diff --git a/build/config/SignConfig.xml b/build/config/SignConfig.xml
deleted file mode 100644
index 94be562..0000000
--- a/build/config/SignConfig.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<SignConfigXML>
-  <job platform="" configuration="" certSubject="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" jobname="EngFunSimpleSign" approvers="">
-   <file src="__INPATHROOT__\Microsoft.WindowsCalculator_8wekyb3d8bbwe.appxbundle" signType="FirstPartyWindowsStoreVNext" dest="__OUTPATHROOT__\Microsoft.WindowsCalculator_8wekyb3d8bbwe.appxbundle" /> 
-  </job>
-</SignConfigXML>
\ No newline at end of file
diff --git a/build/pipelines/azure-pipelines.release.yaml b/build/pipelines/azure-pipelines.release.yaml
index b82a557..1f22374 100644
--- a/build/pipelines/azure-pipelines.release.yaml
+++ b/build/pipelines/azure-pipelines.release.yaml
@@ -49,5 +49,7 @@ jobs:
     platform: x86
 
 - template: ./templates/package-appxbundle.yaml
+  parameters:
+    signBundle: true
 
 - template: ./templates/prepare-release-internalonly.yaml
diff --git a/build/pipelines/templates/package-appxbundle.yaml b/build/pipelines/templates/package-appxbundle.yaml
index d1ad1d7..4770af8 100644
--- a/build/pipelines/templates/package-appxbundle.yaml
+++ b/build/pipelines/templates/package-appxbundle.yaml
@@ -1,6 +1,9 @@
 # This template contains a job which takes .appx packages which were built separately for each
 # architecture (arm, x86, etc.) and combines them into a single .appxbundle.
 
+parameters:
+  signBundle: false
+
 jobs:
 - job: Package
   dependsOn:
@@ -58,3 +61,43 @@ jobs:
     inputs:
       artifactName: appxBundle
       pathToPublish: $(Build.ArtifactStagingDirectory)\appxBundle
+
+  - ${{ if eq(parameters.signBundle, true) }}:
+    - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
+      displayName: Send appxbundle to code signing service
+      inputs:
+        ConnectedServiceName: Essential Experiences Codesign
+        FolderPath: $(Build.ArtifactStagingDirectory)\appxBundle
+        Pattern: Microsoft.WindowsCalculator_8wekyb3d8bbwe.appxbundle
+        signConfigType: inlineSignParams
+        inlineOperation: |
+          [
+            {
+              "CertTemplateName": "WINMSAPP1ST",
+              "CertSubjectName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US",
+              "KeyCode": "Dynamic",
+              "OperationCode": "SigntoolvNextSign",
+              "Parameters": {
+                "OpusName": "Microsoft",
+                "OpusInfo": "http://www.microsoft.com",
+                "FileDigest": "/fd \"SHA256\"",
+                "TimeStamp": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
+              },
+              "ToolName": "sign",
+              "ToolVersion": "1.0"
+            },
+            {
+              "CertTemplateName": "WINMSAPP1ST",
+              "CertSubjectName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US",
+              "KeyCode": "Dynamic",
+              "OperationCode": "SigntoolvNextVerify",
+              "Parameters": {},
+              "ToolName": "sign",
+              "ToolVersion": "1.0"
+            }
+          ]
+    - task: PublishBuildArtifacts@1
+      displayName: Publish AppxBundleSigned artifact
+      inputs:
+        pathtoPublish: $(Build.ArtifactStagingDirectory)\appxBundle
+        artifactName: appxBundleSigned
\ No newline at end of file
diff --git a/build/pipelines/templates/prepare-release-internalonly.yaml b/build/pipelines/templates/prepare-release-internalonly.yaml
index 00e978d..2c9dcd5 100644
--- a/build/pipelines/templates/prepare-release-internalonly.yaml
+++ b/build/pipelines/templates/prepare-release-internalonly.yaml
@@ -2,8 +2,6 @@
 # Windows using Microsoft-internal systems. It relies on Microsoft-internal resources and will not
 # work outside of Microsoft.
 # Specifically, this job:
-# - Signs the bundle using a secure system. If you want to build your own, use SignTool following
-#   the example in the continuous integration pipeline.
 # - Builds VPacks for including the app in the Windows OS build. Azure DevOps Universal Packages
 #   offers similar capabilities.
 # - Creates StoreBroker packages containing Microsoft Store assets. Although the Store assets for
@@ -45,29 +43,15 @@ jobs:
       versionSpec: 5.x
 
   - task: DownloadBuildArtifacts@0
-    displayName: Download appxBundle artifact
+    displayName: Download appxBundleSigned artifact
     inputs:
-      artifactName: appxBundle
-
-  - task: PkgESCodeSign@10
-    displayName: Send bundle to Package ES code signing service
-    env:
-      SYSTEM_ACCESSTOKEN: $(System.AccessToken)
-    inputs:
-      signConfigXml: build\config\SignConfig.xml
-      inPathRoot: $(Build.ArtifactStagingDirectory)\appxBundle
-      outPathRoot: $(Build.ArtifactStagingDirectory)\appxBundleSigned
-
-  - task: PublishBuildArtifacts@1
-    displayName: Publish AppxBundleSigned artifact
-    inputs:
-      pathtoPublish: $(Build.ArtifactStagingDirectory)\appxBundleSigned
-      artifactName: AppxBundleSigned
+      artifactName: appxBundleSigned
 
   - task: CopyFiles@2
     displayName: Copy signed AppxBundle to vpack staging folder
     inputs:
       sourceFolder: $(Build.ArtifactStagingDirectory)\appxBundleSigned
+      contents: Microsoft.WindowsCalculator_8wekyb3d8bbwe.appxbundle
       targetFolder: $(Build.ArtifactStagingDirectory)\vpack\appxBundle
 
   - task: PkgESVPack@10