diff --git a/DevOpsPipelineDefinitions/publish-pipeline.yaml b/DevOpsPipelineDefinitions/publish-pipeline.yaml
index 0063b0fe9..457cd12c4 100644
--- a/DevOpsPipelineDefinitions/publish-pipeline.yaml
+++ b/DevOpsPipelineDefinitions/publish-pipeline.yaml
@@ -53,6 +53,7 @@ jobs:
     condition: succeeded()
     env:
       ValidationConnectionString: $(ValidationStorageAccountConnectionString)
+      ExecutionEnvironment: $(ExecutionEnvironment)
       CacheConnectionString: $(CacheStorageAccountConnectionString)
       PackagePublisher: $(PackagePublisher)
       DIApplicationInsightKey: $(DIApplicationInsightKey)
@@ -124,6 +125,7 @@ jobs:
     condition: succeeded()
     env:
       ValidationConnectionString: $(ValidationStorageAccountConnectionString)
+      ExecutionEnvironment: $(ExecutionEnvironment)
       CacheConnectionString: $(CacheStorageAccountConnectionString)
       DIApplicationInsightKey: $(DIApplicationInsightKey)
       WinGet:AppConfig:Primary: $(AppConfigPrimary)
diff --git a/DevOpsPipelineDefinitions/rebuild-pipeline.yaml b/DevOpsPipelineDefinitions/rebuild-pipeline.yaml
index 089db49a0..cfc2d267a 100644
--- a/DevOpsPipelineDefinitions/rebuild-pipeline.yaml
+++ b/DevOpsPipelineDefinitions/rebuild-pipeline.yaml
@@ -50,6 +50,7 @@ jobs:
     condition: succeeded()
     env:
       ValidationConnectionString: $(ValidationStorageAccountConnectionString)
+      ExecutionEnvironment: $(ExecutionEnvironment)
       PackagePublisher: $(PackagePublisher)
       SYSTEM_ACCESSTOKEN: $(System.AccessToken)
       DIApplicationInsightKey: $(DIApplicationInsightKey)
@@ -122,6 +123,7 @@ jobs:
     condition: succeeded()
     env:
       ValidationConnectionString: $(ValidationStorageAccountConnectionString)
+      ExecutionEnvironment: $(ExecutionEnvironment)
       CacheConnectionString: $(CacheStorageAccountConnectionString)
       DIApplicationInsightKey: $(DIApplicationInsightKey)
       AzureServicesAuthConnectionString: $(AzureServicesAuthConnectionString)
diff --git a/DevOpsPipelineDefinitions/validation-pipeline.yaml b/DevOpsPipelineDefinitions/validation-pipeline.yaml
index f9582803d..25ee0411a 100644
--- a/DevOpsPipelineDefinitions/validation-pipeline.yaml
+++ b/DevOpsPipelineDefinitions/validation-pipeline.yaml
@@ -36,7 +36,10 @@ jobs:
     env:
       HOST_KEY: $(AzureFunctionHostKey)
       SMART_SCREEN_ENDPOINT: $(AzFuncSmartScreenEndpoint)
+      DOMAIN_URLS_VALIDATION_ENDPOINT: $(AzFuncDomainUrlValEndpoint)
+      MANIFEST_POLICY_ENDPOINT: $(AzFuncManifestPolicyEndpoint)
       SCAN_ENDPOINT: $(AzFuncScanEndpoint)
+      INSTALLATION_ENDPOINT: $(AzFuncInstallationVerificationEndpoint)
       LABEL_ENDPOINT: $(AzFuncSetLabelOnPullRequestEndpoint)
       CLEANUP_ENDPOINT: $(AzFuncCleanupEndpoint)
       LABEL_KEY: $(AzureFunctionLabelKey)
@@ -50,6 +53,7 @@ jobs:
     condition: succeeded()
     env:
       ValidationConnectionString: $(ValidationStorageAccountConnectionString)
+      ExecutionEnvironment: $(ExecutionEnvironment)
       DIApplicationInsightKey: $(DIApplicationInsightKey)
       WinGet:AppConfig:Primary: $(AppConfigPrimary)
       WinGet:AppConfig:Secondary: $(AppConfigSecondary)
@@ -77,12 +81,13 @@ jobs:
   variables:
     HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
     SmartScreenEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.smartScreenEndpoint']]
-    ScanEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.scanEndpoint']]
+    DomainUrlValidationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.domainUrlValidationEndpoint']]
+    ManiestPolicyEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.manifestPolicyEndpoint']]
   steps:
 
   # Scans all the urls from manifest contents.
   - task: AzureFunction@1
-    displayName: 'Validation URLs in manifest files'
+    displayName: 'URLs Validation'
     inputs:
       function: '$(SmartScreenEndpointSecret)'
       key: '$(HostKeySecret)'
@@ -101,6 +106,62 @@ jobs:
         }
       waitForCompletion: "true"
 
+  # Domain url validations.
+  - task: AzureFunction@1
+    displayName: 'URL Domain validation'
+    inputs:
+      function: '$(DomainUrlValidationEndpointSecret)'
+      key: '$(HostKeySecret)'
+      body: |
+        {
+        "operationId": "$(Build.BuildNumber)",
+        "BuildId": "$(Build.BuildId)",
+        "PlanUrl": "$(system.CollectionUri)",
+        "HubName": "$(system.HostType)",
+        "ProjectId": "$(system.TeamProjectId)",
+        "PlanId": "$(system.PlanId)", 
+        "JobId": "$(system.JobId)", 
+        "TimelineId": "$(system.TimelineId)", 
+        "TaskInstanceId": "$(system.TaskInstanceId)",
+        "AuthToken": "$(system.AccessToken)"
+        }
+      waitForCompletion: "true"
+
+  # Manifest policy checks.
+  - task: AzureFunction@1
+    displayName: 'Manifest Policy Validation'
+    inputs:
+      function: '$(ManiestPolicyEndpointSecret)'
+      key: '$(HostKeySecret)'
+      body: |
+        {
+        "operationId": "$(Build.BuildNumber)",
+        "BuildId": "$(Build.BuildId)",
+        "PlanUrl": "$(system.CollectionUri)",
+        "HubName": "$(system.HostType)",
+        "ProjectId": "$(system.TeamProjectId)",
+        "PlanId": "$(system.PlanId)", 
+        "JobId": "$(system.JobId)", 
+        "TimelineId": "$(system.TimelineId)", 
+        "TaskInstanceId": "$(system.TaskInstanceId)",
+        "AuthToken": "$(system.AccessToken)"
+        }
+      waitForCompletion: "true"
+
+# Agentless phase. Depends on previous job.
+- job: 'InstallerValidation'
+  pool: server
+  displayName: 'Installer Validation'
+  timeoutInMinutes: 1500
+  dependsOn:
+    - 'FileValidation'
+    - 'ContentValidation'
+  variables:
+    HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
+    ScanEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.scanEndpoint']]
+    InstallationEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.installationEndpoint']]
+  steps:
+
   # Scan installers in manifests.
   - task: AzureFunction@1
     displayName: 'Installers Scan'
@@ -122,6 +183,27 @@ jobs:
         }
       waitForCompletion: "true"
 
+  # Validates installation.
+  - task: AzureFunction@1
+    displayName: 'Installation Validation'
+    inputs:
+      function: '$(InstallationEndpointSecret)'
+      key: '$(HostKeySecret)'
+      body: |
+        {
+        "operationId": "$(Build.BuildNumber)",
+        "BuildId": "$(Build.BuildId)",
+        "PlanUrl": "$(system.CollectionUri)",
+        "HubName": "$(system.HostType)",
+        "ProjectId": "$(system.TeamProjectId)",
+        "PlanId": "$(system.PlanId)", 
+        "JobId": "$(system.JobId)", 
+        "TimelineId": "$(system.TimelineId)", 
+        "TaskInstanceId": "$(system.TaskInstanceId)",
+        "AuthToken": "$(system.AccessToken)"
+        }
+      waitForCompletion: "true"
+
 # Agentless phase. Runs even if previous jobs failed. 
 - job: 'postvalidation'
   pool: server
@@ -129,6 +211,7 @@ jobs:
   dependsOn:
     - 'FileValidation'
     - 'ContentValidation'
+    - 'InstallerValidation'
   condition: succeededOrFailed()
   variables:
     HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
@@ -161,7 +244,7 @@ jobs:
         "PullRequestNumber": "$(System.PullRequest.PullRequestNumber)",
         }
       waitForCompletion: "true"
-      
+
   # Cleanup resources.
   - task: AzureFunction@1
     displayName: 'Validation cleanup'
@@ -181,4 +264,4 @@ jobs:
         "TaskInstanceId": "$(system.TaskInstanceId)",
         "AuthToken": "$(system.AccessToken)"
         }
-      waitForCompletion: "true"
\ No newline at end of file
+      waitForCompletion: "true"