deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-18 08:17:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #7575 from scottmca/patch-2

Browse Source 
Update stop-employees-from-using-microsoft-store.md
This commit is contained in:
Stephanie Savell 2022-11-30 11:05:20 -06:00 committed by GitHub
commit 199474d64b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 41 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
windows/configuration/stop-employees-from-using-microsoft-store.md
View File

@ -8,59 +8,58 @@ author: lizgt2000
ms.author: lizlong
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 4/16/2018
ms.date: 11/29/2022
ms.collection: highpri
ms.technology: itpro-configure
---
# Configure access to Microsoft Store
**Applies to**
**Applies to:**
- Windows 10
> [!TIP]
> For more info about the features and functionality that are supported in each edition of Windows, see [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare).
IT pros can configure access to Microsoft Store for client computers in their organization. For some organizations, business policies require blocking access to Microsoft Store.
> [!Important]
> [!IMPORTANT]
> All executable code including Microsoft Store applications should have an update and maintenance plan. Organizations that use Microsoft Store applications should ensure that the applications can be updated through the Microsoft Store over the internet, through the [Private Store](/microsoft-store/distribute-apps-from-your-private-store), or [distributed offline](/microsoft-store/distribute-offline-apps) to keep the applications up to date.
## Options to configure access to Microsoft Store
You can use these tools to configure access to Microsoft Store: AppLocker or Group Policy. For Windows 10, this is only supported on Windows 10 Enterprise edition.
You can use either AppLocker or Group Policy to configure access to Microsoft Store. For Windows 10, configuring access to Microsoft Store is only supported on Windows 10 Enterprise edition.
## <a href="" id="block-store-applocker"></a>Block Microsoft Store using AppLocker
Applies to: Windows 10 Enterprise, Windows 10 Education
## Block Microsoft Store using AppLocker
Applies to: Windows 10 Enterprise, Windows 10 Education
AppLocker provides policy-based access control management for applications. You can block access to Microsoft Store app with AppLocker by creating a rule for packaged apps. You'll give the name of the Microsoft Store app as the packaged app that you want to block from client computers.
For more information on AppLocker, see [What is AppLocker?](/windows/device-security/applocker/what-is-applocker) For more information on creating an AppLocker rule for app packages, see [Create a rule for packaged apps](/windows/device-security/applocker/create-a-rule-for-packaged-apps).
**To block Microsoft Store using AppLocker**
**To block Microsoft Store using AppLocker:**
1. Type secpol in the search bar to find and start AppLocker.
1. Enter **`secpol`** in the search bar to find and start AppLocker.
2. In the console tree of the snap-in, click **Application Control Policies**, click **AppLocker**, and then click **Packaged app Rules**.
2. In the console tree of the snap-in, select **Application Control Policies**, select **AppLocker**, and then select **Packaged app Rules**.
3. On the **Action** menu, or by right-clicking on **Packaged app Rules**, click **Create New Rule**.
3. On the **Action** menu, or by right-clicking on **Packaged app Rules**, select **Create New Rule**.
4. On **Before You Begin**, click **Next**.
4. On **Before You Begin**, select **Next**.
5. On **Permissions**, select the action (allow or deny) and the user or group that the rule should apply to, and then click **Next**.
5. On **Permissions**, select the action (allow or deny) and the user or group that the rule should apply to, and then select **Next**.
6. On **Publisher**, you can select **Use an installed app package as a reference**, and then click **Select**.
6. On **Publisher**, you can select **Use an installed app package as a reference**, and then select **Select**.
7. On **Select applications**, find and click **Store** under **Applications** column, and then click **OK**. Click **Next**.
7. On **Select applications**, find and select **Store** under **Applications** column, and then select **OK**. Select **Next**.
[Create a rule for packaged apps](/windows/device-security/applocker/create-a-rule-for-packaged-apps) has more information on reference options and setting the scope on packaged app rules.
8. Optional: On **Exceptions**, specify conditions by which to exclude files from being affected by the rule. This allows you to add exceptions based on the same rule reference and rule scope as you set before. Click **Next**.
8. Optional: On **Exceptions**, specify conditions by which to exclude files from being affected by the rule. Conditions allow you to add exceptions based on the same rule reference and rule scope as you set before. Select **Next**.
## <a href="" id="block-store-csp"></a>Block Microsoft Store using configuration service provider
## Block Microsoft Store using configuration service provider
Applies to: Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education
@ -73,53 +72,51 @@ For more information, see [Configure an MDM provider](/microsoft-store/configure
For more information on the rules available via AppLocker on the different supported operating systems, see [Operating system requirements](/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker#operating-system-requirements).
> [!IMPORTANT]
> If you block access to the Store using CSP, you need to also configure [AllowAppStoreAutoUpdate](/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate) to enable in-box store apps to update while still blocking access to the store.
## <a href="" id="block-store-group-policy"></a>Block Microsoft Store using Group Policy
## Block Microsoft Store using Group Policy
Applies to: Windows 10 Enterprise, Windows 10 Education
Applies to: Windows 10 Enterprise, Windows 10 Education
> [!Note]
> [!NOTE]
> Not supported on Windows 10 Pro, starting with version 1511. For more info, see [Knowledge Base article #3135657](/troubleshoot/windows-client/group-policy/cannot-disable-microsoft-store).
You can also use Group Policy to manage access to Microsoft Store.
**To block Microsoft Store using Group Policy**
**To block Microsoft Store using Group Policy:**
1. Type gpedit in the search bar to find and start Group Policy Editor.
1. Enter **`gpedit`** in the search bar to find and start Group Policy Editor.
2. In the console tree of the snap-in, click **Computer Configuration**, click **Administrative Templates**, click **Windows Components**, and then click **Store**.
2. In the console tree of the snap-in, select **Computer Configuration**, select **Administrative Templates**, select **Windows Components**, and then select **Store**.
3. In the Setting pane, click **Turn off the Store application**, and then click **Edit policy setting**.
3. In the Setting pane, select **Turn off the Store application**, and then select **Edit policy setting**.
4. On the **Turn off the Store application** setting page, click **Enabled**, and then click **OK**.
4. On the **Turn off the Store application** setting page, select **Enabled**, and then select **OK**.
> [!Important]
> When you enable the policy to **Turn off the Store application**, it turns off app updates from the Microsoft Store. To allow store apps to update, disable the policy to **Turn off automatic download and install of Updates**. This configuration allows in-box store apps to update while still blocking access to the store.
> [!IMPORTANT]
> When you enable the policy to **Turn off the Store application**, it turns off app updates from the Microsoft Store. To allow store apps to update, disable the policy to **Turn off automatic download and install of Updates**. This policy is found under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Store**. This configuration allows in-box store apps to update while still blocking access to the store.
## Show private store only using Group Policy
Applies to Windows 10 Enterprise, Windows 10 Education
Applies to Windows 10 Enterprise, Windows 10 Education
If you're using Microsoft Store for Business and you want employees to only see apps you're managing in your private store, you can use Group Policy to show only the private store. Microsoft Store app will still be available, but employees can't view or purchase apps. Employees can view and install apps that the admin has added to your organization's private store.
**To show private store only in Microsoft Store app**
**To show private store only in Microsoft Store app:**
1. Type **gpedit** in the search bar, and then select **Edit group policy (Control panel)** to find and start Group Policy Editor.
1. Enter **`gpedit`** in the search bar, and then select **Edit group policy (Control panel)** to find and start Group Policy Editor.
2. In the console tree of the snap-in, go to **User Configuration** or **Computer Configuration** > **Administrative Templates** > **Windows Components**, and then click **Store**.
2. In the console tree of the snap-in, go to **User Configuration** or **Computer Configuration** > **Administrative Templates** > **Windows Components**, and then select **Store**.
3. Right-click **Only display the private store within the Microsoft Store app** in the right pane, and click **Edit**.
3. Right-click **Only display the private store within the Microsoft Store app** in the right pane, and select **Edit**.
This opens the **Only display the private store within the Microsoft Store app** policy settings.
The **Only display the private store within the Microsoft Store app** policy settings will open.
4. On the **Only display the private store within the Microsoft Store app** setting page, click **Enabled**, and then click **OK**.
4. On the **Only display the private store within the Microsoft Store app** setting page, select **Enabled**, and then select **OK**.
## Related topics
## Related articles
[Distribute apps using your private store](/microsoft-store/distribute-apps-from-your-private-store)
[Manage access to private store](/microsoft-store/manage-access-to-private-store)