From 1054703335712671416bc50d925a031778152db6 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 12 Feb 2026 19:40:03 +0000
Subject: [PATCH 1/4] Initial plan


From 6ac882eed36c2ac88930dc9905c6c294b4af962f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 12 Feb 2026 19:43:36 +0000
Subject: [PATCH 2/4] Add clarifications about Microsoft Store automatic code
 signing for MSIX packages

Co-authored-by: GrantMeStrength <1928855+GrantMeStrength@users.noreply.github.com>
---
 .../get-started-with-the-microsoft-store.md   | 19 +++++++++++++++++++
 .../msix/app-certification-process.md         |  2 +-
 .../msix/app-package-requirements.md          | 12 +++++++++++-
 3 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/hub/apps/publish/faq/get-started-with-the-microsoft-store.md b/hub/apps/publish/faq/get-started-with-the-microsoft-store.md
index 2e45027ac1..63fda6e31d 100644
--- a/hub/apps/publish/faq/get-started-with-the-microsoft-store.md
+++ b/hub/apps/publish/faq/get-started-with-the-microsoft-store.md
@@ -162,6 +162,25 @@ For general questions, you can also use Microsoft Q&A forums or check the Learn
 
 </details>
 
+---
+
+<details>
+<summary><strong>Does the Microsoft Store provide code signing for my app? Do I need my own code signing certificate?</strong></summary>
+
+Yes, the Microsoft Store provides **automatic code signing** for all apps submitted for Store distribution. You do not need to purchase or provide your own code signing certificate, .pfx file, .cer file, or use a USB token/hardware security module (HSM) to submit apps to the Microsoft Store.
+
+Here's how it works:
+
+- **For Store submissions:** When you submit your MSIX package to the Microsoft Store, you can upload an unsigned package (or a package signed with any certificate). After your app passes certification, the Microsoft Store automatically signs your package with a Microsoft certificate during the publishing process. This ensures customers can trust and install your app without security warnings.
+  
+- **What you need:** Only the package files (.msix, .msixupload, .msixbundle, .appx, .appxupload, or .appxbundle) are required for submission. No code signing certificate is needed.
+
+- **For non-Store distribution:** If you plan to distribute your MSIX package outside the Microsoft Store (for example, for enterprise deployment, sideloading, or direct downloads), you will need to sign the package yourself with a valid code signing certificate before distribution. For more information, see [Sign an app package using SignTool](/windows/win32/appxpkg/how-to-sign-a-package-using-signtool).
+
+This automatic signing is one of the key benefits of publishing through the Microsoft Store, as it eliminates the need to purchase and manage your own code signing infrastructure for Store distribution.
+
+</details>
+
 <br>
 
 > [!TIP]
diff --git a/hub/apps/publish/publish-your-app/msix/app-certification-process.md b/hub/apps/publish/publish-your-app/msix/app-certification-process.md
index b4b48f15d5..f41f9cb329 100644
--- a/hub/apps/publish/publish-your-app/msix/app-certification-process.md
+++ b/hub/apps/publish/publish-your-app/msix/app-certification-process.md
@@ -35,7 +35,7 @@ When your app passes certification, it's ready to move to the **Publishing** pro
 
 ## Publishing
 
-Your app's packages are digitally signed to protect them against tampering after they have been released. Once this phase has begun, you can no longer cancel your submission or change its release date.
+Your app's packages are digitally signed by Microsoft to protect them against tampering after they have been released. The Microsoft Store automatically signs all packages with a Microsoft certificate, which ensures that customers can trust and install your app without security warnings. This automatic signing process means you don't need to provide your own code signing certificate for Store distribution. Once this phase has begun, you can no longer cancel your submission or change its release date.
 
 The publishing process take a few minutes and on an average, customers will be able to see the app’s listing within 15 minutes depending on their location.
 
diff --git a/hub/apps/publish/publish-your-app/msix/app-package-requirements.md b/hub/apps/publish/publish-your-app/msix/app-package-requirements.md
index 546b12ab95..e8898231a7 100644
--- a/hub/apps/publish/publish-your-app/msix/app-package-requirements.md
+++ b/hub/apps/publish/publish-your-app/msix/app-package-requirements.md
@@ -27,7 +27,17 @@ When you create your package in Visual Studio, make sure you are signed in with
 
 When you build your app's UWP packages, Visual Studio can create an .msix or appx file, or a .msixupload or .appxupload file. For UWP apps, we recommend that you always upload the .msixupload or .appxupload file in the [Packages](./upload-app-packages.md) page. For more info about packaging UWP apps for the Store, see [Package a UWP app with Visual Studio](/windows/msix/package/packaging-uwp-apps).
 
-Your app's packages don't have to be signed with a certificate rooted in a trusted certificate authority.
+### Code signing for Microsoft Store submissions
+
+Your app's packages don't have to be signed with a certificate rooted in a trusted certificate authority when submitting to the Microsoft Store. The Microsoft Store will automatically sign your packages with a Microsoft certificate during the publishing process after your app passes certification. This means:
+
+- You don't need to purchase a code signing certificate for Store distribution
+- You don't need a .pfx or .cer file to submit packages to the Store
+- USB tokens or hardware security modules (HSMs) are not required for Store submissions
+- The Store handles all code signing automatically, providing trust and security to customers
+
+> [!NOTE]
+> If you are distributing your MSIX package outside the Microsoft Store (for example, for enterprise deployment or sideloading), you will need to sign the package yourself with your own code signing certificate. For more information, see [Sign an app package using SignTool](/windows/win32/appxpkg/how-to-sign-a-package-using-signtool).
 
 #### App bundles
 

From 04af857700b645f2a3b00b6a85d94f539d0adde4 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 12 Feb 2026 19:45:14 +0000
Subject: [PATCH 3/4] Fix grammar in app-certification-process.md

Co-authored-by: GrantMeStrength <1928855+GrantMeStrength@users.noreply.github.com>
---
 .../publish/publish-your-app/msix/app-certification-process.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hub/apps/publish/publish-your-app/msix/app-certification-process.md b/hub/apps/publish/publish-your-app/msix/app-certification-process.md
index f41f9cb329..153ba2f420 100644
--- a/hub/apps/publish/publish-your-app/msix/app-certification-process.md
+++ b/hub/apps/publish/publish-your-app/msix/app-certification-process.md
@@ -37,7 +37,7 @@ When your app passes certification, it's ready to move to the **Publishing** pro
 
 Your app's packages are digitally signed by Microsoft to protect them against tampering after they have been released. The Microsoft Store automatically signs all packages with a Microsoft certificate, which ensures that customers can trust and install your app without security warnings. This automatic signing process means you don't need to provide your own code signing certificate for Store distribution. Once this phase has begun, you can no longer cancel your submission or change its release date.
 
-The publishing process take a few minutes and on an average, customers will be able to see the app’s listing within 15 minutes depending on their location.
+The publishing process takes a few minutes and on average, customers will be able to see the app’s listing within 15 minutes depending on their location.
 
 ## In the Store
 

From 8c88cfef03c0e4296ec83a3f6f3a258561eb4bef Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 12 Feb 2026 19:46:12 +0000
Subject: [PATCH 4/4] Improve clarity of code signing documentation based on
 code review feedback

Co-authored-by: GrantMeStrength <1928855+GrantMeStrength@users.noreply.github.com>
---
 hub/apps/publish/faq/get-started-with-the-microsoft-store.md  | 2 +-
 .../publish-your-app/msix/app-certification-process.md        | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/hub/apps/publish/faq/get-started-with-the-microsoft-store.md b/hub/apps/publish/faq/get-started-with-the-microsoft-store.md
index 63fda6e31d..e60ef151e6 100644
--- a/hub/apps/publish/faq/get-started-with-the-microsoft-store.md
+++ b/hub/apps/publish/faq/get-started-with-the-microsoft-store.md
@@ -171,7 +171,7 @@ Yes, the Microsoft Store provides **automatic code signing** for all apps submit
 
 Here's how it works:
 
-- **For Store submissions:** When you submit your MSIX package to the Microsoft Store, you can upload an unsigned package (or a package signed with any certificate). After your app passes certification, the Microsoft Store automatically signs your package with a Microsoft certificate during the publishing process. This ensures customers can trust and install your app without security warnings.
+- **For Store submissions:** When you submit your MSIX package to the Microsoft Store, the package does not need to be signed with a trusted certificate. After your app passes certification, the Microsoft Store automatically signs your package with a Microsoft certificate during the publishing process, replacing any existing signature. This ensures customers can trust and install your app without security warnings.
   
 - **What you need:** Only the package files (.msix, .msixupload, .msixbundle, .appx, .appxupload, or .appxbundle) are required for submission. No code signing certificate is needed.
 
diff --git a/hub/apps/publish/publish-your-app/msix/app-certification-process.md b/hub/apps/publish/publish-your-app/msix/app-certification-process.md
index 153ba2f420..a0f8ccaf53 100644
--- a/hub/apps/publish/publish-your-app/msix/app-certification-process.md
+++ b/hub/apps/publish/publish-your-app/msix/app-certification-process.md
@@ -35,7 +35,9 @@ When your app passes certification, it's ready to move to the **Publishing** pro
 
 ## Publishing
 
-Your app's packages are digitally signed by Microsoft to protect them against tampering after they have been released. The Microsoft Store automatically signs all packages with a Microsoft certificate, which ensures that customers can trust and install your app without security warnings. This automatic signing process means you don't need to provide your own code signing certificate for Store distribution. Once this phase has begun, you can no longer cancel your submission or change its release date.
+Your app's packages are digitally signed by Microsoft to protect them against tampering after they have been released. The Microsoft Store automatically signs all packages with a Microsoft certificate, which ensures that customers can trust and install your app without security warnings. 
+
+You don't need to provide your own code signing certificate for Store distribution—the Store handles this automatically. Once this phase has begun, you can no longer cancel your submission or change its release date.
 
 The publishing process takes a few minutes and on average, customers will be able to see the app’s listing within 15 minutes depending on their location.