me to code sign as an individual, not as a business due to their overly picky rules for my business.

  • Eric_Lawrence's avatar
    Eric_Lawrence
    Icon for Microsoft rankMicrosoft
    Apr 23, 2024

    Per the docs, Trusted Signing is currently limited to businesses that have 3 years of tax history?