Deploy signed powershell scripts

%3CLINGO-SUB%20id%3D%22lingo-sub-1482748%22%20slang%3D%22en-US%22%3EDeploy%20signed%20powershell%20scripts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1482748%22%20slang%3D%22en-US%22%3EWhat%20is%20the%20best%20way%20to%20deploy%20signed%20powershell%20scripts%20with%20Microsoft%20365%20and%20Intune%3F%20Is%20it%20possible%20to%20sign%20the%20scripts%20with%20a%20self%20signed%20certificate%20which%20is%20rolled%20out%20by%20Intune%20to%20the%20clients%3F%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1482748%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1485031%22%20slang%3D%22en-US%22%3ERe%3A%20Deploy%20signed%20powershell%20scripts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1485031%22%20slang%3D%22en-US%22%3EYou%20need%20to%20sign%20the%20PS%20with%20trusted%20publisher%20not%20Self%20Signed%2C%20then%20use%20Intune%20PS%20script%2C%20under%20Devices-%26gt%3BWindows-%26gt%3B%20PS%20Scripts.%3CBR%20%2F%3E%3CBR%20%2F%3ERemember%20to%20hit%20Yes%20on%20Enforce%20Script%20Signature%20Check.%3C%2FLINGO-BODY%3E
Highlighted
New Contributor
What is the best way to deploy signed powershell scripts with Microsoft 365 and Intune? Is it possible to sign the scripts with a self signed certificate which is rolled out by Intune to the clients?
2 Replies
Highlighted
You need to sign the PS with trusted publisher not Self Signed, then use Intune PS script, under Devices->Windows-> PS Scripts.

Remember to hit Yes on Enforce Script Signature Check.
Highlighted

Hey @Rbovenkamp,

 

normally you are going to purchase a code signing certificate from a public CA and sign your scripts with that. This certificate and signatures are trusted as the public CA root cert is most likely trusted in root cert store on your clients. You could also create code signing certificates with an internal Enterprise CA. When your clients have the internal root CA in their root ca certificate store they can validate the certificate chain and everything should be okay. 

 

best,

Oliver