diff --git a/.azure-pipelines/common-steps.yml b/.azure-pipelines/common-steps.yml
index a708a058..9191fab4 100644
--- a/.azure-pipelines/common-steps.yml
+++ b/.azure-pipelines/common-steps.yml
@@ -36,9 +36,47 @@ steps:
 # Acquire the `vsce` tool and use it to package
 - script: |
     npm install -g @vscode/vsce
-    vsce package
+  displayName: Install VSCE
+
+- script: |
+    vsce package -o extension.vsix
   displayName: Create VSIX
 
+- script: |
+    vsce generate-manifest -i extension.vsix -o extension.manifest
+  displayName: Create VSIX Manifest
+
+- script: |
+    cp extension.manifest extension.signature.p7s
+  displayName: Prepare Manifest Signature
+
+- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@5
+  inputs:
+    ConnectedServiceName: PipelinesAgentAndTasksESRP
+    AppRegistrationClientId: $(AppRegistrationClientId)
+    AppRegistrationTenantId: $(AppRegistrationTenantId)
+    AuthAKVName: $(AuthAKVName)
+    AuthCertName: $(AuthCertName)
+    AuthSignCertName: $(AuthSignCertName)
+    FolderPath: '$(Build.ArtifactStagingDirectory)'
+    Pattern: 'extension.signature.p7s'
+    signConfigType: inlineSignParams
+    inlineOperation: |
+      [
+        {
+          "keyCode": "CP-401405",
+          "operationSetCode": "VSCodePublisherSign",
+          "parameters" : [],
+          "toolName": "sign",
+          "toolVersion": "1.0"
+        }
+      ]
+    SessionTimeout: 90
+    MaxConcurrency: 25
+    MaxRetryAttempts: 5
+    PendingAnalysisWaitTimeoutMinutes: 5
+  displayName: Sign Extension
+  
 - script: |
     npm run vscode:prepublish
     cat /home/vsts/.npm/_logs/*.log
@@ -59,8 +97,10 @@ steps:
   displayName: Stage VSIX for publishing
   inputs:
     contents: |-
-      *.vsix
+      extension.vsix
       version.txt
       branch.txt
       minichangelog.txt
+      extension.signature.p7s
+      extension.manifest
     targetFolder: $(Build.ArtifactStagingDirectory)
diff --git a/.azure-pipelines/github-release/github-release.js b/.azure-pipelines/github-release/github-release.js
index 23734506..8a8ebab9 100644
--- a/.azure-pipelines/github-release/github-release.js
+++ b/.azure-pipelines/github-release/github-release.js
@@ -11,6 +11,9 @@ const DEBUG_LOGGING = process.env.SYSTEM_DEBUG && process.env.SYSTEM_DEBUG == 't
 let vsixName = process.argv[2] || null;
 let version = process.argv[3] || null;
 let token = process.argv[4] || null
+let signature = process.argv[5] || null
+let manifest = process.argv[6] || null
+
 if (token === null) {
     console.log(`Usage:
 
@@ -59,12 +62,12 @@ async function createRelease() {
         console.log(createReleaseResult);
     }
 
+    // Upload the VSIX
     const vsixSize = fs.statSync(vsixName).size;
-
     console.log('Uploading VSIX...');
-    let uploadResult;
+    let vsixUploadResult;
     try {
-        uploadResult = await octokit.repos.uploadAsset({
+        vsixUploadResult = await octokit.repos.uploadAsset({
             url: createReleaseResult.data.upload_url,
             headers: {
                 'content-length': vsixSize,
@@ -78,8 +81,48 @@ async function createRelease() {
     }
     console.log('Uploaded VSIX.');
 
+    // Upload the Manifest
+    const manifestSize = fs.statSync(manifest).size;
+    console.log('Uploading Manifest...');
+    let manifestUploadResult;
+    try {
+        manifestUploadResult = await octokit.repos.uploadAsset({
+            url: createReleaseResult.data.upload_url,
+            headers: {
+                'content-length': manifestSize,
+                'content-type': 'application/xml',
+            },
+            name: manifest,
+            file: fs.createReadStream(manifest)
+        });
+    } catch (e) {
+        throw e;
+    }
+    console.log('Uploaded Manifest.');
+
+    // Upload the Signature
+    const signatureSize = fs.statSync(signature).size;
+    console.log('Uploading Signature...');
+    let signatureUploadResult;
+    try {
+        signatureUploadResult = await octokit.repos.uploadAsset({
+            url: createReleaseResult.data.upload_url,
+            headers: {
+                'content-length': signatureSize,
+                'content-type': 'application/pkcs7-signature',
+            },
+            name: signature,
+            file: fs.createReadStream(signature)
+        });
+    } catch (e) {
+        throw e;
+    }
+    console.log('Uploaded Signature.');
+
     if (DEBUG_LOGGING) {
-        console.log(uploadResult);
+        console.log("VISX Upload Result:" + vsixUploadResult);
+        console.log("Manifest Upload Result:" + manifestUploadResult);
+        console.log("Signature Upload Result:" + signatureUploadResult);
     }
 }
 
diff --git a/.azure-pipelines/release-pipeline.yml b/.azure-pipelines/release-pipeline.yml
index ea3604d1..2e2c8b22 100644
--- a/.azure-pipelines/release-pipeline.yml
+++ b/.azure-pipelines/release-pipeline.yml
@@ -4,17 +4,17 @@
 
 # Only trigger manually
 
-# This Yaml Document has been converted by ESAI Yaml Pipeline Conversion Tool.
-# This pipeline will be extended to the OneESPT template
-
 trigger: none
+
 pr: none
+
 resources:
   repositories:
   - repository: 1ESPipelineTemplates
     type: git
     name: 1ESPipelineTemplates/1ESPipelineTemplates
     ref: refs/tags/release
+
 extends:
   template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
   parameters:
@@ -36,6 +36,7 @@ extends:
       os: linux
     customBuildTags:
     - ES365AIMigrationTooling
+
     stages:
     - stage: stage
       jobs:
@@ -46,6 +47,7 @@ extends:
             displayName: 'Publish VSIX'
             artifactName: azure-pipelines-vscode
             targetPath: $(Build.ArtifactStagingDirectory)
+
         steps:
         # release version should be correctly set in package.json
         - bash: |
@@ -72,11 +74,14 @@ extends:
             npm install
           displayName: Prepare to create GitHub Release
           workingDirectory: '$(Build.SourcesDirectory)/.azure-pipelines/github-release'
+
         - bash: |
             SCRIPT=.azure-pipelines/github-release/github-release.js
-            VSIX=*.vsix
+            VSIX=extension.vsix
             VERSION=$(node -p "require('./package.json').version")
-            node $SCRIPT $VSIX $VERSION $GITHUB_TOKEN
+            VSIX_SIGNATURE=extension.signature.p7s
+            VSIX_MANIFEST=extension.manifest
+            node $SCRIPT $VSIX $VERSION $GITHUB_TOKEN $VSIX_SIGNATURE $VSIX_MANIFEST
           displayName: Create GitHub Release
           env:
             GITHUB_TOKEN: $(GitHubSecret)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a8485290..31c3ea4b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -207,3 +207,9 @@ All of the material changes in this version were courtesy of @50Wliu. Thanks!
 - Initial release
 - Syntax highlighting for Azure Pipelines files
 - Intellisense for Azure Pipelines files
+
+## 1.247.2
+### Added
+- Added ESRP Esrp CodeSigning step
+- Updated build generation to sign the VSIX
+- Updated upload steps to upload VSIX, signature & manifest
\ No newline at end of file
diff --git a/package-lock.json b/package-lock.json
index 6e56308b..4319f10b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
     "name": "azure-pipelines",
-    "version": "1.237.0",
+    "version": "1.247.2",
     "lockfileVersion": 2,
     "requires": true,
     "packages": {
         "": {
             "name": "azure-pipelines",
-            "version": "1.237.0",
+            "version": "1.247.2",
             "license": "MIT",
             "dependencies": {
                 "@vscode/extension-telemetry": "^0.5.1",
diff --git a/package.json b/package.json
index d524164a..89162aeb 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
     "name": "azure-pipelines",
     "displayName": "Azure Pipelines",
     "description": "Syntax highlighting, IntelliSense, and more for Azure Pipelines YAML",
-    "version": "1.237.0",
+    "version": "1.247.2",
     "publisher": "ms-azure-devops",
     "aiKey": "AIF-d9b70cd4-b9f9-4d70-929b-a071c400b217",
     "repository": {