Administrators have one less weapon in their battle against shadow IT.
One method of discouraging the use of unauthorized applications on Windows 10 is to block access to the Windows Store, the operating system’s built-in app marketplace. As some IT pros are now discovering, that tactic is no longer an option.
Microsoft quietly disabled a Group Policy setting that allowed administrators to disable Windows Store on systems with Windows 10 Pro that are upgraded to version 1511 of the OS. “After the upgrade, you notice that the following Group Policy settings to disable Windows Store are not applied, and you cannot disable Windows Store,” stated Microsoft in an online support document.
“This behavior is by design. In Windows 10 version 1511, these policies are applicable to users of the Enterprise and Education editions only,” continued the company, indicating that the software giant is reserving the feature for its corporate customers.
The company’s small and midsize business (SMB)users, on the other hand, may feel the effects of the change.
For many SMBs, the Pro edition is a step up from Windows 10 Home, containing several business-oriented management and security features that are not included with the version of the OS for households. For example, Pro offers Group Policy Management, Enterprise Mode Internet Explorer and Remote Desktop, among several other features not available on Windows 10 Home.
Now that Windows 10 Pro lacks the Windows Store-blocking functionality, the OS places SMBs at greater risk of users obtaining and using unsanctioned software and cloud services, setting the stage for data leaks and compliance violations. It’s a practice called shadow IT, and it’s one of the data issues keeping IT security pros up at night.
A recent report from the Ponemon Institute, Scale Venture Partners and Informatica, predicts that over the next three to five years, shadow IT and the consumerization of IT will be among the top challenges that security professionals will find themselves grappling with, along with craftier attackers.
Meanwhile, the Window Store-related announcement hints at one of the possible motivations for the change.
Microsoft has opened the floodgates to volume purchases on the Windows Store for Business, the company said on May 5. Windows Store for Business provides administrators with a Web-based portal they can use to find, purchase, deploy and manage Windows 10 apps.
“Starting today, developers from supported countries/regions can sell paid apps in volume through Windows Store for Business,” wrote the company’s Windows Apps team in a blog post. “Organizations can purchase your apps in volume with credit cards. Additional purchase options are planned for future releases, including invoicing, volume discounts and organizational in-app purchases.”
As Microsoft pointed out in the post, SMB software purchases can add up to big business for developers. The company estimates that each year, SMBs spend $70 billion on desktop software.