Our company uses Windows 11 Pro, We currently have it so that nothing can be downloaded from Microsoft store via the GPO
Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update
Do not connect to any Windows Update Internet locations
The fear is that by disabling the above GPO, we will open ourselves to systems updating via Microsoft Servers for Windows Updates as well.
I know that Windows Enterprise Edition offers other ways of locking down Microsoft Store, but as I said, we use Windows 11 Pro in our organization.
I was thinking of using Applocker to block users from using Microsoft store... but that will not make up for the fact that we still need to disable the GPO state above that will allow windows update to communicate with microsoft servers.
So, I am wondering what others have done in this situation.
