CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

18.9.6.2 (L2) Ensure 'Block launching Universal Windows apps with Windows Runtime API access from hosted content.' is set to 'Enabled' (Scored)

ProfileApplicability:

 Level 2 (L2) - High Security/Sensitive Data Environment (limited functionality)

Description:

This policy setting controls whether Microsoft Store apps with Windows Runtime API access directly fromweb content can be launched.

The recommended state for this setting is: Enabled .

Rationale:

Blocking apps from the web with direct access to the Windows API can prevent malicious apps frombeing run on a system. Only system administrators should be installing approved applications.

Audit:

Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System: BlockHostedAppAccessWinRT

767 | P a g e