![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 72%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
not possible to create it like this when the AppStore is not present on the server where the GPO management runs.
Windows 11 24H2 Cannot block Microsoft Store - Ignoring GPO
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 90%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENG%3C/text%3E%3C/svg%3E)
Natalie Gastelaars
0
Reputation points
Finding that with the update to 24H2 the Microsoft Store is no longer being blocked via GPO or Intune policies. Has anyone else had this problem? How do we fix this?
Windows for business | Windows 365 Enterprise
2 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 37%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHM%3C/text%3E%3C/svg%3E)
Henry Mai 8,210 Reputation points Independent Advisor2025-09-23T05:18:46.65+00:00 Hello Natalie, I am Henry and I want to share my insight about your issue.
The traditional Group Policy setting "Turn off the Store application" (located under Computer Configuration > Administrative Templates > Windows Components > Store) has been deprecated by Microsoft and is no longer honored in version 24H2 and later. You can refer this document
You will see that the documentation confirms it is no longer effective starting in Windows 11, version 24H2, and it explicitly recommends using AppLocker or Windows Defender Application Control as the replacement. So my recommended method is to use an AppLocker "Deny" rule for o blocking the Microsoft Store in 24H2.
Prerequisite: AppLocker is available on Enterprise and Education editions of Windows.
- Create/Edit a GPO and link it to your target computer OU.
- Navigate to AppLocker: Computer Configuration > Policies > Windows Settings > Security Settings > Application Control Policies > AppLocker
- Enable Default Rules: If you are new to AppLocker, you must first create the default rules to prevent blocking essential system files. Right-click on Executable Rules and Packaged app Rules and select "Create Default Rules" for each.
- Create the Deny Rule for the Store:
- Right-click Packaged app Rules -> Create New Rule....
- On the "Permissions" page, select Deny.
- On the "Publisher" page, select "Use an installed packaged app as a reference", then click Select.
- Choose the Microsoft Store (Microsoft.WindowsStore) from the application list and click OK.
- Click Create.
- Enable the Application Identity Service:
- In the same GPO, go to ... > Security Settings > System Services.
- Find Application Identity, and set its startup mode to Automatic.
- After configuring the deny rule and the service, you can run gpupdate /force on a client machine and restart it to apply the policy
Official Documentation
- AppLocker Rule Creation: Create a rule for packaged apps
- Application Identity Service: Configure the Application Identity service
I hope you’ll give my recommendation a try and let me know how it goes and if this answer helps, feel free to hit “Accept Answer” so others can benefit too
-
tim_b_pbz 0 Reputation points2026-01-02T17:32:48.6433333+00:00 Our organization uses Microsoft Windows 11 Professional 24H2. I can successfully add an Applocker Packaged app Rule to Deny access to the MS Store. However if I want to create a Packaged app Rule to Allow access to the MS Store it does not allow a specific user or specific AD Security Group access to the MS Store. Is this a limitation of using Microsoft Windows 11 Professional vs Windows 11 Enterprise/Education?
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 92%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECH%3C/text%3E%3C/svg%3E)
Christian Hozee 0 Reputation points2026-04-28T11:55:26.5733333+00:00 @tim_b_pbz Did you find a solution for this?
Sign in to comment