In this blog post, I will show you how to disable the Microsoft Store application on Windows 10/11 devices using Intune. To achieve this, you can use the “Turn off the Store application” setting from the Intune settings catalog. This setting effectively prevents direct access to Store apps.
When you configure this policy setting “Turn off the Store application” to disable Store apps, Users will still be able to access and Install Store apps from the Company Portal app and via Intune app management.
After you have disabled the MS Store via Intune, you can still use Microsoft Store apps (new) deployment to deploy store apps from the Intune admin center.
There are several other ways to disable or block Microsoft Store apps on Windows devices; I have discussed all the alternative methods in the blog post titled Disable/Block Microsoft Store in Windows: 7 Ways.
Important points about “Turn off the Store application” setting:
- Prevents users from directly accessing the store using Windows package manager
- Blocks random unmanaged Store app Installations by users on their devices.
If you use “Require Private Store Only” policy setting to disable Microsoft store, Store app will be blocked, but users can still utilize Winget APIs to Install apps on their devices. Therefore, don’t use Only display the private store policy setting to disable/block Microsoft Store on user’s devices.
Table of Contents
Steps to disable Microsoft Store apps using Intune
To disable the Microsoft Store application on your end user’s devices, you must set up a Device Configuration Profile in the Intune admin center. Here are the steps to do it:
- Login on Microsoft Intune admin center
- Go to Devices > Configuration profiles
- Click on + Create Profile
- Select Platform as Windows 10 and later
- Profile type: Settings Catalog
In the Basics tab, you’ll enter details about the device configuration profile, such as its Name and Description.
- Name – Disable Microsoft Store apps
- Description – Turn off Store apps for all users, including Winget Installs
Click on + Add settings and search for “Turn off store application.” Select the category “Administrative Templates\Windows Components\Store.” Select the setting “Turn off the Store application” to add it to the Configuration settings page.
Use the toggle next to the setting “Turn off the Store application” to enable this policy. If you hover your mouse over the (i) icon next to the setting name, you will find details about this setting below.
Denies or allows access to the Store application. If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates. If you disable or don’t configure this setting, access to the Store application is allowed.Turn off the Store application
I would also recommend configuring an additional setting for Allowing apps from Microsoft app store to auto-update. Click on + Add settings again and search “Microsoft app store“. In the list of settings, Select “Allow apps from the Microsoft app store to auto update“.
Use the drop-down menu next to the setting. Select Allowed. This will allow Microsoft Store apps deployed via Intune to be updated automatically (If the app supports it).
Specifies whether automatic update of apps from Microsoft Store are allowed. Most restricted value is 0.Allow apps from the Microsoft app store to auto update
You can assign this profile to an Entra security group, including users or devices. For a controlled deployment, it’s recommended to add devices to the group and target it. Once testing is successful and you want to apply the setting to all managed devices, you can also choose to + Add all devices.
Review + Create
On the “Review + Create” tab, review the device configuration profile settings, and then click “Create.”
Sync Intune Policies
The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart the Intune sync either from the device itself or remotely through the Intune admin center.
Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Another way to trigger the Intune device check-in process is by restarting the device.
Once this policy has been successfully applied to the end-user’s devices, any user attempting to launch the Microsoft Store application will encounter an error message stating “Microsoft Store is blocked.” Additionally, the error code “0x800704EC” will be displayed at the bottom of the window.
Failed to Install or Upgrade Microsoft Store package
After applying the ‘Turn off the Store application‘ policy to the target devices, the use of Winget will also be blocked. If you attempt to install any application using
winget, you will receive the following error message:
Failed to install or upgrade Microsoft Store package because Microsoft Store client is blocked by policy
What’s the OMA-URI setting to block the Microsoft Store?
Two OMA-URI settings can be used to block the Microsoft Store. One targets User Configuration, and the second one targets Computer configuration. Please find the settings below:
– RemoveWindowsStore_1 [User-based configuration]
– RemoveWindowsStore_2 [Machine-based configuration]
How do you Disable Microsoft Store apps using Registry?
Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore and create a DWORD registry entry called RemoveWindowsStore and set its value to 1 to disable it.
To enable it again, set the DWORD registry entry RemoveWindowsStore value to 0.
How do you find logs related to Intune Device configuration profile deployment?
To find the logs related to your Intune deployment, Open Event Viewer > Application and Services logs > Microsoft > Windows > Devicemanagement-Enterprise-Diagnostics-Provider > Admin folder.
Search for Event ID 813 or 814 and go through the logs to find the one related to this deployment.
How do you block the Microsoft Store using Group Policy?
You can also easily block Microsoft Store using Group policy using below steps:
1. Press Windows + R to open Run dialog box.
2. Type gpmc.msc and press Enter to open the Group policy management console.
3. Go to Computer Configuration > Administrative templates > Windows Components > Store
4. Select “Turn off the Store application” and Edit this setting.
5. Select Enabled to enable this setting and press OK.
When you Enable “Turn off the store application,” it also disables app updates from Microsoft Store. Ensure you disable the policy setting ” Turn off automatic download and install” as well. This will allow store apps to update, keeping access to Microsoft Store blocked.
Consider blocking access to the Microsoft Store in your company because it offers a wide range of non-productive apps. Additionally, using the Microsoft Store can complicate app management for your IT administrators.
Instead, it’s advisable to centralize app management through a platform like Microsoft Intune, which provides greater control. Furthermore, Microsoft has introduced a new app type in Microsoft Intune for improved app management, which is the Microsoft Store app (new).