diff --git a/.gitignore b/.gitignore
index 5e16dcab58e..19c954ea8f3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,9 +3,9 @@ syntax: glob
 ### VisualStudio ###
 
 # Tools directory
-/[Tt]ools/
 .dotnet/
 .packages/
+.tools/
 
 # User-specific files
 *.suo
diff --git a/Arcade.sln b/Arcade.sln
index dc123c418b4..f43a6e06d11 100644
--- a/Arcade.sln
+++ b/Arcade.sln
@@ -95,7 +95,9 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.DotNet.Helix.JobS
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.DotNet.Build.Tasks.TargetFramework.Sdk", "src\Microsoft.DotNet.Build.Tasks.TargetFramework.Sdk\src\Microsoft.DotNet.Build.Tasks.TargetFramework.Sdk.csproj", "{E83B25A9-66C3-4E15-9BC3-E843CC471622}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.DotNet.Helix.Sdk.Tests", "src\Microsoft.DotNet.Helix\Sdk.Tests\Microsoft.DotNet.Helix.Sdk.Tests\Microsoft.DotNet.Helix.Sdk.Tests.csproj", "{03390E61-9DC1-4893-93A4-193D76C16034}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.DotNet.Helix.Sdk.Tests", "src\Microsoft.DotNet.Helix\Sdk.Tests\Microsoft.DotNet.Helix.Sdk.Tests\Microsoft.DotNet.Helix.Sdk.Tests.csproj", "{03390E61-9DC1-4893-93A4-193D76C16034}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.DotNet.AzureDevOps.Build", "src\Microsoft.DotNet.AzureDevOps.Build\Microsoft.DotNet.AzureDevOps.Build.csproj", "{107F83D6-3214-4713-898D-373FCF051366}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -607,6 +609,18 @@ Global
 		{03390E61-9DC1-4893-93A4-193D76C16034}.Release|x64.Build.0 = Release|Any CPU
 		{03390E61-9DC1-4893-93A4-193D76C16034}.Release|x86.ActiveCfg = Release|Any CPU
 		{03390E61-9DC1-4893-93A4-193D76C16034}.Release|x86.Build.0 = Release|Any CPU
+		{107F83D6-3214-4713-898D-373FCF051366}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{107F83D6-3214-4713-898D-373FCF051366}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{107F83D6-3214-4713-898D-373FCF051366}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{107F83D6-3214-4713-898D-373FCF051366}.Debug|x64.Build.0 = Debug|Any CPU
+		{107F83D6-3214-4713-898D-373FCF051366}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{107F83D6-3214-4713-898D-373FCF051366}.Debug|x86.Build.0 = Debug|Any CPU
+		{107F83D6-3214-4713-898D-373FCF051366}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{107F83D6-3214-4713-898D-373FCF051366}.Release|Any CPU.Build.0 = Release|Any CPU
+		{107F83D6-3214-4713-898D-373FCF051366}.Release|x64.ActiveCfg = Release|Any CPU
+		{107F83D6-3214-4713-898D-373FCF051366}.Release|x64.Build.0 = Release|Any CPU
+		{107F83D6-3214-4713-898D-373FCF051366}.Release|x86.ActiveCfg = Release|Any CPU
+		{107F83D6-3214-4713-898D-373FCF051366}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index c2b8ee93afa..2a25fd4dd63 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -33,6 +33,7 @@ stages:
           manifests: true
       enableMicrobuild: true
       enablePublishUsingPipelines: true
+      useBuildManifest: ${{ variables['_UseBuildManifest'] }}
       workspace:
         clean: all
       jobs:
@@ -192,3 +193,4 @@ stages:
         -TsaRepositoryName "Arcade"
         -TsaCodebaseName "Arcade"
         -TsaPublish $True'
+      useBuildManifest: ${{ variables['_UseBuildManifest'] }}
\ No newline at end of file
diff --git a/eng/Versions.props b/eng/Versions.props
index 3a8d3079d21..e5be6b06885 100644
--- a/eng/Versions.props
+++ b/eng/Versions.props
@@ -38,7 +38,7 @@
     <MonoOptionsVersion>5.3.0.1</MonoOptionsVersion>
     <McMasterExtensionsCommandLineUtils>2.3.0</McMasterExtensionsCommandLineUtils>
     <NewtonsoftJsonVersion>9.0.1</NewtonsoftJsonVersion>
-    <MicrosoftBclJsonSourcesVersion>4.6.0-preview4.19202.2</MicrosoftBclJsonSourcesVersion>
+    <SystemTextJsonVersion>4.7.0</SystemTextJsonVersion>
     <NuGetVersioningVersion>4.4.0</NuGetVersioningVersion>
     <NuGetVersion>5.3.0</NuGetVersion>
     <OctokitVersion>0.32.0</OctokitVersion>
@@ -50,12 +50,12 @@
     <SystemIOCompressionVersion>4.3.0</SystemIOCompressionVersion>
     <SystemIOPackagingVersion>4.5.0</SystemIOPackagingVersion>
     <SystemIOFileSystemPrimitivesVersion>4.3.0</SystemIOFileSystemPrimitivesVersion>
-    <SystemMemoryVersion>4.5.1</SystemMemoryVersion>
-    <SystemNumericsVectorsVersion>4.4.0</SystemNumericsVectorsVersion>
+    <SystemMemoryVersion>4.5.3</SystemMemoryVersion>
+    <SystemNumericsVectorsVersion>4.5.0</SystemNumericsVectorsVersion>
     <SystemReflectionMetadataVersion>1.4.2</SystemReflectionMetadataVersion>
-    <SystemRuntimeCompilerServicesUnsafeVersion>4.5.0</SystemRuntimeCompilerServicesUnsafeVersion>
+    <SystemRuntimeCompilerServicesUnsafeVersion>4.7.0</SystemRuntimeCompilerServicesUnsafeVersion>
     <SystemTextEncodingsWebVersion>4.5.0</SystemTextEncodingsWebVersion>
-    <SystemThreadingTasksExtensionVersion>4.5.1</SystemThreadingTasksExtensionVersion>
+    <SystemThreadingTasksExtensionVersion>4.5.2</SystemThreadingTasksExtensionVersion>
     <SystemValueTupleVersion>4.4.0</SystemValueTupleVersion>
     <WindowsAzureStorageVersion>8.5.0</WindowsAzureStorageVersion>
     <XUnitVersion>2.4.1</XUnitVersion>
diff --git a/eng/common-variables.yml b/eng/common-variables.yml
index bd9386ca1f6..17d057ba3f5 100644
--- a/eng/common-variables.yml
+++ b/eng/common-variables.yml
@@ -10,6 +10,8 @@ variables:
     value: False
   - name: _InternalBuildArgs
     value: ''
+  - name: _UseBuildManifest
+    value: False
 
   - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
     - name: _RunAsPublic
@@ -18,6 +20,8 @@ variables:
       value: True
     - name: _SignType
       value: real
+    - name: _UseBuildManifest
+      value: False
     # DotNet-Blob-Feed provides: dotnetfeed-storage-access-key-1
     # Publish-Build-Assets provides: MaestroAccessToken, BotAccount-dotnet-maestro-bot-PAT
     # DotNet-HelixApi-Access provides: HelixApiAccessToken
diff --git a/eng/common/sdk-task.ps1 b/eng/common/sdk-task.ps1
index 3872af59b97..79c25e7f3ef 100644
--- a/eng/common/sdk-task.ps1
+++ b/eng/common/sdk-task.ps1
@@ -57,6 +57,18 @@ try {
     ExitWithExitCode 1
   }
 
+  if( $msbuildEngine -eq "vs") {
+    # Ensure desktop MSBuild is available for sdk tasks.
+    if( -not ($GlobalJson.tools.PSObject.Properties.Name -match "vs" )) {
+      $GlobalJson.tools | Add-Member -Name "vs" -Value (ConvertFrom-Json "{ `"version`": `"16.4`" }") -MemberType NoteProperty
+    }
+    if( -not ($GlobalJson.tools.PSObject.Properties.Name -match "xcopy-msbuild" )) {
+      $GlobalJson.tools | Add-Member -Name "xcopy-msbuild" -Value "16.4.0-alpha" -MemberType NoteProperty
+    }
+
+    InitializeXCopyMSBuild $GlobalJson.tools."xcopy-msbuild" -install $true
+  }
+
   $taskProject = GetSdkTaskProject $task
   if (!(Test-Path $taskProject)) {
     Write-PipelineTelemetryError -Category 'Build' -Message "Unknown task: $task" -ForegroundColor Red
diff --git a/eng/common/templates/job/job.yml b/eng/common/templates/job/job.yml
index 536c15c4641..fc39647f4b1 100644
--- a/eng/common/templates/job/job.yml
+++ b/eng/common/templates/job/job.yml
@@ -24,6 +24,7 @@ parameters:
   enablePublishBuildAssets: false
   enablePublishTestResults: false
   enablePublishUsingPipelines: false
+  useBuildManifest: false
   mergeTestResults: false
   testRunTitle: $(AgentOsName)-$(BuildConfiguration)-xunit
   name: ''
@@ -218,3 +219,12 @@ jobs:
         ArtifactName: AssetManifests
       continueOnError: ${{ parameters.continueOnError }}
       condition: and(succeeded(), eq(variables['_DotNetPublishToBlobFeed'], 'true'))
+
+  - ${{ if eq(parameters.useBuildManifest, true) }}:
+    - task: PublishBuildArtifacts@1
+      displayName: Publish Build Manifest
+      inputs:
+        PathToPublish: '$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)/manifest.props'
+        PublishLocation: Container
+        ArtifactName: BuildManifests
+      continueOnError: ${{ parameters.continueOnError }}
diff --git a/eng/common/templates/post-build/post-build.yml b/eng/common/templates/post-build/post-build.yml
index fbab4cb5dce..957bf3018b7 100644
--- a/eng/common/templates/post-build/post-build.yml
+++ b/eng/common/templates/post-build/post-build.yml
@@ -15,6 +15,7 @@ parameters:
   symbolPublishingAdditionalParameters: ''
   artifactsPublishingAdditionalParameters: ''
   signingValidationAdditionalParameters: ''
+  useBuildManifest: false
 
   # Which stages should finish execution before post-build stages start
   validateDependsOn:
@@ -113,6 +114,16 @@ stages:
     pool:
       vmImage: 'windows-2019'
     steps:
+      - ${{ if eq(parameters.useBuildManifest, true) }}:
+        - task: DownloadBuildArtifacts@0
+          displayName: Download build manifest
+          inputs:
+            buildType: specific
+            buildVersionToDownload: specific
+            project: $(AzDOProjectName)
+            pipeline: $(AzDOPipelineId)
+            buildId: $(AzDOBuildId)
+            artifactName: BuildManifests
       - task: DownloadBuildArtifacts@0
         displayName: Download Package Artifacts
         inputs:
@@ -135,11 +146,13 @@ stages:
           filePath: eng\common\enable-cross-org-publishing.ps1
           arguments: -token $(dn-bot-dnceng-artifact-feeds-rw)
 
+      # Signing validation will optionally work with the buildmanifest file which is downloaded from
+      # Azure DevOps above.
       - task: PowerShell@2
         displayName: Validate
         inputs:
           filePath: eng\common\sdk-task.ps1
-          arguments: -task SigningValidation -restore -msbuildEngine dotnet
+          arguments: -task SigningValidation -restore -msbuildEngine vs
             /p:PackageBasePath='$(Build.ArtifactStagingDirectory)/PackageArtifacts'
             /p:SignCheckExclusionsFile='$(Build.SourcesDirectory)/eng/SignCheckExclusionsFile.txt'
             ${{ parameters.signingValidationAdditionalParameters }}
diff --git a/src/Microsoft.DotNet.Arcade.Sdk/Microsoft.DotNet.Arcade.Sdk.csproj b/src/Microsoft.DotNet.Arcade.Sdk/Microsoft.DotNet.Arcade.Sdk.csproj
index 50ac43548a6..1cd126fe63b 100644
--- a/src/Microsoft.DotNet.Arcade.Sdk/Microsoft.DotNet.Arcade.Sdk.csproj
+++ b/src/Microsoft.DotNet.Arcade.Sdk/Microsoft.DotNet.Arcade.Sdk.csproj
@@ -12,7 +12,7 @@
     <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
 
     <Description>Common toolset for repositories</Description>
-    <PackageTags>Roslyn Build Repository Toolset MSBuild SDK</PackageTags>
+    <PackageTags>Arcade Build Repository Toolset MSBuild SDK</PackageTags>
     <DevelopmentDependency>true</DevelopmentDependency>
     <PackageType>MSBuildSdk</PackageType>
 
@@ -33,7 +33,7 @@
 
   <!-- Required for compiling "InstallDotNetCore.cs" -->
   <ItemGroup Condition="'$(DotNetBuildFromSource)' != 'true'">
-    <PackageReference Include="Microsoft.Bcl.Json.Sources" Version="$(MicrosoftBclJsonSourcesVersion)" PrivateAssets="All" />
+    <PackageReference Include="System.Text.Json" Version="$(SystemTextJsonVersion)" PrivateAssets="All" />
     <PackageReference Include="System.Buffers" Version="$(SystemBuffersVersion)" />
     <PackageReference Include="System.Memory" Version="$(SystemMemoryVersion)" />
     <PackageReference Include="System.Numerics.Vectors" Version="$(SystemNumericsVectorsVersion)" />
diff --git a/src/Microsoft.DotNet.Arcade.Sdk/tools/Publish.proj b/src/Microsoft.DotNet.Arcade.Sdk/tools/Publish.proj
index ff87aefcf04..a3e82238832 100644
--- a/src/Microsoft.DotNet.Arcade.Sdk/tools/Publish.proj
+++ b/src/Microsoft.DotNet.Arcade.Sdk/tools/Publish.proj
@@ -39,7 +39,7 @@
     <PublishDependsOnTargets Condition="$(PublishToSymbolServer)">$(PublishDependsOnTargets);PublishSymbols</PublishDependsOnTargets>
     <PublishDependsOnTargets Condition="$(PublishToSourceBuildStorage)">$(PublishDependsOnTargets);PublishToSourceBuildStorage</PublishDependsOnTargets>
     <PublishDependsOnTargets Condition="$(DotNetPublishUsingPipelines)">$(PublishDependsOnTargets);PublishToAzureDevOpsArtifacts</PublishDependsOnTargets>
-    <PublishDependsOnTargets>BeforePublish;$(PublishDependsOnTargets)</PublishDependsOnTargets>
+    <PublishDependsOnTargets>BeforePublish;GenerateBuildManifest;$(PublishDependsOnTargets)</PublishDependsOnTargets>
   </PropertyGroup>
 
   <Import Project="$(NuGetPackageRoot)microsoft.dotnet.build.tasks.feed\$(MicrosoftDotNetBuildTasksFeedVersion)\build\Microsoft.DotNet.Build.Tasks.Feed.targets"/>
@@ -238,4 +238,24 @@
                     Condition="$(PublishToSymbolServer)"/>
   </Target>
 
+  <PropertyGroup>
+    <AzureDevOpsBuildTasksAssembly Condition="'$(MSBuildRuntimeType)' != 'Core'">$(NuGetPackageRoot)Microsoft.DotNet.AzureDevOps.Build\$(ArcadeSdkVersion)\tools\net472\Microsoft.DotNet.AzureDevOps.Build.dll</AzureDevOpsBuildTasksAssembly>
+    <AzureDevOpsBuildTasksAssembly Condition="'$(MSBuildRuntimeType)' == 'Core'">$(NuGetPackageRoot)Microsoft.DotNet.AzureDevOps.Build\$(ArcadeSdkVersion)\tools\netcoreapp2.1\Microsoft.DotNet.AzureDevOps.Build.dll</AzureDevOpsBuildTasksAssembly>
+  </PropertyGroup>
+
+  <Import Project="Sign.props" />
+  <UsingTask TaskName="Microsoft.DotNet.AzureDevOps.Build.GenerateAzureDevOpsBuildManifest" AssemblyFile="$(AzureDevOpsBuildTasksAssembly)"/>
+
+  <Target Name="GenerateBuildManifest">
+    <GenerateAzureDevOpsBuildManifest
+      AzureDevOpsCollectionUri="$(SYSTEM_TEAMFOUNDATIONCOLLECTIONURI)"
+      AzureDevOpsProject="$(SYSTEM_TEAMPROJECT)"
+      AzureDevOpsBuildId="$(BUILD_BUILDID)"
+      ItemsToSign="@(ItemsToSign)"
+      StrongNameSignInfo="@(StrongNameSignInfo)"
+      FileSignInfo="@(FileSignInfo)"
+      FileExtensionSignInfo="@(FileExtensionSignInfo)"
+      ManifestPath="$(ArtifactsLogDir)/manifest.props" />
+  </Target>
+
 </Project>
diff --git a/src/Microsoft.DotNet.Arcade.Sdk/tools/SdkTasks/SigningValidation.proj b/src/Microsoft.DotNet.Arcade.Sdk/tools/SdkTasks/SigningValidation.proj
index e86f22ad477..d0f4f0d295d 100644
--- a/src/Microsoft.DotNet.Arcade.Sdk/tools/SdkTasks/SigningValidation.proj
+++ b/src/Microsoft.DotNet.Arcade.Sdk/tools/SdkTasks/SigningValidation.proj
@@ -14,45 +14,47 @@
       - EnableStrongNameCheck   : Whether strong name check should be performed.
   -->
 
+  <PropertyGroup>
+    <BuildManifestFile Condition="Exists('$(BUILD_ARTIFACTSTAGINGDIRECTORY)/BuildManifests/manifest.props')">$(BUILD_ARTIFACTSTAGINGDIRECTORY)/BuildManifests/manifest.props</BuildManifestFile>
+  </PropertyGroup>
+
+  <Import Condition="'$(BuildManifestFile)' == ''" Project="$(RepositoryEngineeringDir)Signing.props" />
+  <Import Condition="Exists('$(BuildManifestFile)')" Project="$(BuildManifestFile)" />
+
   <PropertyGroup>
     <TargetFramework>netcoreapp2.1</TargetFramework>
     <NETCORE_ENGINEERING_TELEMETRY>Build</NETCORE_ENGINEERING_TELEMETRY>
+    <SignCheckTaskAssembly>$(NuGetPackageRoot)Microsoft.DotNet.SignCheck\$(MicrosoftDotNetSignCheckVersion)\tools\Microsoft.DotNet.SignCheck.exe</SignCheckTaskAssembly>
   </PropertyGroup>
 
+  <UsingTask TaskName="SignCheck.SignCheckTask" AssemblyFile="$(SignCheckTaskAssembly)" />
+
   <Target Name="Execute">
     <PropertyGroup>
-      <SignCheckToolPath>$(NuGetPackageRoot)Microsoft.DotNet.SignCheck\$(MicrosoftDotNetSignCheckVersion)\tools\Microsoft.DotNet.SignCheck.exe</SignCheckToolPath>
-
       <SignCheckInputDir>$(PackageBasePath)</SignCheckInputDir>
       <SignCheckLog Condition="'$(SignCheckLog)' == ''">$(ArtifactsLogDir)\signcheck.log</SignCheckLog>
       <SignCheckErrorLog Condition="'$(SignCheckErrorLog)' == ''">$(ArtifactsLogDir)\signcheck.errors.log</SignCheckErrorLog>
+      <InputFiles Condition="'$(BuildManifestFile)' == ''">$(SignCheckInputDir)</InputFiles>
+      <InputFiles Condition="'$(BuildManifestFile)' != ''">@(ItemsToSign)</InputFiles>
     </PropertyGroup>
-    
-    <ItemGroup>
+
+    <Error Condition="'$(MSBuildRuntimeType)' == 'Core'" Text="Signing validation task does not run on core." />
+
+    <Message Text="Using build manifest file '$(BuildManifestFile)'" Condition="Exists('$(BuildManifestFile)')" />
       <!--
         Documentation for these arguments is available here:
         https://github.com/dotnet/arcade/tree/master/src/SignCheck
       -->
-      <SignCheckArgs Include="--recursive" />
-      <SignCheckArgs Include="--traverse-subfolders" />
-      <SignCheckArgs Include="--file-status AllFiles" />
-      <SignCheckArgs Include="--log-file $(SignCheckLog)" />
-      <SignCheckArgs Include="--error-log-file $(SignCheckErrorLog)" />
-      <SignCheckArgs Include="--input-files &quot;$(SignCheckInputDir)&quot;" />
-      
-      <SignCheckArgs Include="--exclusions-file &quot;$(SignCheckExclusionsFile)&quot;" Condition="'$(SignCheckExclusionsFile)' != '' and Exists($(SignCheckExclusionsFile))" />
-      <SignCheckArgs Include="--verify-jar" Condition="'$(EnableJarSigningCheck)' == 'true'" />
-      <SignCheckArgs Include="--verify-strongname" Condition="'$(EnableStrongNameCheck)' == 'true'" />
-    </ItemGroup>
-    
-    <!--
-      IgnoreExitCode='true' because the tool doesn't return '0' on success.
-    -->
-    <Exec 
-      Command="&quot;$(SignCheckToolPath)&quot; @(SignCheckArgs, ' ')"
-      IgnoreExitCode='true' 
-      ConsoleToMsBuild="false" 
-      StandardErrorImportance="high" />
+    <SignCheckTask 
+      Recursive="true"
+      FileStatus="AllFiles"
+      InputFiles="$(InputFiles)"
+      ExclusionsFile="$(SignCheckExclusionsFile)"
+      EnableJarSignatureVerification="$(EnableJarSigningCheck)"
+      VerifyStrongName="$(EnableStrongNameCheck)"
+      LogFile="$(SignCheckLog)"
+      ErrorLogFile="$(SignCheckErrorLog)"
+      ArtifactFolder="$(SignCheckInputDir)"/>
 
     <Error 
       Text="Signing validation failed. Check $(SignCheckErrorLog) for more information." 
@@ -61,7 +63,6 @@
     <Message
       Text="##vso[artifact.upload containerfolder=LogFiles;artifactname=LogFiles]{SignCheckErrorLog}"
       Condition="Exists($(SignCheckErrorLog)) and '$([System.IO.File]::ReadAllText($(SignCheckErrorLog)))' != ''" />
-    
   </Target>
 
   <ItemGroup>
diff --git a/src/Microsoft.DotNet.Arcade.Sdk/tools/Sign.proj b/src/Microsoft.DotNet.Arcade.Sdk/tools/Sign.proj
index 539570dfd47..6c09f050779 100644
--- a/src/Microsoft.DotNet.Arcade.Sdk/tools/Sign.proj
+++ b/src/Microsoft.DotNet.Arcade.Sdk/tools/Sign.proj
@@ -4,52 +4,7 @@
 
   <Import Project="$(NuGetPackageRoot)microsoft.dotnet.signtool\$(MicrosoftDotNetSignToolVersion)\build\Microsoft.DotNet.SignTool.props" />
 
-  <ItemGroup>
-    <!--
-      This is intended to hold information about the certificates used for signing.
-      For now the only information required is whether or not the certificate can be
-      used for signing already signed files - DualSigningAllowed==true.
-    -->
-    <CertificatesSignInfo Include="3PartyDual" DualSigningAllowed="true" />
-    <CertificatesSignInfo Include="3PartySHA2" DualSigningAllowed="true" />
-
-    <!-- List of container files that will be opened and checked for files that need to be signed. -->
-    <ItemsToSign Include="$(ArtifactsPackagesDir)**\*.nupkg" />
-    <ItemsToSign Include="$(VisualStudioSetupOutputPath)**\*.vsix" />
-    <ItemsToSign Include="$(VisualStudioBuildPackagesDir)**\*.nupkg" />
-
-    <!-- Default certificate/strong-name to be used for all files with PKT=="31bf3856ad364e35". -->
-    <StrongNameSignInfo Include="MsSharedLib72" PublicKeyToken="31bf3856ad364e35" CertificateName="Microsoft400" />
-    <StrongNameSignInfo Include="SilverlightCert121" PublicKeyToken="7cec85d7bea7798e" CertificateName="Microsoft400" />
-    <StrongNameSignInfo Include="StrongName" PublicKeyToken="b77a5c561934e089" CertificateName="Microsoft400" />
-    <StrongNameSignInfo Include="StrongName" PublicKeyToken="b03f5f7f11d50a3a" CertificateName="Microsoft400" />
-    <StrongNameSignInfo Include="$(MSBuildThisFileDirectory)snk\Open.snk" PublicKeyToken="cc7b13ffcd2ddd51" CertificateName="Microsoft400" />
-
-    <!--
-      Map of file extensions to default certificate name. Files with these extensions are
-      signed with the specified certificate. Particularly useful for files that don't have
-      a public key token.
-      The certificate can be overriden using the StrongNameSignInfo or the FileSignInfo item group.
-    -->
-    <FileExtensionSignInfo Include=".jar" CertificateName="MicrosoftJARSHA2" />
-    <FileExtensionSignInfo Include=".js;.ps1;.psd1;.psm1;.psc1;.py" CertificateName="Microsoft400" />
-    <FileExtensionSignInfo Include=".dll;.exe" CertificateName="Microsoft400" />
-    <FileExtensionSignInfo Include=".nupkg" CertificateName="NuGet" />
-    <FileExtensionSignInfo Include=".vsix" CertificateName="VsixSHA2" />
-    <FileExtensionSignInfo Include=".zip" CertificateName="None" />
-  </ItemGroup>
-
-  <PropertyGroup>
-    <!-- Control whether an empty ItemsToSign item group is allowed when calling SignToolTask. -->
-    <AllowEmptySignList>false</AllowEmptySignList>
-  </PropertyGroup>
-
-  <PropertyGroup>
-    <NETCORE_ENGINEERING_TELEMETRY>Signing</NETCORE_ENGINEERING_TELEMETRY>
-  </PropertyGroup>
-
-  <!-- Allow repository to customize signing configuration -->
-  <Import Project="$(RepositoryEngineeringDir)Signing.props" Condition="Exists('$(RepositoryEngineeringDir)Signing.props')" />
+  <Import Project="Sign.props" />
 
   <Target Name="Sign">
     <Error Text="The value of DotNetSignType is invalid: '$(DotNetSignType)'"
@@ -66,6 +21,9 @@
       <_DesktopMSBuildRequired Condition="'$(_DryRun)' != 'true' and '$(MSBuildRuntimeType)' == 'Core'">true</_DesktopMSBuildRequired>
     </PropertyGroup>
 
+    <Error Condition="'$(AllowEmptySignList)' != 'true' AND '@(ItemsToSign)' == ''" 
+           Text="List of files to sign is empty. Make sure that ItemsToSign is configured correctly." />
+
     <!-- We only need this if we are going to use the executable version. -->
     <Exec Command='"$(NuGetPackageRoot)vswhere\$(VSWhereVersion)\tools\vswhere.exe" -latest -prerelease -property installationPath -requires Microsoft.Component.MSBuild'
           ConsoleToMsBuild="true"
@@ -79,9 +37,6 @@
       <_DesktopMSBuildPath Condition="!Exists('$(_DesktopMSBuildPath)')">$(_VSInstallDir)\MSBuild\15.0\Bin\msbuild.exe</_DesktopMSBuildPath>
     </PropertyGroup>
 
-    <Error Condition="'$(AllowEmptySignList)' != 'true' AND '@(ItemsToSign)' == ''" 
-           Text="List of files to sign is empty. Make sure that ItemsToSign is configured correctly." />
-
     <Microsoft.DotNet.SignTool.SignToolTask
         DryRun="$(_DryRun)"
         TestSign="$(_TestSign)"
@@ -97,7 +52,5 @@
         MSBuildPath="$(_DesktopMSBuildPath)"
         SNBinaryPath="$(NuGetPackageRoot)sn\$(SNVersion)\sn.exe"
         MicroBuildCorePath="$(NuGetPackageRoot)microbuild.core\$(MicroBuildCoreVersion)"/>
-    
   </Target>
-
 </Project>
diff --git a/src/Microsoft.DotNet.Arcade.Sdk/tools/Sign.props b/src/Microsoft.DotNet.Arcade.Sdk/tools/Sign.props
new file mode 100644
index 00000000000..64c419aae1b
--- /dev/null
+++ b/src/Microsoft.DotNet.Arcade.Sdk/tools/Sign.props
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Licensed to the .NET Foundation under one or more agreements. The .NET Foundation licenses this file to you under the MIT license. See the LICENSE file in the project root for more information. -->
+<Project>
+  <ItemGroup>
+    <!--
+      This is intended to hold information about the certificates used for signing.
+      For now the only information required is whether or not the certificate can be
+      used for signing already signed files - DualSigningAllowed==true.
+    -->
+    <CertificatesSignInfo Include="3PartyDual" DualSigningAllowed="true" />
+    <CertificatesSignInfo Include="3PartySHA2" DualSigningAllowed="true" />
+
+    <!-- List of container files that will be opened and checked for files that need to be signed. -->
+    <ItemsToSign Include="$(ArtifactsPackagesDir)**\*.nupkg" />
+    <ItemsToSign Include="$(VisualStudioSetupOutputPath)**\*.vsix" />
+    <ItemsToSign Include="$(VisualStudioBuildPackagesDir)**\*.nupkg" />
+
+    <!-- Default certificate/strong-name to be used for all files with PKT=="31bf3856ad364e35". -->
+    <StrongNameSignInfo Include="MsSharedLib72" PublicKeyToken="31bf3856ad364e35" CertificateName="Microsoft400" />
+    <StrongNameSignInfo Include="SilverlightCert121" PublicKeyToken="7cec85d7bea7798e" CertificateName="Microsoft400" />
+    <StrongNameSignInfo Include="StrongName" PublicKeyToken="b77a5c561934e089" CertificateName="Microsoft400" />
+    <StrongNameSignInfo Include="StrongName" PublicKeyToken="b03f5f7f11d50a3a" CertificateName="Microsoft400" />
+    <StrongNameSignInfo Include="$(MSBuildThisFileDirectory)snk\Open.snk" PublicKeyToken="cc7b13ffcd2ddd51" CertificateName="Microsoft400" />
+
+    <!--
+      Map of file extensions to default certificate name. Files with these extensions are
+      signed with the specified certificate. Particularly useful for files that don't have
+      a public key token.
+      The certificate can be overriden using the StrongNameSignInfo or the FileSignInfo item group.
+    -->
+    <FileExtensionSignInfo Include=".jar" CertificateName="MicrosoftJARSHA2" />
+    <FileExtensionSignInfo Include=".js;.ps1;.psd1;.psm1;.psc1;.py" CertificateName="Microsoft400" />
+    <FileExtensionSignInfo Include=".dll;.exe" CertificateName="Microsoft400" />
+    <FileExtensionSignInfo Include=".nupkg" CertificateName="NuGet" />
+    <FileExtensionSignInfo Include=".vsix" CertificateName="VsixSHA2" />
+    <FileExtensionSignInfo Include=".zip" CertificateName="None" />
+  </ItemGroup>
+
+  <PropertyGroup>
+    <!-- Control whether an empty ItemsToSign item group is allowed when calling SignToolTask. -->
+    <AllowEmptySignList>false</AllowEmptySignList>
+
+    <NETCORE_ENGINEERING_TELEMETRY>Signing</NETCORE_ENGINEERING_TELEMETRY>
+  </PropertyGroup>
+
+  <!-- Allow repository to customize signing configuration -->
+  <Import Project="$(RepositoryEngineeringDir)Signing.props" Condition="Exists('$(RepositoryEngineeringDir)Signing.props')" />
+</Project>
diff --git a/src/Microsoft.DotNet.Arcade.Sdk/tools/Tools.proj b/src/Microsoft.DotNet.Arcade.Sdk/tools/Tools.proj
index 5837177c853..4835b23520a 100644
--- a/src/Microsoft.DotNet.Arcade.Sdk/tools/Tools.proj
+++ b/src/Microsoft.DotNet.Arcade.Sdk/tools/Tools.proj
@@ -26,6 +26,7 @@
     <PackageReference Include="MicroBuild.Core.Sentinel" Version="1.0.0" IsImplicitlyDefined="true" />
     <PackageReference Include="vswhere" Version="$(VSWhereVersion)" IsImplicitlyDefined="true" />
     <PackageReference Include="Microsoft.DotNet.Build.Tasks.Feed" Version="$(MicrosoftDotNetBuildTasksFeedVersion)" Condition="'$(Publish)' == 'true'" IsImplicitlyDefined="true" />
+    <PackageReference Include="Microsoft.DotNet.AzureDevOps.Build" Version="$(ArcadeSdkVersion)" Condition="'$(Publish)' == 'true'" IsImplicitlyDefined="true" />
     <PackageReference Include="Microsoft.DotNet.NuGetRepack.Tasks" Version="$(MicrosoftDotnetNuGetRepackTasksVersion)" Condition="'$(UsingToolNuGetRepack)' == 'true'" IsImplicitlyDefined="true" />
     <PackageReference Include="Microsoft.DotNet.SignTool" Version="$(MicrosoftDotNetSignToolVersion)" IsImplicitlyDefined="true" />
     <PackageReference Include="Microsoft.SymbolUploader.Build.Task" Version="$(MicrosoftSymbolUploaderBuildTaskVersion)" Condition="'$(PublishToSymbolServer)' == 'true'" IsImplicitlyDefined="true" />
diff --git a/src/Microsoft.DotNet.AzureDevOps.Build/Microsoft.DotNet.AzureDevOps.Build.csproj b/src/Microsoft.DotNet.AzureDevOps.Build/Microsoft.DotNet.AzureDevOps.Build.csproj
new file mode 100644
index 00000000000..d43a0b00180
--- /dev/null
+++ b/src/Microsoft.DotNet.AzureDevOps.Build/Microsoft.DotNet.AzureDevOps.Build.csproj
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFrameworks>netcoreapp2.1;net472</TargetFrameworks>
+    <SignAssembly>true</SignAssembly>
+
+    <Description>This package provides support for Azure DevOps builds</Description>
+    <DevelopmentDependency>true</DevelopmentDependency>
+    <PackageType>MSBuildSdk</PackageType>
+    <ExcludeFromSourceBuild>true</ExcludeFromSourceBuild>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.Build" Version="$(MicrosoftBuildVersion)" />
+    <PackageReference Include="Microsoft.Build.Tasks.Core" Version="$(MicrosoftBuildTasksCoreVersion)" />
+    <PackageReference Include="System.Net.Http" Version="$(SystemNetHttpVersion)" />
+    <PackageReference Include="System.Collections.Immutable" Version="$(SystemCollectionsImmutableVersion)" />
+    <PackageReference Include="System.Reflection.Metadata" Version="$(SystemReflectionMetadataVersion)" />
+  </ItemGroup>
+
+  <!-- Required for compiling "InstallDotNetCore.cs" -->
+  <ItemGroup Condition="'$(DotNetBuildFromSource)' != 'true'">
+    <PackageReference Include="System.Text.Json" Version="$(SystemTextJsonVersion)" PrivateAssets="All" />
+    <PackageReference Include="System.Buffers" Version="$(SystemBuffersVersion)" />
+    <PackageReference Include="System.Memory" Version="$(SystemMemoryVersion)" />
+    <PackageReference Include="System.Numerics.Vectors" Version="$(SystemNumericsVectorsVersion)" />
+    <PackageReference Include="System.Runtime.CompilerServices.Unsafe" Version="$(SystemRuntimeCompilerServicesUnsafeVersion)" />
+    <PackageReference Include="System.Threading.Tasks.Extensions" Version="$(SystemThreadingTasksExtensionVersion)" />
+  </ItemGroup>
+
+  <Import Project="$(RepoRoot)eng\BuildTask.targets" />
+</Project>
diff --git a/src/Microsoft.DotNet.AzureDevOps.Build/src/GenerateBuildManifest.cs b/src/Microsoft.DotNet.AzureDevOps.Build/src/GenerateBuildManifest.cs
new file mode 100644
index 00000000000..eeb83c925a5
--- /dev/null
+++ b/src/Microsoft.DotNet.AzureDevOps.Build/src/GenerateBuildManifest.cs
@@ -0,0 +1,62 @@
+using Microsoft.Build.Construction;
+using Microsoft.Build.Framework;
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace Microsoft.DotNet.AzureDevOps.Build
+{
+    public class GenerateAzureDevOpsBuildManifest : Microsoft.Build.Utilities.Task
+    {
+        [Required]
+        public string AzureDevOpsCollectionUri { get; set; }
+        [Required]
+        public string AzureDevOpsProject { get; set; }
+        [Required]
+        public int AzureDevOpsBuildId { get; set; }
+        [Required]
+        public string ManifestPath { get; set; }
+        public ITaskItem[] ItemsToSign { get; set; }
+        public ITaskItem[] StrongNameSignInfo { get; set; }
+        public ITaskItem[] FileSignInfo { get; set; }
+        public ITaskItem[] FileExtensionSignInfo { get; set; }
+        public override bool Execute()
+        {
+            ProjectRootElement project = ProjectRootElement.Create();
+            var propertyGroup = project.CreatePropertyGroupElement();
+            project.AppendChild(propertyGroup);
+            propertyGroup.AddProperty("AzureDevOpsCollectionUri", AzureDevOpsCollectionUri);
+            propertyGroup.AddProperty("AzureDevOpsProject", AzureDevOpsProject);
+            propertyGroup.AddProperty("AzureDevOpsBuildId", AzureDevOpsBuildId.ToString());
+            var itemGroup = project.CreateItemGroupElement();
+            project.AppendChild(itemGroup);
+            if (ItemsToSign != null)
+            {
+                foreach (var itemToSign in ItemsToSign)
+                {
+                    var filename = itemToSign.ItemSpec.Replace('\\', '/');
+                    {
+                        var metadata = itemToSign.CloneCustomMetadata() as Dictionary<string, string>;
+                        itemGroup.AddItem("ItemsToSign", Path.GetFileName(itemToSign.ItemSpec), metadata);
+                    }
+                }
+            }
+            foreach (var signInfo in StrongNameSignInfo)
+            {
+                itemGroup.AddItem("StrongNameSignInfo", Path.GetFileName(signInfo.ItemSpec), signInfo.CloneCustomMetadata() as Dictionary<string, string>);
+            }
+            foreach (var signInfo in FileSignInfo)
+            {
+                itemGroup.AddItem("FileSignInfo", signInfo.ItemSpec, signInfo.CloneCustomMetadata() as Dictionary<string, string>);
+            }
+            foreach (var signInfo in FileExtensionSignInfo)
+            {
+                itemGroup.AddItem("FileExtensionSignInfo", signInfo.ItemSpec, signInfo.CloneCustomMetadata() as Dictionary<string, string>);
+            }
+            project.Save(ManifestPath);
+            return true;
+        }
+    }
+}
diff --git a/src/SignCheck/SignCheck/Microsoft.DotNet.SignCheck.csproj b/src/SignCheck/SignCheck/Microsoft.DotNet.SignCheck.csproj
index 2fe835e63e6..10fde204ab2 100644
--- a/src/SignCheck/SignCheck/Microsoft.DotNet.SignCheck.csproj
+++ b/src/SignCheck/SignCheck/Microsoft.DotNet.SignCheck.csproj
@@ -23,6 +23,7 @@
 
   <ItemGroup>
     <PackageReference Include="CommandLineParser" Version="2.2.0" PrivateAssets="All" Publish="true" />
+    <PackageReference Include="Microsoft.Build.Utilities.Core" Version="16.4.0" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/SignCheck/SignCheck/SignCheck.cs b/src/SignCheck/SignCheck/SignCheck.cs
index c2787e35881..d29d19e91b1 100644
--- a/src/SignCheck/SignCheck/SignCheck.cs
+++ b/src/SignCheck/SignCheck/SignCheck.cs
@@ -188,7 +188,10 @@ private List<string> GetInputFilesFromOptions()
         {
             var inputFiles = new List<string>();
             var downloadFiles = new List<Uri>();
-
+            if (Options.InputFiles == null)
+            {
+                return inputFiles;
+            }
             foreach (string inputFile in Options.InputFiles)
             {
                 Uri uriResult;
@@ -287,7 +290,6 @@ private List<string> GetInputFilesFromOptions()
             {
                 inputFiles.Remove(Path.GetFullPath(Options.LogFile));
             }
-
             return inputFiles;
         }
 
@@ -369,7 +371,7 @@ public void GenerateExclusionsFile(StreamWriter writer, IEnumerable<SignatureVer
             }
         }
 
-        private int Run()
+        internal int Run()
         {
             try
             {
@@ -387,7 +389,7 @@ private int Run()
 
                 ResultDetails = Options.Verbosity > LogVerbosity.Normal ? DetailKeys.ResultKeysVerbose : DetailKeys.ResultKeysNormal;
 
-                if (InputFiles.Count() > 0)
+                if (InputFiles != null && InputFiles.Count() > 0)
                 {
                     DateTime startTime = DateTime.Now;
                     IEnumerable<SignatureVerificationResult> results = signatureVerificationManager.VerifyFiles(InputFiles);
diff --git a/src/SignCheck/SignCheck/SignCheckTask.cs b/src/SignCheck/SignCheck/SignCheckTask.cs
new file mode 100644
index 00000000000..0cf6980e6ed
--- /dev/null
+++ b/src/SignCheck/SignCheck/SignCheckTask.cs
@@ -0,0 +1,151 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+using Microsoft.Build.Framework;
+using Microsoft.SignCheck.Logging;
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+
+namespace SignCheck
+{
+    public class SignCheckTask : Microsoft.Build.Utilities.Task
+    {
+        public bool EnableJarSignatureVerification
+        {
+            get;
+            set;
+        }
+        public bool EnableXmlSignatureVerification
+        {
+            get;
+            set;
+        }
+        public string FileStatus
+        {
+            get;
+            set;
+        }
+
+        public string ExclusionsOutput
+        {
+            get;
+            set;
+        }
+
+        public bool SkipTimestamp
+        {
+            get;
+            set;
+        }
+        public bool Recursive
+        {
+            get;
+            set;
+        }
+        
+        public bool VerifyStrongName
+        {
+            get;
+            set;
+        }
+        public string ExclusionsFile
+        {
+            get;
+            set;
+        }
+        public ITaskItem[] InputFiles
+        {
+            get;
+            set;
+        }
+        [Required]
+        public string LogFile
+        {
+            get;
+            set;
+        }
+        [Required]
+        public string ErrorLogFile
+        {
+            get;
+            set;
+        }
+        public string Verbosity
+        {
+            get;
+            set;
+        }
+        public string ArtifactFolder
+        {
+            get;
+            set;
+        }
+
+        public override bool Execute()
+        {
+            Options options = new Options();
+            options.EnableJarSignatureVerification = EnableJarSignatureVerification;
+            options.EnableXmlSignatureVerification = EnableXmlSignatureVerification;
+            options.ExclusionsFile = ExclusionsFile;
+            options.ExclusionsOutput = ExclusionsOutput;
+            string[] filestatuses = FileStatus.Split(';', ',');
+            options.FileStatus = filestatuses;
+            options.Recursive = Recursive;
+            options.TraverseSubFolders = Recursive;
+            options.SkipTimestamp = SkipTimestamp;
+            options.VerifyStrongName = VerifyStrongName;
+            options.LogFile = LogFile;
+            options.ErrorLogFile = ErrorLogFile;
+
+            List<string> inputFiles = new List<string>();
+            if (InputFiles != null)
+            {
+                ArtifactFolder = ArtifactFolder ?? Environment.CurrentDirectory;
+                SearchOption fileSearchOptions = Recursive ? SearchOption.AllDirectories : SearchOption.TopDirectoryOnly;
+
+                foreach (var checkFile in InputFiles.Select(s => s.ItemSpec).ToArray())
+                {
+                    if (Path.IsPathRooted(checkFile))
+                    {
+                        inputFiles.Add(checkFile);
+                    }
+                    else
+                    {
+                        var matchedFiles = Directory.GetFiles(ArtifactFolder, checkFile, fileSearchOptions);
+
+                        if(matchedFiles.Length == 1)
+                        {
+                            inputFiles.Add(matchedFiles[0]);
+                        }
+                        else if(matchedFiles.Length == 0)
+                        {
+                            Log.LogError($"Unable to find file '{checkFile}' in folder '{ArtifactFolder}'.  Try specifying 'Recursive=true` to include subfolders");
+                        }
+                        else if (matchedFiles.Length > 1)
+                        {
+                            Log.LogError($"found multiple files matching pattern '{checkFile}'");
+                            foreach(var file in matchedFiles)
+                            {
+                                Log.LogError($" - {file}");
+                            }
+                        }
+                    }
+                }
+            }
+            options.InputFiles = inputFiles.ToArray();
+
+            if(Enum.TryParse<LogVerbosity>(Verbosity, out LogVerbosity verbosity))
+            {
+                options.Verbosity = verbosity;
+            }
+            
+            var sc = new SignCheck(new string[] { });
+            sc.Options = options;
+            int result = sc.Run();
+            return (result == 0 && !Log.HasLoggedErrors);
+        }
+    }
+}