SOLVED

RequirePrivateStoreOnly for Windows professional

Contributor

Hello,

 

We are working on Autopilot and I would like to authorize only the private microsoft Store. Not the public one. To all users.

I see that : https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#appl...

 

But it seems no to work with windows Professional.

Do you know if there is a method to do it for a Windows professional please?

10 Replies
Hi Michaël,

You can remove or disable the whole Microsoft Store on the device.

Within Intune you setup a connector to synchronize the store for business apps.
You can find the connector section and Microsoft instructions under tenant administration.

Purchase the company portal and set this application as required for all devices.

All other apps you purchased in store for business will also be synchronized to Intune.
Assign these application as optional (user or device group)

The users can only install store applications that you’ve allowed.

Kind regards,

René
best response confirmed by Michaël Oliveri (Contributor)
Solution
Hi,

I did a blog on this subject some time ago. Please beware, removing the whole store or limiting access could give you some problems when modern apps need updates! And of course the Microsoft store is also responsible for some driver updates like I explain in another blog..

I hopes these 2 blogs help you

https://call4cloud.nl/2020/06/managing-apps-in-the-microsoft-store/

https://call4cloud.nl/2021/06/those-magnificent-drivers-in-their-flying-microsoft-store-or-how-i-fle...

Thanks for your help to both of you.

 

@Mr_Helaas, I understand your solution. I didn't know that I can completly block the store.

 

@Rudy_Ooms, thanks for your links. I read and I see how to block the store. Didn't try yet.

In what I understood the unique solution is to block completly the store and use the method of @Mr_Helaas . But in this cas I could have problem with drivers? They will not update?

 

It depends on which option you choose to block it and how you block it. If you block it user mode.. When only the user is blocked, the device should still be able to get the updates and update the modern apps
Ok. So the better is to apply this : 3.Preventing access to the whole Microsoft App Store
And to assign to all users and not all devices?

@Michaël Oliveri you have to select an user setting type in setting catalog under configuration profiles.

 

As @Rudy_Ooms mentioned in his blog Me and Earl and the Microsoft Store Apps - Restricting the Microsoft Store (call4cloud.nl)

 

After you selected the correct config you can assign these policy to all users or all device, but I prefer the users assignment. The assignment has nothing to do with the policy but only where to apply. 

 

Kind regards,

Rene

Can't agree more Rene... Guess I need to explain that one maybe a little bit more in the blog

Thanks again to both of you.


I have create the Administrative template profile with the user settings (not computer settings) and assign it to all users.
For the moment it's not arrive on the device so I can't test. It could be long Intune...

 

I mark the Rudy's answer as the best answers because of the blog links but your answers are complementary.

 

I think your blog is clear but I just begin to manage computer in Intune and before Autopilot I was not working on the manage of Windows computer. So some things are not clear for me and English is not my native language. ;)

After my tests.
The solution "3.Preventing access to the whole Microsoft App Store" is not working on windows Professionnel. So I used the applocker solution (2. Limit Applications) and it works.
Hi,

Nice to hear! I totally forgot to add that part to option 3.. Just added it!