Microsoft Technical Takeoff: Windows and Microsoft Intune
Oct 24 2022 07:00 AM - Oct 27 2022 12:00 PM (PDT)

Device Guard v2 not working properly

Occasional Contributor



I'm testing the new Device Guard v2 signing feature. I can successfully sign the packages, but unable to install them. I've downloaded and imported the device guard root cert to all imaginable certificate stores without any luck following this article -


Windows 10 20H2.

4 Replies

Hi @xenappblog 


To obtain the root certificate of Device Guard Signing version 2: 

1. use the NuGet package: NuGet Gallery | Microsoft.Acs.Dgss.Client 1.0.4 

2. use the “Get-RootCertificate” command to obtain the root certificate


If you are still having issues please let us know. We will update our documentation accordingly. 


Thank you, 



No lucky, please advice

Hi @xenappblog 


Please go the downloaded package folder and use the “Get-RootCertificate” command as follows in the Read me. 








@Dian Hartono 
Im having similar issues
ive managed to get the Microsoft.Acs.Dgss.Client module imported and running.

i have followed the instructions listed here: Register your app in the Azure Portal to configure the app registration


when i run "Get-RootCertificate -OutFile C:\Temp\rootcert.cer -appid <App Client GUID>"

after signing in, i get an error stating that the reply URL is wrong, but that URL is not listed in the app registration documentation