diff --git a/tools/releaseBuild/yaml/releaseBuild.yml b/tools/releaseBuild/yaml/releaseBuild.yml
index fa6eeed..c6e22f6 100644
--- a/tools/releaseBuild/yaml/releaseBuild.yml
+++ b/tools/releaseBuild/yaml/releaseBuild.yml
@@ -1,10 +1,13 @@
 trigger: none
 
 variables:
-  AuthenticodeSignType: '400'
-  BuildConfiguration: 'Release'
-  NuGetPackagePath: '$(System.ArtifactsDirectory)/NuGetRelease'
-  PackageRoot: '$(System.ArtifactsDirectory)/Packages'
+  - name: BuildConfiguration
+    value: 'Release'
+  - name: NuGetPackagePath
+    value: '$(System.ArtifactsDirectory)/NuGetRelease'
+  - name: PackageRoot
+    value: '$(System.ArtifactsDirectory)/Packages'
+  - group: PSNativeAPIScan
 
 resources:
   repositories:
@@ -36,7 +39,11 @@ stages:
     - template: windows-build.yml
 
   - job: SignWin
-    pool: Package ES Standard Build
+    pool:
+      name: PowerShell1ES
+      demands:
+      - ImageOverride -equals MMS2019
+
     displayName: Sign Windows
     variables:
     - group: ESRP
@@ -84,7 +91,10 @@ stages:
     - SignWin
     - BuildLinux
     - BuildMac
-    pool: Package ES Standard Build
+    pool:
+      name: PowerShell1ES
+      demands:
+      - ImageOverride -equals MMS2019
     variables:
     - group: ESRP
 
@@ -97,7 +107,9 @@ stages:
   jobs:
   - job: Compliance_Job
     pool:
-      name: Package ES Standard Build
+      name: PowerShell1ES
+      demands:
+      - ImageOverride -equals MMS2019
     steps:
     - checkout: self
       clean: true
@@ -166,6 +178,7 @@ stages:
         softwareName: 'PowerShellNative'
         softwareNameFolder: '$(Pipeline.Workspace)/uncompressed'
         softwareVersion: '$(PackageVersion)'
+        connectionString: RunAs=App;AppId=$(APIScanClient);TenantId=$(APIScanTenant);AppKey=$(APIScanSecret)
         APIScan: true # set to false when not using Windows APIs.
 
 - template: publish.yml