Jump to content
Angus Robertson

Microsoft Trusted Signing service

Recommended Posts

> Have you set the environment variables AZURE_TENANT_ID, AZURE_CLIENT_ID and AZURE_CLIENT_SECRET?

 

Yes.

 

I do not have the last one "App". Went back over the step #5 instruction (https://melatonin.dev/blog/code-signing-on-windows-with-azure-trusted-signing/#step-4-create-an-app-registration) and now have a "Trusted Signing Certificate Profile Signer" with "App" as the type.

And drum roll.

 

Submitting digest for signing...

OperationId xxxx: InProgress

Signing completed with status 'Succeeded' in 192.2221622s

Successfully signed: C:\apptest.exe

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0

Thank you very much Fred Ahrens.

Thank you Sudara for your blog post.

Share this post


Link to post
4 minutes ago, Fred Ahrens said:

Easy. Isn't it? :classic_biggrin:

Indeed.

 

What is the normal time needed for a successful signing? > 1 minute ? more?

Share this post


Link to post

On our systems it takes between 2 to 4 seconds per file. Hard to say what might have an influence on this duration. 

It may depend on the region where your signing account is located. We use West Europe.

Internet speed could also be an important variable in this game.

Share this post


Link to post
4 minutes ago, Fred Ahrens said:

On our systems it takes between 2 to 4 seconds per file. Hard to say what might have an influence on this duration. 

It may depend on the region where your signing account is located. We use West Europe.

Internet speed could also be an important variable in this game.

Thanks. Yeah, time of day might have a big impact.

Share this post


Link to post
On 5/31/2024 at 8:57 AM, Mark- said:

Thanks. Yeah, time of day might have a big impact.

Just a follow up and a new question.

The time can be a couple of seconds or 191 seconds. When the automated build runs it signs about 20 files. All 20 are 2-4 seconds or all are 191 seconds. Go figure.

 

On another note, I received an email "Action required: Enable multifactor authentication for your tenant by 15 October 2024"

 

We are paying a monthly fee for the code signing service and everywhere I searched the system wants me to sign up for some other "premium" service. I have not found a location to active MFA for the code signing service.

 

Any ideas?

 

Share this post


Link to post
51 minutes ago, Mark- said:

I have not found a location to active MFA for the code signing service.

The e-mail that you received from MS is related to your Azure account, not to code signing. The e-mail should also contain links to the place where you can enable MFA.

Share this post


Link to post
3 minutes ago, Fred Ahrens said:

The e-mail should also contain links to the place where you can enable MFA.

Which in itself could be a phishing attempt. Just saying.

Share this post


Link to post
19 minutes ago, Fred Ahrens said:

The e-mail that you received from MS is related to your Azure account, not to code signing. The e-mail should also contain links to the place where you can enable MFA.

Yeah that is what I thought but, no links lead to it. Most links lead to documentation.

The one link that gets you to:

image.png.fefc8c72d725775e009de609aba01dde.png

 

Selecting Multifactor authentication takes you to:

 

image.thumb.png.46605b0563fa039ed4a3fd6cac70e20c.png

 

"Get Free Premium Trial":

image.thumb.png.f9be0721437d2e3877b27d93968093f0.png

 

Confused.

15 minutes ago, dummzeuch said:

Which in itself could be a phishing attempt. Just saying.

That was might first thought. So I checked it out and it is legit.


 

 

 

Share this post


Link to post

I got the same email and also see the "get a free preimium trial to use this feature" message. Typical Microsoft bait and switch - suck you in with what seems like a low priced offering, only to force another down your throat. So to use azure now in any form, you need to pay AU$9 per user per month just for Entra ID (previously Azure Active Directory). 

Share this post


Link to post

Interesting how there is no mention that to use MFA you need to pay for Entra - so they have quietly just raised the cost of entry for Azure.

Share this post


Link to post

My Microsoft account already uses 2FA (Microsoft Authenticator). I've been browsing Azure to see if I need to do anything else, but not found anything yet. Rather hope I'm covered and there are no additional costs. I've not received an email about this yet.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×