# Scappman PowerShell Certificate ## Certificates To help our customers create secure environments, Scappman signs all the PowerShell scripts it creates. The public key of our Code Signing certificate can be found at the bottom of this paragraph. By adding this certificate to the Trusted Publishers local machine certificate store you can set your PowerShell ExecutionPolicy to AIISigned, which will only allow scripts that have been signed by a Trusted Publisher to run.

For more information about PowerShell ExcutionPolicy, refer to the [Microsoft Docs](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.3). In case you want to implement this, check out our [guide](#how-to-enable-execution-policy-and-trust-the-certificate) down below *** {% hint style="warning" %} It is crucial to keep both certificates on your machines as some of the current packages, which are already pushed in your Intune tenant, are still signed with the old certificate. {% endhint %} **New** Certificate (For packages deployed starting 03/10/2024): {% file src="/files/S3rfFNfx455BaA8ynhbL" %} Certificate (For packages deployed until 03/10/2024) : {% file src="/files/lT23VYG9daHtrtF0m1ym" %} *** ## How-To: Enable **Execution Policy and trust the certificate** ### **PowerShell ‘AllSigned’ Execution Policy Overview** Enabling the ‘AllSigned’ Execution Policy in PowerShell enhances IT security by requiring all scripts and configuration files to be signed by a trusted publisher before execution. Key benefits include: * **Enhanced Security**: Reduces the risk of running malicious or unauthorized code. * **Integrity Assurance**: Ensures scripts haven’t been tampered with, supporting compliance with security standards. * **Accountability**: Tracks the origin of scripts, providing greater control over the IT environment. * **Trust Management**: Establishes trusted relationships with script publishers, allowing only verified scripts to be executed. By implementing this policy, Scappman helps you create a secure environment, protect your data, and maintain the reliability of your IT operations. ### You can configure the ALL Signed policy in Intune with the following Administrative Template.

### How to import a certificate into the Trust Publishers Root folder 1. Download the New Certificate

2. Get the thumbprint of the certificate

3. Create custom Intune profile setting

4. Fill in required information. Fill in Name by your choice. Construct OMA-URI: ./Device/Vendor/MSFT/RootCATrustedCertificates/TrustedPublisher/**!Placethumbprintnumberhere!**/EncodedCertificate Open newest certification and copy paste into "String Value". {% hint style="info" %} See step 2 for Thumbprintnumber {% endhint %}

5. Assign policy to your devices.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://support.scappman.com/applications/scappman-powershell-certificate.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.