We’re sharing the following advisory orginally provided to our MECM Escalation Support clients for other community members hoping to proactively whitelist the Microsoft Store API Endpoints. Firms without Conditional Access, or CSP Licensing, can ignore this communication.
Whitelisting the MS Store API Endpoints
As a Kraft Kennedy MECM Escalation Support client we wanted to make you aware that recently Microsoft updated part of a KB where they now recommend whitelisting the MS Universal Store API when using Conditional Access. This is the API endpoints talk to when checking out CSP licenses via the firms tenant. Setting this will help, or solve, the situation we have seen where users are prompted to fix a work or school account problem, which in our experience most users ignore.
https://docs.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation
User Error
API White ListingĀ
- Access Azure AD at portal.azure.com
From the lefthand menu select Security then Conditional Access
Select a policy to edit – **Note this should be done for all policies**
- Select the Cloud apps or actions section
- Select to Exclude
- Type in Universal Store
- Select Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa4
- Save Changes!
Firms without Conditional Access, or CSP Licensing, can ignore this communication. For those that do leverage those technologies let us know if you would like Kraft Kennedy to help set the above recommendation from Microsoft.
For assistance from the Kraft Kennedy team, pleaseĀ contact us.