Forum Discussion
Public store apps can still be installed although only private store is allowed
Today, it seems like the above scenario is a "bit" fixed... But, you still see the apps, but you can't install them anymore.
However....
If you go to store.microsoft.com, search for an app you had installed with another account which is added on your machine, you still can install it... BAM WHAT :D
Now I can still install a Network Port scanner, Kali Linux, Metaploit within a corporate environment where only the PrivateStore should be allowed... Seem a security flaw to me...
I would generally recommend blocking users from adding Microsoft accounts in addition to enabling the Private store restriction, due to the exact reasons you've mentioned. I imagine there are some scenarios where it's not possible to block users from adding microsoft account's, but if you can do it than it can make life easier. There's a handy policy in the Policy CSP specifically for this called "AllowMicrosoftAccountConnection" (https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts), but I imagine there's a group policy equivalent as well.
Hi Grant,
Thanks for you reply, but we are blocking users from adding private Microsoft Accounts. The problem is, they can still add the account to for example the Mail app on windows 10. From that moment, the user has access to install all apps he installed with his personal microsoft account, even if the only the private store is open. This is since the 1803 release, since this build now has the "my library" navigation option in the store app.
Just wondering if you found any answers to your initial question Matthias_VDB ?
I'm trying to figure out if this is happening on our machines too
