diff --git a/actions/ql/lib/change-notes/2025-05-01-microsoft-trusted-actions-publishers.md b/actions/ql/lib/change-notes/2025-05-01-microsoft-trusted-actions-publishers.md
new file mode 100644
index 000000000000..c9fa4c7a64ea
--- /dev/null
+++ b/actions/ql/lib/change-notes/2025-05-01-microsoft-trusted-actions-publishers.md
@@ -0,0 +1,3 @@
+### Minor Analysis Improvements
+
+* Added trust for Microsoft owned GitHub Actions publishers `microsoft`,`azure`, and `NuGet` to the default `trustedActionsOwnerDataModel` extensible predicate model used by the `actions/unpinned-tag` query.
diff --git a/actions/ql/lib/ext/config/trusted_actions_owner.yml b/actions/ql/lib/ext/config/trusted_actions_owner.yml
index 676c931e50cf..7c503d739f02 100644
--- a/actions/ql/lib/ext/config/trusted_actions_owner.yml
+++ b/actions/ql/lib/ext/config/trusted_actions_owner.yml
@@ -6,3 +6,6 @@ extensions:
       - ["actions"]
       - ["github"]
       - ["advanced-security"]
+      - ["microsoft"]
+      - ["azure"]
+      - ["NuGet"]