Deploy signed powershell scripts

Copper Contributor
What is the best way to deploy signed powershell scripts with Microsoft 365 and Intune? Is it possible to sign the scripts with a self signed certificate which is rolled out by Intune to the clients?
2 Replies
You need to sign the PS with trusted publisher not Self Signed, then use Intune PS script, under Devices->Windows-> PS Scripts.

Remember to hit Yes on Enforce Script Signature Check.

Hey @Rbovenkamp,


normally you are going to purchase a code signing certificate from a public CA and sign your scripts with that. This certificate and signatures are trusted as the public CA root cert is most likely trusted in root cert store on your clients. You could also create code signing certificates with an internal Enterprise CA. When your clients have the internal root CA in their root ca certificate store they can validate the certificate chain and everything should be okay.