diff --git a/apps/desktop/sign.js b/apps/desktop/sign.js
index efbbe3e21ab..007ad5a375b 100644
--- a/apps/desktop/sign.js
+++ b/apps/desktop/sign.js
@@ -8,6 +8,39 @@ exports.default = async function (configuration) {
       configuration.path.endsWith(".msix"))
   ) {
     console.log(`[*] Signing file: ${configuration.path}`);
+
+    // If signing APPX/MSIX, inspect the manifest Publisher before signing
+    if (configuration.path.endsWith(".appx") || configuration.path.endsWith(".msix")) {
+      try {
+        const path = require("path");
+        const fs = require("fs");
+
+        // Extract architecture from filename (e.g., "Bitwarden-2025.10.2-x64.appx" -> "x64")
+        const filename = path.basename(configuration.path);
+        const archMatch = filename.match(/-(x64|arm64|ia32)\.(appx|msix)$/);
+
+        if (archMatch) {
+          const arch = archMatch[1];
+          const distDir = path.dirname(configuration.path);
+          const manifestPath = path.join(distDir, `__appx-${arch}`, "AppxManifest.xml");
+
+          if (fs.existsSync(manifestPath)) {
+            const manifestContent = fs.readFileSync(manifestPath, "utf8");
+
+            // Extract and display the Publisher line
+            const publisherMatch = manifestContent.match(/Publisher='([^']+)'/);
+            if (publisherMatch) {
+              console.log(`[*] APPX Manifest Publisher: ${publisherMatch[1]}`);
+            }
+          } else {
+            console.log(`[!] Manifest not found at: ${manifestPath}`);
+          }
+        }
+      } catch (error) {
+        console.log(`[!] Failed to read manifest: ${error.message}`);
+      }
+    }
+
     require("child_process").execSync(
       `azuresigntool sign -v ` +
         `-kvu ${process.env.SIGNING_VAULT_URL} ` +