Need some clarity in how offical vendor should sign their applications

New Contributor

Hi, we are starting to get applications delivered from our vendors as MSIX packages. Then certificates they are signed with play a role I guess. 


How will this work? Which certificates should be used, to avoid end customers to have to add lots of certificates?

1 Reply



Here is a list of trusted certificates that are included in Windows:  https://docs.microsoft.com/en-us/security/trusted-root/participants-list


If you (or a vendor) are repackaging they can use any one of these authorities without needing to add new root certificates.   If the apps are being repackaged you can also leverage a root from your Azure AD tenant.  More details here: https://docs.microsoft.com/en-us/windows/msix/package/signing-package-device-guard-signing


Using Azure AD tenant does require the 20H1 insider SDK.



Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies