Re: RE: Welcome to the Windows 10 deployment AMA!

Occasional Contributor

Great to see some familiar faces up there. Here is my first question.


In the scenario where an Enterprise wishes to disable the Windows Store on Windows 10 (1607), how does Microsoft recommend their customers to keep the built-in apps updated without opening the floodgates of patches and updates from Windows Update?

2 Replies
Hey Dan - so, in 8.1 we made a change such that if you disabled the store for users rather than for computers then you'd still get updates. It may be the case that in-box apps will update on Windows 10 no matter what (that's what we've heard), but alas none of us in the room can verify from experience and I for one hate claiming that something is true without seeing it happen before my eyes. Sounds like a good experiment to conduct! The other consideration is to look at Windows Store for Business for controlling access to just the Windows Store apps you specifically approve, so it's not just "in box and nothing else" or "in box and everything else" but instead "in box and stuff I specifically choose".

Hi Chris,

Thanks for the reply. I've asked this question a number of times and there doesn't seem to be a simple answer to do what I am trying to do. There must be other orgs out there wanting the same behaviour.


1. Prevent users from using the Windows Store (GPO)

2. Ensure all built-in apps are secure, and updated.


The updates for these apps are not downloadable, and therefore not packagable (to deploy via SCCM).


I fear turning on Windows Update for fear of downloading all updates, security updates and other app updates without our control and testing prior. You response to disable for users is correct, it works. But I am not able to "select" what updates are coming down the pipe from WU.


Would you guys mind taking this one away and testing? Our Win10 deployment is fast approaching and this problem has yet to be solved. I can inform my TAM and PM if necessary?


Much appreciated.