Configure access to Microsoft Store
- Windows 10
For more info about the features and functionality that are supported in each edition of Windows, see Compare Windows 10 Editions.
IT pros can configure access to Microsoft Store for client computers in their organization. For some organizations, business policies require blocking access to Microsoft Store.
All executable code including Microsoft Store applications should have an update and maintenance plan. Organizations that use Microsoft Store applications should ensure that the applications can be updated through the Microsoft Store over the internet, through the Private Store, or distributed offline to keep the applications up to date.
Options to configure access to Microsoft Store
You can use either AppLocker or Group Policy to configure access to Microsoft Store. For Windows 10, configuring access to Microsoft Store is only supported on Windows 10 Enterprise edition.
Block Microsoft Store using AppLocker
Applies to: Windows 10 Enterprise, Windows 10 Education
AppLocker provides policy-based access control management for applications. You can block access to Microsoft Store app with AppLocker by creating a rule for packaged apps. You'll give the name of the Microsoft Store app as the packaged app that you want to block from client computers.
For more information on AppLocker, see What is AppLocker? For more information on creating an AppLocker rule for app packages, see Create a rule for packaged apps.
To block Microsoft Store using AppLocker:
secpolin the search bar to find and start AppLocker.
In the console tree of the snap-in, select Application Control Policies, select AppLocker, and then select Packaged app Rules.
On the Action menu, or by right-clicking on Packaged app Rules, select Create New Rule.
On Before You Begin, select Next.
On Permissions, select the action (allow or deny) and the user or group that the rule should apply to, and then select Next.
On Publisher, you can select Use an installed app package as a reference, and then select Select.
On Select applications, find and select Store under Applications column, and then select OK. Select Next.
Create a rule for packaged apps has more information on reference options and setting the scope on packaged app rules.
Optional: On Exceptions, specify conditions by which to exclude files from being affected by the rule. Conditions allow you to add exceptions based on the same rule reference and rule scope as you set before. Select Next.
Block Microsoft Store using configuration service provider
Applies to: Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education
If you have Windows 10 devices in your organization that are managed using a mobile device management (MDM) system, such as Microsoft Intune, you can block access to Microsoft Store app using the following configuration service providers (CSPs):
For more information, see Configure an MDM provider.
For more information on the rules available via AppLocker on the different supported operating systems, see Operating system requirements.
If you block access to the Store using CSP, you need to also configure AllowAppStoreAutoUpdate to enable in-box store apps to update while still blocking access to the store.
Block Microsoft Store using Group Policy
Applies to: Windows 10 Enterprise, Windows 10 Education
Not supported on Windows 10 Pro, starting with version 1511. For more info, see Knowledge Base article #3135657.
You can also use Group Policy to manage access to Microsoft Store.
To block Microsoft Store using Group Policy:
gpeditin the search bar to find and start Group Policy Editor.
In the console tree of the snap-in, select Computer Configuration, select Administrative Templates, select Windows Components, and then select Store.
In the Setting pane, select Turn off the Store application, and then select Edit policy setting.
On the Turn off the Store application setting page, select Enabled, and then select OK.
When you enable the policy to Turn off the Store application, it turns off app updates from the Microsoft Store. To allow store apps to update, disable the policy to Turn off automatic download and install of Updates. This policy is found under Computer Configuration > Administrative Templates > Windows Components > Store. This configuration allows in-box store apps to update while still blocking access to the store.
Show private store only using Group Policy
Applies to Windows 10 Enterprise, Windows 10 Education
If you're using Microsoft Store for Business and you want employees to only see apps you're managing in your private store, you can use Group Policy to show only the private store. Microsoft Store app will still be available, but employees can't view or purchase apps. Employees can view and install apps that the admin has added to your organization's private store.
To show private store only in Microsoft Store app:
gpeditin the search bar, and then select Edit group policy (Control panel) to find and start Group Policy Editor.
In the console tree of the snap-in, go to User Configuration or Computer Configuration > Administrative Templates > Windows Components, and then select Store.
Right-click Only display the private store within the Microsoft Store app in the right pane, and select Edit.
The Only display the private store within the Microsoft Store app policy settings will open.
On the Only display the private store within the Microsoft Store app setting page, select Enabled, and then select OK.
Distribute apps using your private store
Submit and view feedback for