![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 57.99999999999999%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Artifact Signing
A fully managed end-to-end service for digitally signing code, documents, and applications. (formerly Trusted Signing)
Hello Michael T,
Azure Trusted Signing identities are immutable primary email cannot be changed after creation due to legal validation binding. Must delete & recreate with new email.
Step-by-Step Fix
1. Assign Required Role
text
Azure Portal → Trusted Signing Account → Access control (IAM)
→ Add role → "Trusted Signing Identity Verifier"
→ Assign to your account
2. Delete Existing Identity
text
Trusted Signing Account → Identity Validation → Select identity
→ Delete → Confirm (breaks linked cert profiles temporarily)
3. Create New Identity
text
Identity Validation → New Identity Validation
→ **Primary Email**: New email address
→ **Secondary Email**: Different email (same domain recommended)
→ Complete verification flow
Important Notes
- Downtime: 1-7 business days for new validation
Cert Profiles: Recreate after new identity completes
- No Recovery: Deleted identities cannot be restored
- Same Domain: Primary/secondary emails should match domains
New identity deploys in ~24-48hrs (faster than initial validation). If it helps, accpet the answer.
Cheers,
Jerald Felix