Thursday, 3 October 2024

Intune Blocking Store App and allow them updated

 Below configuration profile will help to block the store app 

Administrative Templates\Windows Components\Store

Turn off the Store application (User) and set Enabled


Administrative Templates\Start Menu and Taskbar

Do not allow pinning Store app to the Taskbar (User) and set Enabled


Regardless of how you are blocking or allowing the Microsoft Store, remembering that the store needs to be available to allow for apps from Microsoft Intune to be deployed, we should at least configure devices to allow for updates


Administrative Templates\Windows Components\Store

Allow apps from Microsoft app store to auto update


You can also use the remediation script to allow store app auto update


Detection Script


$Path = "HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore"

$Name = "AutoDownloaded"

$Value = 4


Try {

    $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name

    If ($Registry -eq $Value){

        Write-Output "Compliant"

        Exit 0

    } 

    Write-Warning "Not Compliant"

    Exit 1

Catch {

    Write-Warning "Not Compliant"

    Exit 1

}


Remediation Script


Write-Host "Required Auto Update"

$store = "HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore"

If (!(Test-Path $store)) {

    New-Item $store

}

Set-ItemProperty $store AutoDownloaded -Value 4


No comments:

Post a Comment

SCCM SQL Query Online device by Management Point

 SCCM SQL Query Online device by Management Point select srl.SiteCode, srl.ServerName, srl.InternetEnabled, srl.Shared, srl.SslState, SUM(br...