Delinea | Privileged Access Management Blog

Securing and managing Microsoft Windows Store apps with Privilege Manager’s latest update

Written by Jeff Carpenter | Feb 28, 2023 1:00:00 PM

In a world of increasingly complex IT networks and ecosystem integrations, securely managing Windows Store apps is becoming an increasingly important priority for organizations. But it’s a delicate balance between employees and IT admins—employees want the process of downloading and accessing these apps to be quick and seamless, while IT admins are responsible for keeping the network safe.

Letting employees download apps without any security policies increases the risk of malware and ransomware. When admins have to deal with many users, manually controlling each user’s app download and access privileges individually becomes unfeasible.

Apps were listed as the second most vulnerable vector for a ransomware attack

Privilege is at the crux of the issue. Users with unlimited privileges can download and run applications freely, which increases the risk of unintentionally installing malicious software or giving bad actors access to IT systems. In Delinea’s recently conducted ransomware survey, applications were listed as the second most vulnerable vector for a ransomware attack.

Ransomware attacks can have serious impacts on company operations, causing operations halt, loss of sensitive data, financial problems, and brand damage. In the same survey, we asked respondents whose company was a victim of a ransomware attack in the last 12 months to select all applicable outcomes of such an attack. 56% of respondents selected loss of revenue as the most impactful result and 50% selected loss of customers. These results show clearly that first and foremost, financial consequences from ransomware attacks are the biggest concern.

So, how can companies mitigate these risks?

Well, to protect the organization, it’s important for IT admins to have strict policies and procedures in place for employees to download and use apps, regularly monitor app usage and downloads, and update security measures. To address the issue of uncontrolled app access via the Microsoft Windows Store, we are enhancing Delinea’s Privilege Manager by adding the capability to restrict users from downloading and running applications.

In Privilege Manager’s latest release, IT administrators can implement elevation on Windows Store applications such as Windows terminal, Dell support assistant, Notepad, and focus assist. Admins can apply the policies on applications that are launched via Windows Store and define which applications are not allowed to run. The increased level of control not only helps to ensure the security of the network, but also helps ensure compliance. Together with this powerful new feature, we’re launching our impact tool that supports IT admins when making policies and policy changes within Privilege Manager, such as policies related to Windows Store apps.

Prior to this most recent update, admins had no visibility into how many endpoints would be affected when implementing a new policy. This could cause an increased number of raised support tickets. With the latest addition to Privilege Manager, admins can now make changes to applied filter rules and see on the dashboard how many endpoints the changes will impact. With this information, admins can plan better changes to the policies.

Privilege Manager makes application control easy for IT teams

Through policy-based controls to elevate applications, Privilege Manager makes application control easy for IT teams. IT admins can create control policies for elevating, allowing, denying, and restricting applications based on advanced threat intelligence. Certain applications can also be elevated so that users can use them to do their job without the need to contact IT support.

Privilege Manager for workstations prevents malware and insider threats from exploiting privileged local credentials on endpoints by implementing a scalable least privilege security posture. Companies can automatically and easily remove all local admin credentials from domain and non-domain-managed workstation endpoints.

Our latest product addition is designed to help reduce the risk of ransomware and malware attacks for business users who download applications from the Microsoft Windows Store. By reducing the privileges of these users and implementing strict security measures, we're helping create a safer and more secure environment for businesses.