Information
This policy setting controls whether Windows Package Manager validates the Microsoft Store certificate hash to match a known Microsoft Store certificate when it initiates a connection to the Microsoft Store source.
The recommended state for this setting is: Disabled
It is important to validate that the Microsoft Store source is not spoofed.
Solution
To establish the recommended configuration via GP, set the following UI path to Disabled :
Computer Configuration\Policies\Administrative Templates\Windows Components\Enable App Installer Microsoft Store Source Certificate Validation Bypass
Note: This Group Policy path is provided by the Group Policy template DesktopAppInstaller.admx/adml that is included with the Microsoft Windows 11 Release 24H2 Administrative Templates (or newer).
Impact:
Source certificate validation by Windows Package Manager cannot be bypassed when a connection is initiated to the Microsoft Store.