Please keep in mind - KV Team update:
Azure Key Vault is a certificate enrollment tool. You can create the CSR and submit it to the CA. It is on the CA to accept or reject it. In that sense, there is nothing stopping you from doing Code Signing cert from AKV. EV needs to meet industry requirements and it is on the CA to assess that those standards are met.
You can follow the EV Code Signing Certification Renewal Process by following this PDF - EV Code Signing with Azure KeyVault and Azure Pipelines.pdf
Gabriel Michaud - EV Code Signing with Azure KeyVault and Azure Pipelines
Step 1 - Create the certificate in Azure Key Vault
Step 2 - Download CSR (Certificate Request File)
Step 3 - Order certificate from DigiCert - Minimum key size allowed by the CA/B forum is 3072 currently
Step 4a - Validation Process
Step 4b - Audit Letter
Step 5 - Importing the Key into the Azure Key Vault (Merging the certificate signing request)
Step 6 - Modifying build script and pipeline to use the new key
Additional Links:
Are EV code signing certificates supported for key vault storage and reference in ci/cd pipelines?
EnhancedKeyUsage (EKU) in the CSR request for a code signing cert
PG Comments
Thank you for your time and patience throughout this issue.