Azure Code Signing is a service provided by Microsoft that enables software developers to securely “sign” their code using digital certificates.
When code is signed with a digital certificate, it provides an assurance that the code (any code – Windows executables, PowerShell scripts, and Java code…) has not been tampered with or modified since it was signed. This helps to prevent unauthorized modifications to software code and provides greater security and trust for end-users.
More and more software developers are using ACS to ensure their code has not been tampered with. For instance Sophos is REQUIRING Azure Code Signing as of April 2023.
Here is a small graphic from Microsoft that explains a bit more:
To get Azure Code Signing to work, operating systems need two things:
- Security roll ups that were released through Windows Update in September of 2021, so virtually every Windows computer on the planet should have that by now
- A root certificate named “Microsoft Identity Verification Root Certificate Authority 2020” , which any computer that is Connected to the Internet, we’ll get automatically when needed
Any computers that do not have Internet access can have that certificate installed manually but I don’t think that’s a problem for most companies (or people!)