Below configuration profile will help to block the store app
Administrative Templates\Windows Components\Store
Turn off the Store application (User) and set Enabled
Administrative Templates\Start Menu and Taskbar
Do not allow pinning Store app to the Taskbar (User) and set Enabled
Regardless of how you are blocking or allowing the Microsoft Store, remembering that the store needs to be available to allow for apps from Microsoft Intune to be deployed, we should at least configure devices to allow for updates
Administrative Templates\Windows Components\Store
Allow apps from Microsoft app store to auto update
You can also use the remediation script to allow store app auto update
Detection Script
$Path = "HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore"
$Name = "AutoDownloaded"
$Value = 4
Try {
$Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name
If ($Registry -eq $Value){
Write-Output "Compliant"
Exit 0
}
Write-Warning "Not Compliant"
Exit 1
}
Catch {
Write-Warning "Not Compliant"
Exit 1
}
Remediation Script
Write-Host "Required Auto Update"
$store = "HKLM:\SOFTWARE\Policies\Microsoft\WindowsStore"
If (!(Test-Path $store)) {
New-Item $store
}
Set-ItemProperty $store AutoDownloaded -Value 4
No comments:
Post a Comment