MicrosoftJohn_Merritt I reckon you could use a combination of enabling "Block Microsoft Store using Group Policy" and disabling "Turn off automatic download and install of Updates" to achieve the outcome. The latter policy allowing inbox UWP apps to update. Testing recommended first though of course 😉
https://learn.microsoft.com/en-us/windows/configuration/stop-employees-from-using-microsoft-store#block-microsoft-store-using-group-policy
We still have our old "Show private store only using Group Policy" policy enabled which effectively achieves the same outcome. Users can't install public apps, private store is blocked and Intune-assigned apps can be installed via the Company Portal.
We should go through the adventure of completely blocking the store to prevent user confusion... but there are bigger fish to fry at the moment.
