• Insights

Whitelisting the MS Store API Endpoints

Clinton Gates

< 1 min read

All Insights

We’re sharing the following advisory orginally provided to our MECM Escalation Support clients for other community members hoping to proactively whitelist the Microsoft Store API Endpoints. Firms without Conditional Access, or CSP Licensing, can ignore this communication.

Whitelisting the MS Store API Endpoints

As a Kraft Kennedy MECM Escalation Support client we wanted to make you aware that recently Microsoft updated part of a KB where they now recommend whitelisting the MS Universal Store API when using Conditional Access. This is the API endpoints talk to when checking out CSP licenses via the firms tenant. Setting this will help, or solve, the situation we have seen where users are prompted to fix a work or school account problem, which in our experience most users ignore.

 

https://docs.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation

User Error
User Error
API White Listing 
  • Access Azure AD at portal.azure.com

From the lefthand menu select Security then Conditional Access

Security Getting Started

Select a policy to edit – **Note this should be done for all policies**

Conditional Access

  • Select the Cloud apps or actions section
  • Select to Exclude
  • Type in Universal Store
  • Select Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa4
  • Save Changes!

Baseline MFAFirms without Conditional Access, or CSP Licensing, can ignore this communication. For those that do leverage those technologies let us know if you would like Kraft Kennedy to help set the above recommendation from Microsoft.

For assistance from the Kraft Kennedy team, please contact us.