Using a Custom Configuration Policy to Deploy a Patch My PC Certificate
Applies to: Patch My PC Cloud
Overview
A custom configuration policy is the recommended method for deploying Patch My PC (PMPC) code-signing certificates to Intune-managed devices.
This method installs the Patch My PC public code-signing certificate into the local Trusted Publishers certificate store on targeted devices. This allows PowerShell to trust scripts and modules signed by Patch My PC when an AllSigned execution policy is used.
In environments using Windows Defender Application Control (WDAC), AppLocker, or similar application control policies, additional policy configuration may also be required to trust or allow the relevant Patch My PC signer.
The steps below use a custom configuration profile in Intune. For each certificate, the profile creation process is the same, but the OMA-URI and Base64-encoded certificate value are different.
Choose the Certificate(s) to Deploy
Patch My PC uses separate code-signing certificates for different signed components. Select the certificate that matches the content you need devices to trust, then use the corresponding tab in the Create a Custom Configuration Profile section.
Important
The values used in the custom configuration profiles below reflect the current Patch My PC code-signing certificates used for newly signed content.
If you are implementing an AllSigned execution policy, WDAC, AppLocker, or similar application control policy after applications have already been deployed, some existing deployed content may have been signed with a previous Patch My PC certificate. In that instance, you may also need to deploy the relevant archived certificate so previously deployed scripts or modules remain trusted.
When deploying an archived certificate with a custom configuration profile, the OMA-URI and Base64 certificate value must match the archived certificate. Use the archived certificate .cer file to identify the certificate thumbprint used in the OMA-URI, and use the archived import script to obtain the Base64-encoded certificate value.
More information about archived certificates and scripts is available from the Download Patch My PC Code-Signing Certificates page.
Create a Custom Configuration Profile
Follow the steps below to create a custom configuration profile in Intune. The profile settings are the same for each Patch My PC code-signing certificate, but the OMA-URI and Base64 certificate value are different for each certificate.
“Create a Profile” tab
Platform
Windows 10 and later
Profile type
Templates > Custom
“Basics” tab
Name
A descriptive name for the policy. E.g. “Patch My PC Cloud Trusted Publisher Certificate”`
Description
Enter an optional description for the policy
“Configuration Settings” tab
Note
The OMA-URI is built using the certificate thumbprint value. When deploying a different Patch My PC certificate, make sure the thumbprint in the OMA-URI matches the certificate you are deploying.
Name
Enter a descriptive name for the OMA-URI setting e.g. “Patch My PC Cloud Trusted Publisher Certificate”
Description
Enter an optional description for the policy
OMA-URI
./Device/Vendor/MSFT/RootCATrustedCertificates/TrustedPublisher/E2806E45DDA692221BED082D072BAF5973FBC466/EncodedCertificate
Data type
String
Value
MIIHSTCCBTGgAwIBAgIQCCFR6ulgpnd5CTnQhq7j0TANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRydXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0IDIwMjEgQ0ExMB4XDTI0MDYwNTAwMDAwMFoXDTI3MDYwNDIzNTk1OVowgdExEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIQ29sb3JhZG8xHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRQwEgYDVQQFEwsyMDEzMTYzODMyNzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCENvbG9yYWRvMRQwEgYDVQQHEwtDYXN0bGUgUm9jazEZMBcGA1UEChMQUGF0Y2ggTXkgUEMsIExMQzEZMBcGA1UEAxMQUGF0Y2ggTXkgUEMsIExMQzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAI4L1foPMR+0UKjzSsQZzLOdoKNJXO9EVFR1j+iVYzQA7wrEe9pwfgns3Bs9NDf9VcIGAcPdApOB46weoZWNE1P8pPhL2V42dh96c/eHUadCCXrv6gPMguKKh0CiaHATdQjAG+GmPwAETrW0gwWRvhQbbLoLYiBnW6z72a0rZ2NUv1s9aXd5sq42PMIiflL/hqWEoXD9clvDERPfAStHbxZwEXJ3EpsI9Y9N7O5hd+PGnskLUTQfs5dt03HWhgCDI0mlXdi02LI2Zem4r5iRzt5NGY0b3sp5E10lC5v8KWgf5VfmjNdV875ILJ6sfEyfvIFwiVn/Q9/UWVklzwVRHPXK9NUO5YXWG792OhKK0KXlLXN1VzrppbAWUZMICEa8a8h6JM9/8071dlcwST2cY20plbXpS9tVxK/6E/YCN9Fopz2+F3dNeeW7okXd2q8Ez90uOKZuj4fZkozrmM+/hGzOVRFFV23XinJDvMI7/I52At48tLE1CLoL4zalnJUQWwIDAQABo4ICAjCCAf4wHwYDVR0jBBgwFoAUaDfg67Y7+F8Rhvv+YXsIiGX0TkIwHQYDVR0OBBYEFICQ/SZIAGMkmdGRtx9TQIMONAEmMD0GA1UdIAQ2MDQwMgYFZ4EMAQMwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzCBtQYDVR0fBIGtMIGqMFOgUaBPhk1odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQwOTZTSEEzODQyMDIxQ0ExLmNybDBToFGgT4ZNaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25pbmdSU0E0MDk2U0hBMzg0MjAyMUNBMS5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wXAYIKwYBBQUHMAKGUGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNIQTM4NDIwMjFDQTEuY3J0MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggIBALlBqZymgkuENodf7tC1viaTZFFzAeuR9DO9u36GeFy4iZ3tKJ4IKznvVGRNYb2F5UTFHTDE0rgJPF+w0w8dnT6R2MB2aXzvyV4MBmezgPIhbx/y1h+M72wLkydNSLt0PJkw8R0BE4M794lZnh8Vmh3/bpfjIq8NYXYx/fNiIwiud8+kLcLsJ53qO2W0nytZh22HccJSXKOaxQxMdBSieV+ff150Q0AKvse87/ZscY3QnTKgPHqhDFGgeVQpCOXayaWWbluVYo5eeVsN+k36QkXDaGctpvEd4pbelMIN3DonD1NrL3Cp1YT5eMs7D9LUp+5SoOkVBj9+b6j5fNHVH+Fwx1F+ATejXO3BB+mt8WkFRQgREwp01UVD2gPtcj8KnY1IIgYGAogB7UraIXXTxJxhUXeSZNW1HpWaa/K7skUUlsYv/4PJTgAB5yvG5ZDJBi9M58MFAzmlH4qdrJRbxMuK9AxAqJKjGwm7B4AZeivSDnhC0UQ0g29tfOLzGXx0AfrdcAnn1U8bCzHg5Qc+Xy1Y6Ybx6MYLvFALS3Q++Rc05INimwTgM8F0PW9Ch7g88zXwad3p0CJrXdfU/b3SdLEcf2e62qM+//+15aVIuClYeam8oC58q+Rfefn5eG3hKpyHzmQdzlSpVbR/9eRRO2kXESPuAL7Xo0sZW8IVSRtM
“Scope tags” tab
Configure as required.
“Assignments” tab
Assign the configuration template to the desired Entra ID group(s).
“Applicability Rules” tab
Configure any desired applicability rules.
“Review + create” tab
Double-check everything before clicking Create.
“Create a Profile” tab
Platform
Windows 10 and later
Profile type
Templates > Custom
“Basics” tab
Name
A descriptive name for the policy. E.g. “Patch My PC Apps Trusted Publisher Certificate”`
Description
Enter an optional description for the policy
“Configuration Settings” tab
Note
The OMA-URI is built using the certificate thumbprint value. When deploying a different Patch My PC certificate, make sure the thumbprint in the OMA-URI matches the certificate you are deploying.
Name
Enter a descriptive name for the OMA-URI setting e.g. “Patch My PC Apps Trusted Publisher Certificate”
Description
Enter an optional description for the policy
OMA-URI
./Device/Vendor/MSFT/RootCATrustedCertificates/TrustedPublisher/1762FEC55A0324EA1B3345C01D3237EEAF098373/EncodedCertificate
Data type
String
Value
MIIHyTCCBbGgAwIBAgIQCUGFLDEub3esx3RE1rIuRjANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRydXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0IDIwMjEgQ0ExMB4XDTI2MDMxMTAwMDAwMFoXDTI3MDQzMDIzNTk1OVowgdExEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIQ29sb3JhZG8xHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRQwEgYDVQQFEwsyMDEzMTYzODMyNzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCENvbG9yYWRvMRQwEgYDVQQHEwtDYXN0bGUgUm9jazEZMBcGA1UEChMQUGF0Y2ggTXkgUEMsIExMQzEZMBcGA1UEAxMQUGF0Y2ggTXkgUEMsIExMQzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYWuaFOfSJ2iMnt3nVgLc4mOcOO1Z3+7WIa0qv7/rVcMNDS6+u3nLN3T75wfiEgVG8jleToh7oZa5H8MiI1mEweeZVTHUv/1eRQen8oDB3CR5i1OfoPKFypvGKV3jZCZJhoKhPPm2nP32JmpxqtBDxzzmP/o4y3fXaKLFkP84FwaiSmSWWeTK9CedeJvj6Fe0Ku3KiZFNTznsl+Q9kpR0cqTxYSU+L0+0geOhag1CRMgVR6o424AOBVxOFrtxAqAemFwqGplP4YcgI3IeIvt5wGs0aCjH1ml3ZduXzjla9etvIjCnFvBXryewtOXE0Dt9pcQN1Iy7i6rA0sTyFwRR8RO8BnQDXGqcWsREU91dDTF+Uq5lVIsNqTmZgqlvoKZxGUKsGPxJePs0zVA8RPExuxaSeeYXGFyP+YGQMhN0FekEmdIoHbEvDMLx5lOqVhDuAOqghwQAm/891IMhVFsIH1PzOIuYhgEAyMpjW08zIwj6Qbj6kKFp2wPrji0qXPNRfIe/C9sc67PCu/CrxSwysbbvBADq5bidmuBpiZVstNKKRiFNVzNXu3FO4ePw7pbYTzstUvpM+e0umRcLVPJEneOoFcMr4yPO9pCpw6APARM1NGQsE4yzLcHIKEIp9bpl7it2bOoErk4+KiEnctPsqnZbMmr0ZfjwLrK0D1bAYPAgMBAAGjggICMIIB/jAfBgNVHSMEGDAWgBRoN+Drtjv4XxGG+/5hewiIZfROQjAdBgNVHQ4EFgQUSwvURs71qBAFSCCp+wDYicgjpVAwPQYDVR0gBDYwNDAyBgVngQwBAzApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMIG1BgNVHR8Ega0wgaowU6BRoE+GTWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNIQTM4NDIwMjFDQTEuY3JsMFOgUaBPhk1odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQwOTZTSEEzODQyMDIxQ0ExLmNybDCBlAYIKwYBBQUHAQEEgYcwgYQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBcBggrBgEFBQcwAoZQaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25pbmdSU0E0MDk2U0hBMzg0MjAyMUNBMS5jcnQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAgEAH5lNvUFVkHQWIby+gePVfooOQdPaJp7IG3NyU5gamREO5swPO2gSH+RKVhjhoez6Lsg4AvQktpYFo3F/j4E5TlNT/pMGwGqs3DeT+R5JZeGQobxMbqBs6TcWW8LVVqKj0zAvqQ4IhyeUhfD4MiCp7jEVt7dRhvp3wtBmqkcIH3zJPufM6CJop8TwHiV2oyv9k8wVnVFXWTdUbyWoilkXZnaFe97mBxEyf++iEL81Bi41Oyc7OK4UcD7Dh3QECF1E+6QUxG81ykpha1+/AVb0rPxiUl9cpWzs/TfgZjTwxY/z0ZI0vyM/Ut01xrFPVXBqjaR8OxOAzjgGjcTykbSd7UoJP2MEeaL9SKRlrNeSieD29+DsuZaqhfkF5JGWyaDhqWShmos9uwG5PEYf+4FOX6iZquQD4cVlhzOBVomrcYH+e97vPmgmRMp+hGZX66eDNswvjazFvUZclDIDe3rDwHDhvvrXzyprFmIrhnSZkCQzle3sjVSCVHojUQV3G+BliKhUEf/h4KjGLCAB3eenuyTY4c04ttjkst6mL9us+hnhmJbTJy4k/H3XMVJvJJgxtDWsd/XqUPYM/0N1r+g3rJ53zbmBhtqvTQ/NwOOqU9nOz4IiZiobTnmd9kPPCKn4G7T0BpPMexg168qQ1vbUjTBN1Zlq5F1VgdSPepuUCXA=
“Scope tags” tab
Configure as required.
“Assignments” tab
Assign the configuration template to the desired Entra ID group(s).
“Applicability Rules” tab
Configure any desired applicability rules.
“Review + create” tab
Double-check everything before clicking Create.
“Create a Profile” tab
Platform
Windows 10 and later
Profile type
Templates > Custom
“Basics” tab
Name
A descriptive name for the policy. E.g. “PSAppDeployToolkit Module Trusted Publisher Certificate”`
Description
Enter an optional description for the policy
“Configuration Settings” tab
Note
The OMA-URI is built using the certificate thumbprint value. When deploying a different Patch My PC certificate, make sure the thumbprint in the OMA-URI matches the certificate you are deploying.
Name
Enter a descriptive name for the OMA-URI setting e.g. “PSAppDeployToolkit Module Trusted Publisher Certificate”
Description
Enter an optional description for the policy
OMA-URI
./Device/Vendor/MSFT/RootCATrustedCertificates/TrustedPublisher/06A30284EAA7D941557778FDB215FB5010455C90/EncodedCertificate
Data type
String
Value
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlIU1RDQ0JUR2dBd0lCQWdJUUN2bGJ0cjZpRElVT21NYjdqcXdJK1RBTkJna3Foa2lHOXcwQkFRc0ZBREJwDQpNUXN3Q1FZRFZRUUdFd0pWVXpFWE1CVUdBMVVFQ2hNT1JHbG5hVU5sY25Rc0lFbHVZeTR4UVRBL0JnTlZCQU1UDQpPRVJwWjJsRFpYSjBJRlJ5ZFhOMFpXUWdSelFnUTI5a1pTQlRhV2R1YVc1bklGSlRRVFF3T1RZZ1UwaEJNemcwDQpJREl3TWpFZ1EwRXhNQjRYRFRJME1Ea3dOVEF3TURBd01Gb1hEVEkzTURrd056SXpOVGsxT1Zvd2dkRXhFekFSDQpCZ3NyQmdFRUFZSTNQQUlCQXhNQ1ZWTXhHVEFYQmdzckJnRUVBWUkzUEFJQkFoTUlRMjlzYjNKaFpHOHhIVEFiDQpCZ05WQkE4TUZGQnlhWFpoZEdVZ1QzSm5ZVzVwZW1GMGFXOXVNUlF3RWdZRFZRUUZFd3N5TURFek1UWXpPRE15DQpOekVMTUFrR0ExVUVCaE1DVlZNeEVUQVBCZ05WQkFnVENFTnZiRzl5WVdSdk1SUXdFZ1lEVlFRSEV3dERZWE4wDQpiR1VnVW05amF6RVpNQmNHQTFVRUNoTVFVR0YwWTJnZ1RYa2dVRU1zSUV4TVF6RVpNQmNHQTFVRUF4TVFVR0YwDQpZMmdnVFhrZ1VFTXNJRXhNUXpDQ0FhSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnR1BBRENDQVlvQ2dnR0JBTHNuDQpjWktOaDY1ZXJBRFNWSTMzY3FTait0S2dSK1JKSVgya1VBSjUvbnQ3NE5ubFhHNGhGaUk1YXpHTTd5dHJJRGpBDQpXOEJubTZnRkVaQlpsQWlnM1JzWE1TbnJsM1dsengxanlzSE5sbzJBaFdvNjEraDZING9zRGN6Z25TK2xST0R3DQowSVQwVWUwaUhUVFJVcThlUXVHUXpkVStqaC9zblYreEVCZlBqUVZEUjBXeEZYWmZvZlIrUUhzY2V0Mm4ydk03DQp0NFB4bDVic2x5bTIvaVI3WURTV2xJQmJoVGtVOGNOVXp1cWgva3VoNjZhWC9VSEFCWnJ1TVJyWkhOaFVvWUw5DQpEWUZqRFJnMmFpYS82UGJLaWRyWFdtUnc4cStoL0Q3MlBIb0tGTElSZTNISUJHTFJCSFFmVWtVZkpsVUlwTmNPDQphQms0dzFveDQvdkk0RTZjNVhyVWNzS2JaUDV2RDNvVlFUZko3YXFFbmJ5eTNMa0ZjNXJqeTh6ZjRyaW9lYkdYDQpscjZqempRS1hCSjJYRGphVjNtOG9sRDV4SGo2K2EyUUZPNFRJek1ObVQ1MEpUSEd4cjdZRDlxb3U1dG45NWx4DQpXTVZvNVNnc1dnS1dCM3FraFhsZ3ZNek96bUM5aDVXZmhyaXVGeHZJeWxST3JGa2x2VnBQM1p0THlXMnJMd0lEDQpBUUFCbzRJQ0FqQ0NBZjR3SHdZRFZSMGpCQmd3Rm9BVWFEZmc2N1k3K0Y4Umh2ditZWHNJaUdYMFRrSXdIUVlEDQpWUjBPQkJZRUZPUmdsTjBoS25pRzRZV1BYc2xOQzNFeU8rVi9NRDBHQTFVZElBUTJNRFF3TWdZRlo0RU1BUU13DQpLVEFuQmdnckJnRUZCUWNDQVJZYmFIUjBjRG92TDNkM2R5NWthV2RwWTJWeWRDNWpiMjB2UTFCVE1BNEdBMVVkDQpEd0VCL3dRRUF3SUhnREFUQmdOVkhTVUVEREFLQmdnckJnRUZCUWNEQXpDQnRRWURWUjBmQklHdE1JR3FNRk9nDQpVYUJQaGsxb2RIUndPaTh2WTNKc015NWthV2RwWTJWeWRDNWpiMjB2UkdsbmFVTmxjblJVY25WemRHVmtSelJEDQpiMlJsVTJsbmJtbHVaMUpUUVRRd09UWlRTRUV6T0RReU1ESXhRMEV4TG1OeWJEQlRvRkdnVDRaTmFIUjBjRG92DQpMMk55YkRRdVpHbG5hV05sY25RdVkyOXRMMFJwWjJsRFpYSjBWSEoxYzNSbFpFYzBRMjlrWlZOcFoyNXBibWRTDQpVMEUwTURrMlUwaEJNemcwTWpBeU1VTkJNUzVqY213d2daUUdDQ3NHQVFVRkJ3RUJCSUdITUlHRU1DUUdDQ3NHDQpBUVVGQnpBQmhoaG9kSFJ3T2k4dmIyTnpjQzVrYVdkcFkyVnlkQzVqYjIwd1hBWUlLd1lCQlFVSE1BS0dVR2gwDQpkSEE2THk5allXTmxjblJ6TG1ScFoybGpaWEowTG1OdmJTOUVhV2RwUTJWeWRGUnlkWE4wWldSSE5FTnZaR1ZUDQphV2R1YVc1blVsTkJOREE1TmxOSVFUTTROREl3TWpGRFFURXVZM0owTUFrR0ExVWRFd1FDTUFBd0RRWUpLb1pJDQpodmNOQVFFTEJRQURnZ0lCQUtnTkxtLzRwVElIU0x6SWdYbGdhSWpNWHVUaUc1VG14aU81WHBuRDlsaEttaEFFDQpsdGRmOEZjQ1ZPdDJjSWJaRUdqVk9LMTQzK242c3VhVGxNNlVGNEdJMG1qdUEvd0RqQ1NoNWNxY2JKUmFtZjNXDQpLWExudHNSTngrNVpqdUNqMy9GY1Y3aFNGS295M3JWUHBKSWU2UDBPZGtXbTFRTGpxenhTcHptNHNjdFJ5TWRQDQorUmZrYmovY1lhcGcyM3pPNWVjMUFITGpnZ3BHTzI3cmlKeExJcWZRV1YxSWxXL0N1V3owZlVaT3c2R3JlQlVKDQpqZTlzWTJwSEJHVGpGUDc0TkdZRld2SjhaQVY3VmJJOFc3Sy9temc1OUhIWFJ5dFVCMW9wZno1cVFEWk1UZXgvDQpMWFFnR2ZHMDh5TDc3bmNVaTU3ZTdMRzIwQTVBTWpjTkc3UXgvakNyLzVmbFhHTWtCK2RXZWNVL1E3eHdwaEhlDQorK0c2R1pEOWhuMHhiNSsvNENFaEkwM1RybEJyTFhhNEVzSU5jeVQ2b0N1ODFzU3VQTVF1MnNLV3Q0TURyUGFaDQo4b3FoeHQ2OGZPUDBoMUlnQzlwWkpZN0E5M3Faa2NiRm5tWVdUV1BkOFJLVUIzdlN3YjZQN2VGVVkyYzZsTS9xDQpYeERENm5sLzRPZnBxVytHcWVtWmpTYmdHQ1JabE5DeUpBaTBEZlppbDR0U0pmVmxPb241OTcyTHJSakVpL3dYDQpYbGovdTN6T3pHUzRqdnRRU0xBWFVwbGVxV1ZVdHkwUVFNdDhDSlcxaSt2WnI4aXdqeUVPOCtIYlg3czhBdCtoDQpQWk5yNGMzb2cwUHBOWFJTUTBuY1V3M3JiSEpOQmJnOWFMNFlydG5HaStBWFJiQWxyRnp5ek1yN3VqcFcNCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCg==
“Scope tags” tab
Configure as required.
“Assignments” tab
Assign the configuration template to the desired Entra ID group(s).
“Applicability Rules” tab
Configure any desired applicability rules.
“Review + create” tab
Double-check everything before clicking Create.
Post Processing
Once the client processes the policy, the certificate appears as follows in its Trusted Publishers store.
Double-clicking the certificate allows you to see its properties.
Last updated
Was this helpful?