diff --git a/.pipelines/PowerShell-Release-Official.yml b/.pipelines/PowerShell-Release-Official.yml
index f30b19dfd51..9f66155e8ec 100644
--- a/.pipelines/PowerShell-Release-Official.yml
+++ b/.pipelines/PowerShell-Release-Official.yml
@@ -58,6 +58,7 @@ variables:
   - name: ReleaseTagVar
     value: ${{ parameters.ReleaseTagVar }}
   - group: PoolNames
+  - group: MSIXSigningProfile
 
 resources:
   repositories:
diff --git a/.pipelines/templates/release-create-msix.yml b/.pipelines/templates/release-create-msix.yml
index 3714e623b5e..751ce1ec5e2 100644
--- a/.pipelines/templates/release-create-msix.yml
+++ b/.pipelines/templates/release-create-msix.yml
@@ -75,6 +75,24 @@ jobs:
       displayName: Create MsixBundle
       retryCountOnTaskFailure: 1
 
+    - task: onebranch.pipeline.signing@1
+      displayName: Sign MsixBundle
+      inputs:
+        command: 'sign'
+        signing_profile: $(MSIXProfile)
+        files_to_sign: '**/*.msixbundle'
+        search_root: '$(BundleDir)'
+    
+    - pwsh: |
+        $signedBundle = Get-ChildItem -Path $(BundleDir) -Filter "*.msixbundle" -File
+        Write-Verbose -Verbose "Signed bundle: $signedBundle"
+
+        Copy-Item -Path $signedBundle -Destination $(ob_outputDirectory) -Verbose
+
+        Write-Verbose -Verbose "Uploaded Bundle:"
+        Get-ChildItem -Path $(ob_outputDirectory) | Write-Verbose -Verbose
+      displayName: Upload msixbundle to Artifacts
+
     - task: AzurePowerShell@5
       displayName: Upload msix to blob
       inputs: