Hello @SilvermanAlan-3521,
Thank you for posting here.
Here are the answers for your references.
1) Currently users will get the security updates when their log into their profiles, which is OK for the active profile, though we would like to get the updates out system-wide.
A1: Based on my knowledge and research, there is no such GPO to enforce Microsoft store security updates.
And I also have discussed with the WSUS engineers, they tell me WSUS pushes Windows Update, not Microsoft store APP updates.
For your request, I have read the link you provided above. I can see:
Get updates for apps and games in Microsoft Store
https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f
It seems the only to enforce Microsoft store security updates is via Windows Store and with user login.
2) If some users have installed vulnerable apps on a shared machine, then the apps that were installed on a profile which is not logged into are not updating and that machine is still flagged as vulnerable. We don't know how to update these "passive" profiles. Or we would be OK removing a profile after 30 days to remove the vulnerability -- but we don't know if there is a GPO way to accomplish this either.
A2: You can try the following GPO setting:
Computer Configuration\Administrative Templates\System\User Profiles\Delete user profiles older than a specified number days on system restart==>Enabled
Description:
This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days. Note: One day is interpreted as 24 hours after a specific user profile was accessed.
If you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that have not been used within the specified number of days.
Hope the information above is helpful.
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.