Added PowerShell command for verifying signed binaries

windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md

@@ -103,12 +103,19 @@ When complete, the commands should output a signed policy file with a `.p7` exte
 
 ## Verify and deploy the signed policy
 
-You can use certutil.exe to verify the signed file. Review the output to confirm the signature algorithm and encoding for certificate fields, like 'subject common name' and 'issuer common name' as described in the Warning at the top of this article.
+You can use certutil.exe or PowerShell to verify the signed file. Review the output to confirm the signature algorithm as described in the Warning at the top of this article.
 
 ```powershell
 certutil.exe -asn <path to signed policy file>
 ```
 
+```powershell
+$CIPolicyBin = 'path to signed policy file'
+$SignedCryptoMsgSyntax = New-Object -TypeName System.Security.Cryptography.Pkcs.SignedCms
+$SignedCryptoMsgSyntax.Decode((Get-Content -LiteralPath $CIPolicyBin -AsByteStream -Raw))
+$SignedCryptoMsgSyntax.Certificates | Format-List -Property *
+```
+
 Thoroughly test the signed policy on a representative set of computers before proceeding with deployment. Be sure to reboot the test computers at least twice after applying the signed WDAC policy to ensure you don't encounter a boot failure.
 
 Once you've verified the signed policy, deploy it using your preferred deployment method. For more information about deploying policies, see [Deploying Windows Defender Application Control policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).