diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index af53ace36..a46d48008 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -40,8 +40,8 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Set environment variables
-        if: ${{ ! startsWith(github.ref, 'refs/heads/build-') }}
+      - name: Set environment variables for release
+        if: ${{ startsWith(github.ref, 'refs/heads/release') }}
         shell: bash
         run: |
           echo "tagName=v__VERSION__" >> $GITHUB_ENV
@@ -99,18 +99,32 @@ jobs:
           rustup toolchain install stable-x86_64-apple-darwin --force-non-host
           rustup toolchain install stable-aarch64-apple-darwin --force-non-host
 
-      - name: Install dependencies (Windows)
+      - name: Install dependencies (windows)
         if: startsWith(runner.os,'Windows')
         run: |
           vcpkg.exe install sqlite3:x64-windows zlib:x64-windows
           choco upgrade protoc -y
 
-      - name: Set environment variables (Windows)
+      - name: Set environment variables (windows)
         if: startsWith(runner.os,'Windows')
         shell: bash
         run: |
           echo "SQLITE3_LIB_DIR=C:\vcpkg\installed\x64-windows\lib" >> $GITHUB_ENV
 
+      - name: Azure code-signing setup (windows only)
+        if: ${{ ( startsWith(runner.os,'Windows') ) && ( env.AZURE_TENANT_ID != '' ) }}
+        shell: bash
+        env:
+          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+          WINDOWS_SIGN_COMMAND: trusted-signing-cli -e https://eus.codesigning.azure.net/ -a Tari -c Tarilabs %1
+        run: |
+          cd "$GITHUB_WORKSPACE/src-tauri"
+          echo "{}" | \
+            jq '.tauri .bundle .windows += {"signCommand": "${{ env.WINDOWS_SIGN_COMMAND }}"}' > \
+              ./tauri.windows.conf.json
+          cat ./tauri.windows.conf.json
+          cargo install trusted-signing-cli
+
       - name: Install dependencies (node)
         run: |
           npm --version
@@ -121,13 +135,16 @@ jobs:
         uses: tauri-apps/tauri-action@v0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
+          ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE || secrets.AZURE_TENANT_ID }}
           APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
           APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
           APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
           APPLE_ID: ${{ secrets.APPLE_ID }}
           APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
           APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+          AZURE_TENANT_ID: ${{ startsWith(runner.os,'Windows') && secrets.AZURE_TENANT_ID }}
+          AZURE_CLIENT_ID: ${{ startsWith(runner.os,'Windows') && secrets.AZURE_CLIENT_ID }}
+          AZURE_CLIENT_SECRET: ${{ startsWith(runner.os,'Windows') && secrets.AZURE_CLIENT_SECRET }}
           TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
           TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
         with: