diff --git a/.github/workflows/build-feature.yml b/.github/workflows/build-feature.yml
index 536816c82..2cf466b4a 100644
--- a/.github/workflows/build-feature.yml
+++ b/.github/workflows/build-feature.yml
@@ -13,9 +13,17 @@ jobs:
     with: 
       architecture: x64
       version: ${{ needs.get-version.outputs.version }}
+    secrets:
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
   build-x86:
     needs: get-version
     uses: ./.github/workflows/build-windows.yml
     with: 
       architecture: x86
       version: ${{ needs.get-version.outputs.version }}
+    secrets:
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
diff --git a/.github/workflows/build-main.yml b/.github/workflows/build-main.yml
index 1297d62f7..c738da621 100644
--- a/.github/workflows/build-main.yml
+++ b/.github/workflows/build-main.yml
@@ -19,9 +19,17 @@ jobs:
     with: 
       architecture: x86
       version: ${{ needs.get-version.outputs.version }}
+    secrets:
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
 
   release:
     needs: [get-version, build-x64, build-x86]
     uses: ./.github/workflows/release.yml
     with:
-      version: ${{ needs.get-version.outputs.version }}
\ No newline at end of file
+      version: ${{ needs.get-version.outputs.version }}
+    secrets:
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+      AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
diff --git a/.github/workflows/build-windows.yml b/.github/workflows/build-windows.yml
index 93a0c116d..f0420fa2f 100644
--- a/.github/workflows/build-windows.yml
+++ b/.github/workflows/build-windows.yml
@@ -12,6 +12,16 @@ on:
         type: string
         description: 'Version to build'
         required: true
+    secrets:
+      AZURE_TENANT_ID:
+        description: 'Azure tenant ID'
+        required: true
+      AZURE_CLIENT_ID:
+        description: 'Azure client ID'
+        required: true
+      AZURE_CLIENT_SECRET:
+        description: 'Azure client secret'
+        required: true
 
 env:
   PERL_VERSION: 5.34
@@ -213,6 +223,21 @@ jobs:
         for f in *-stripped.pdb; do mv -- "$f" "${f%-stripped.pdb}.pdb"; done
         7z a -tzip -r ../NSCP-${{ inputs.version }}-${{ steps.setup.outputs.platform }}-symbols.zip .
 
+    - name: Sign files installer
+      uses: azure/trusted-signing-action@v0.5.1
+      with:
+        azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+        azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+        endpoint: https://neu.codesigning.azure.net
+        trusted-signing-account-name: nsclient
+        certificate-profile-name: nsclient
+        files-folder: ${{ github.workspace }}\tmp\nscp\installers\installer-NSCP
+        files-folder-filter: msi
+        file-digest: SHA256
+        timestamp-rfc3161: http://timestamp.acs.microsoft.com
+        timestamp-digest: SHA256
+
     - uses: actions/upload-artifact@v4
       with:
         name: NSCP-${{ inputs.version }}-${{ steps.setup.outputs.platform }}