Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.


The /INTEGRITYCHECK linker option provides Windows kernel digital signature verification for user mode Portable Executables (PE) files. This linker option is required for anti-malware and anti-cheat scenarios to register components with the Windows Security Center.  

You must sign IntegrityCheck-linked user mode PEs using Azure Code Signing (ACS). The cross-signing program is deprecated and new signing certificates will not be issued. Windows will continue to trust the existing binaries signed by the cross-signing program.


Microsoft first introduced the signing requirement for user mode PEs in Windows 11, version 21H2. These changes were serviced to the supported Windows client and Windows server products through Windows Update. All versions of Windows 11 natively support Azure Code Signing for user mode PE files. Support for Azure Code Signing was made available in other client and server products starting with the releases listed below. 


KB number

Release date

Windows Server 2022


September 27, 2021

Windows 10, version 2004

Windows 10, version 20H2

Windows 10, version 21H1


September 30, 2021

Windows 10, version 1909


September 21, 2021

Windows 10, version 1809

Windows Server 2019


September 21, 2021

Windows 10, version 1607

Windows Server 2016


October 12, 2021

Windows 10, version 1507


October 12, 2021

Windows 8.1

Windows Server 2012 R2

5006714 (Monthly rollup)

5006729 (Security-only update)

October 12, 2021

Windows Server 2012

5006739 (Monthly rollup)

5006732 (Security-only update)

October 12, 2021

Windows 7.0 SP1

Windows Server 2008 R2

5006743 (Monthly rollup)

5006728 (Security-only update)

October 12, 2021

Windows Server 2008 SP2

5006736 (Monthly rollup)

5006715 (Security-only update)

October 12, 2021

NOTE To correctly verify modules signed by Azure Code Signing, computers are required to have the "Microsoft Identity Verification Root Certificate Authority 2020" certificate authority (CA) installed. By default, root certificates are installed automatically if the computer is connected to the Internet. If the "automatic root certificates update" setting is disabled or the computer is offline, you must install this root certificate into the certificate store of "Local Computer" under "Trusted Root Certification Authorities". To download the certificate, see PKI Repository - Microsoft PKI Services.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!