Forum Discussion

AutoJuan's avatar
AutoJuan
Copper Contributor
Mar 26, 2021

Locking down the Microsoft Store

Hi Tech Community,   I am currently trying to find a way to lock down the Microsoft Store on our enterprise devices running Windows 10.   I am aware that we can redirect our users to use a curate...
RobinCM's avatar
RobinCM
Brass Contributor
Jul 14, 2022
It's a complete mess, the only way we found to lock the store down was using AppLocker.
You can add all the default Windows apps to a policy really easily if you install GPMC onto one of your endpoint devices and edit the policy from that.
The user experience isn't ideal - you just get an error message if you try and install a non-approved app, but it works and stops apps you haven't approved from being installed. I'm using this on Win11 but it'll work on Win10 too.
Make sure you have a policy entry to allow administrators to run any application.
    • RobinCM's avatar
      RobinCM
      Brass Contributor
      Jul 15, 2022

      Rudy_Ooms_MVP Blocking the store completely isn't an option due to the amount of Windows functionality that would never update if you did, and some manufacturers are delivering drivers and support software through the store, e.g. it seems to be the only way to get the Waves MaxxAudio driver. No Store = no audio functionality on your machine 😞

      It's a shame Microsoft have made such a mess of being able to manage it, this stuff has been possible on other platforms for a very long time, and was possible on Windows until fairly recently. It's bizarre that any product manager would think the current situation is acceptable for a release product used in business (i.e Windows Pro/Enterprise).

      • Rudy_Ooms_MVP's avatar
        Rudy_Ooms_MVP
        MVP
        Jul 19, 2022
        🙂 ... I guess you misread the article.. as I am not advising the block/remove the store at all... but just limiting it with the use of applocker and packaged app rules 🙂

Resources