Windows 10 Mobile must disable the Windows Store.

From Microsoft Windows 10 Mobile Security Technical Implementation Guide

Part of PP-MDF-201006

Associated with: CCI-000366 CCI-001806

SV-84335r1_rule Windows 10 Mobile must disable the Windows Store.

Vulnerability discussion

Forcing all applications to be installed from authorized application repositories can prevent unauthorized and malicious applications from being installed and executed on mobile devices. Allowing such installations and executions could cause a compromise of DoD data accessible by these unauthorized/malicious applications. A risk assessment for the download of apps from the Microsoft Store has not yet been completed by the DoD, and therefore, should not be accessed for the download of authorized non-managed apps (personal apps) at this time.SFR ID: FMT_SMF_EXT.1.1 #10a

Check content

Review Windows 10 Mobile configuration settings to determine if the Windows Store is accessible. If feasible, use a spare device to determine if the "Store" application is accessible. This validation procedure is performed on both the MDM administration console and the Windows 10 Mobile device. On the MDM administration console: 1. Display the policy that restricts the use of a Store application. 2. Verify that this policy is set to be disabled. On Windows 10 Mobile device: 1. From the Start page or on the Applications page (swipe to the left from the Start page), find the Store application icon. Note: The Store icon should appear dim. 2. Tap on the Store app to attempt to launch it. A message should be displayed: "App disabled. This app has been disabled by company policy. Contact your company's support person for help." If the MDM does not have a policy that disables the Store application or if the Windows Store app can be successfully launched, this is a finding.

Fix text

Configure an application control policy using an MDM for Windows 10 Mobile to disable the Store application. Deploy the policy to managed devices.

Pro Tips

Powered by sagemincer