Microsoft Lets Admins Uninstall Pre-installed Store Apps in Windows 11

Microsoft has expanded its Windows 11 in‑box app removal policy by adding a dynamic list that lets IT administrators select exactly which pre‑installed Microsoft Store applications can be uninstalled on managed devices. The update, delivered through the Policy CSP – DesktopAppInstaller configuration service provider, introduces a new "UninstallApps" setting that accepts a list of PackageFamilyName identifiers. The feature is available on Windows 11 version 22H2 and later, and can be deployed via Group Policy, Microsoft Intune’s Settings catalog, or directly through a Mobile Device Management (MDM) solution.

Admins can now host an XML or JSON file containing the desired app identifiers on any accessible web server and reference that file in the policy’s "Source" attribute. When a device boots, or when an admin triggers a policy refresh (for example, via gpupdate /force), the client fetches the list and applies the uninstallation to the specified apps. This dynamic approach eliminates the need to manually edit Group Policy objects for each app update and allows organizations to keep their removal list current without redeploying policies. Example identifiers include Microsoft.WindowsCalculator_8wekyb3d8bbwe, Microsoft.Photos_8wekyb3d8bbwe, and Microsoft.XboxApp_8wekyb3d8bbwe.

From a security perspective, the ability to strip out unused Store apps reduces the attack surface and mitigates the risk posed by known vulnerabilities in those components (for instance, CVE‑2024‑21338 affecting the Microsoft Photos app). By enforcing the principle of least privilege, organizations can better align with data‑minimization requirements such as GDPR, and they can target specific user groups with Azure Active Directory dynamic groups for granular control. Microsoft recommends testing removal in a pilot environment, as some in‑box apps serve as dependencies for broader Windows features.

The updated removal capability is now documented in the Microsoft Docs entry for Policy CSP – DesktopAppInstaller and is being rolled out to commercial tenants over the coming weeks. Security teams should review the new dynamic list option, assess which pre‑installed apps are non‑essential, and incorporate the configuration into their baseline hardening policies. Feedback can be submitted through the Windows Feedback Hub or via the official Microsoft support channels.