Microsoft Store Config

[superko84]

Hi James, first of all, thanks for your great work with the baselines! I am currently reviewing and implementing them. I do have two suggestions regarding Micrsoft Store baseline.

Setting Allow All Trusted Apps - set to "Explicit Deny" - to prevent installation of non-microsoft store apps
Setting Block Non Admin User Install set to "Allow" - to actually block the installation of downloaded appx packages

I tested the setting Block Non Admin User Install and its actually blocking, when set to Allow and it is not blocking when set to Block :) The wording in this case can be very misleading.

Keep up the great work! Thanks

Lubomir

[SkipToTheEndpoint]

Hey there @superko84!

Thanks for the input, and indeed, this is a case of horrible double-negative wording scattered across some policies.
I'm currently working on v3.1 and have made the above changes in-line with how those settings should be set.

Appreciate you flagging it!

[SkipToTheEndpoint]

This has been fixed as of #6
Thanks for your input!

[mtengmo]

Setting Allow All Trusted Apps - set to "Explicit Deny" - to prevent installation of non-microsoft store apps

This breaks installation of .msixbundle pushed from intune via a script:
Add-AppPackage -path ".\appname.msixbundle"