How are companies curating the Windows Store?

Plichta, Mike 81 Reputation points
2023-06-30T20:47:54.3166667+00:00

We spend a lot of resources ensuring that only approved software is installed on computers. The Windows Store For Business allowed for controlled way to curate what was shown in the Store. Now that it's gone, we have to turn it off completely or create AppLocker rules to Whitelist every install. How is everyone else handling random software installations?

Using AppLocker is not ideal for these reasons.

  1. Customers see the whole store, select an app they want only then find out it's blocked. The Store for business showed only apps that were approved resulting in a better experience.
  2. AppLocker rules are primarily made by scanning existing packages to white list them. This means we have to configure a separate policy for the one computer with an unrestricted store which also has access to Group Policy to create new rules. Installing appx packages on a server just to make a rule is not ideal. Even using Endpoint.Microsoft.com you first have to make the rule in GP then export it to Intune. Our firewall rules block access to group policy RSAT tools from workstations as part of recommended security policy.

I suspect that this functionality isn't being overlooked, it's more that Microsoft wants everyone to have unrestricted access to the Store so is not providing controls.

We currently have the Store disabled altogether, but we are finding more apps that are only published to it. MS recently required all Office add-ons to be put into the O365 Store so I wouldn't be surprised if they are putting pressure on vendors to use Store distribution only.

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,964 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,976 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
10,445 questions
Microsoft Intune Application management
Microsoft Intune Application management
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Application management: The process of creating, configuring, managing, and monitoring applications.
972 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Rahul Jindal [MVP] 10,601 Reputation points MVP
    2023-06-30T22:38:32.25+00:00

    The Microsoft store for business is being replaced by the new store which is integrated with Microsoft Intune. How are you managing your devices right now?


  2. Pavel yannara Mirochnitchenko 12,691 Reputation points MVP
    2023-07-03T06:22:57.0433333+00:00

    First, never uninstall Store app from Windows Clients.

    You should limit users ability to not be able to install software from Store, but same time distribute needed apps from Intune New Store integration.

    Other random app installation will require admin rights, so don't give admin rights to users. Also applocker is useless if your user have admin rights.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.