This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 61%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKV%3C/text%3E%3C/svg%3E)
Starting March 26, 2026, Azure Trusted Signing began using two new intermediate certificate authorities; Microsoft ID Verified CS AOC CA 03 and Microsoft ID Verified CS EOC CA 04. Since that date, every executable we sign gets flagged by Windows Defender SmartScreen as an "unrecognized app."
Nothing changed on our end. We're using the same Public Trust signing profile, the certificate chain validates correctly, and timestamps are in place. The only difference is the intermediate CA. Builds signed under the older CAs (AOC CA 01/02, EOC CA 01/02) never had this problem.
It looks like Microsoft rolled out these new CAs without carrying over the SmartScreen reputation. Is anyone else running into the same issue, and is there any word on a fix or expected timeline for resolution?
A fully managed end-to-end service for digitally signing code, documents, and applications. (formerly Trusted Signing)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 3%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGN%3C/text%3E%3C/svg%3E)