Forum Discussion

Rbovenkamp's avatar
Rbovenkamp
Copper Contributor
Jun 23, 2020

Deploy signed powershell scripts

What is the best way to deploy signed powershell scripts with Microsoft 365 and Intune? Is it possible to sign the scripts with a self signed certificate which is rolled out by Intune to the clients?
  • Moe_Kinani's avatar
    Moe_Kinani
    Bronze Contributor
    You need to sign the PS with trusted publisher not Self Signed, then use Intune PS script, under Devices->Windows-> PS Scripts.

    Remember to hit Yes on Enforce Script Signature Check.
  • Hey Rbovenkamp,

     

    normally you are going to purchase a code signing certificate from a public CA and sign your scripts with that. This certificate and signatures are trusted as the public CA root cert is most likely trusted in root cert store on your clients. You could also create code signing certificates with an internal Enterprise CA. When your clients have the internal root CA in their root ca certificate store they can validate the certificate chain and everything should be okay. 

     

    best,

    Oliver

Resources