Oct 16 2019 01:57 AM
Hi, we are starting to get applications delivered from our vendors as MSIX packages. Then certificates they are signed with play a role I guess.
How will this work? Which certificates should be used, to avoid end customers to have to add lots of certificates?
Oct 17 2019 08:29 AM
Here is a list of trusted certificates that are included in Windows: https://docs.microsoft.com/en-us/security/trusted-root/participants-list
If you (or a vendor) are repackaging they can use any one of these authorities without needing to add new root certificates. If the apps are being repackaged you can also leverage a root from your Azure AD tenant. More details here: https://docs.microsoft.com/en-us/windows/msix/package/signing-package-device-guard-signing
Using Azure AD tenant does require the 20H1 insider SDK.
John