diff --git a/.github/actions/package/windows/action.yml b/.github/actions/package/windows/action.yml
index f49f6b9c9..49dfbd545 100644
--- a/.github/actions/package/windows/action.yml
+++ b/.github/actions/package/windows/action.yml
@@ -140,7 +140,7 @@ runs:
         makensis -NOCD "${{ github.workspace }}/${{ env.BUILD_DIR }}/program_info/win_install.nsi"
 
     - name: Sign installer
-      if: ${{ github.ref_name == 'develop' && inputs.azure-client-id != '' }}
+      if: ${{ env.CI_HAS_ACCESS_TO_AZURE != '' && inputs.azure-client-id != '' }}
       uses: azure/trusted-signing-action@v0
       with:
         endpoint: https://eus.codesigning.azure.net/
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 0e81fd5a1..cfefb84ed 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -62,6 +62,9 @@ on:
         description: Type of build (Debug or Release)
         type: string
         default: Debug
+      environment:
+        description: Deployment environment to run under
+        type: string
   workflow_dispatch:
     inputs:
       build-type:
@@ -73,6 +76,8 @@ jobs:
   build:
     name: Build (${{ matrix.artifact-name }})
 
+    environment: ${{ inputs.environment || '' }}
+
     permissions:
       # Required for Azure Trusted Signing
       id-token: write
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9e5445c66..36cc972b3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -11,6 +11,7 @@ jobs:
     uses: ./.github/workflows/build.yml
     with:
       build-type: Release
+      environment: Release
     secrets: inherit
 
   create_release: