Microsoft released Windows 11 Insider Preview Build 26300.8068 (KB 5079464) to the Dev Channel today, marking a significant shift in administrative control over system components. This build introduces two major policy changes that fundamentally alter how IT administrators manage Windows 11 installations. The first change allows administrators to remove Microsoft Store apps using standard Windows tools, while the second implements a new cross-signed driver policy that could affect hardware compatibility across enterprise environments.

Administrative Control Over Microsoft Store Apps

For the first time in Windows 11, administrators can now remove Microsoft Store apps using standard Windows tools like PowerShell, DISM, and Intune. This represents a departure from previous limitations where only certain built-in apps could be removed through these methods. The change applies specifically to apps installed from the Microsoft Store, not traditional Win32 applications or system components.

Microsoft's documentation states that administrators can use the Remove-AppxPackage PowerShell cmdlet to target Store apps. This command now works consistently across all Store-installed applications, providing a unified management approach. The company has also updated its DISM (Deployment Image Servicing and Management) tool to support this functionality during image deployment and servicing operations.

This policy change addresses a long-standing complaint from enterprise administrators who needed to maintain clean, standardized installations. Previously, organizations had to use workarounds or third-party tools to remove unwanted Store apps from corporate devices. The new capability integrates directly into existing management workflows, reducing complexity and potential security risks from external tools.

Cross-Signed Driver Policy Implementation

The second major change in Build 26300.8068 involves driver signing policies. Microsoft has implemented a new cross-signed driver policy that affects how Windows validates driver signatures. This policy requires that drivers be signed with certificates that chain to a Microsoft-approved root certificate authority.

According to Microsoft's technical documentation, the policy specifically targets drivers that use cross-signing certificates from third-party authorities. These certificates allow drivers to be signed by entities other than Microsoft while still being recognized as valid by Windows. The new policy restricts this practice, requiring stricter validation of the signing chain.

Microsoft states that this change enhances security by ensuring all drivers meet consistent signing standards. The company has been gradually tightening driver signing requirements since Windows 10, with this latest policy representing another step in that direction. Administrators should expect increased scrutiny of driver signatures during installation and updates.

Technical Specifications and Build Details

Build 26300.8068 carries the KB number 5079464 and represents a cumulative update to the existing Dev Channel release. The build number follows Microsoft's standard format, with 26300 representing the base build and 8068 indicating the cumulative update level.

Microsoft has not specified whether this build includes any new features beyond the policy changes. The company typically uses Dev Channel builds to test infrastructure changes and policy adjustments before introducing new user-facing features in later builds. This approach allows Microsoft to validate system stability and compatibility before expanding the testing scope.

The update follows Microsoft's standard Dev Channel release schedule, which typically sees new builds on Wednesdays. The company maintains separate development branches for different Insider channels, with Dev Channel receiving the earliest builds that may not align with specific Windows 11 feature updates.

Enterprise Implications and Management Considerations

These policy changes have significant implications for enterprise Windows 11 deployments. The ability to remove Store apps using standard tools simplifies device provisioning and maintenance. Organizations can now create standardized images without unwanted applications, reducing support calls and improving user experience.

However, administrators should test app removal thoroughly before deploying changes to production systems. Some Store apps may have dependencies or integration points that could affect system functionality if removed. Microsoft recommends testing removal scenarios in isolated environments before implementing changes across an organization.

The driver policy change presents more complex challenges. Organizations using specialized hardware with custom drivers may encounter compatibility issues if those drivers don't meet the new signing requirements. IT departments should inventory all hardware and associated drivers to identify potential problems before deploying this build or similar policies to production systems.

Microsoft has provided guidance for testing driver compatibility through the Windows Hardware Compatibility Program. Organizations can use the Windows Hardware Lab Kit to validate drivers against the new requirements. The company also maintains documentation on driver signing requirements and certification processes through its hardware developer portal.

Security Implications and Risk Assessment

The cross-signed driver policy directly addresses security concerns that have grown in recent years. Malicious actors have increasingly targeted driver vulnerabilities and signing weaknesses to bypass security controls. By tightening signing requirements, Microsoft reduces the attack surface available through driver-based exploits.

Security researchers have documented multiple cases where poorly validated driver signatures allowed privilege escalation or system compromise. The new policy should prevent similar attacks by ensuring all drivers undergo consistent validation. However, legitimate hardware vendors may need to update their signing practices to comply with the new requirements.

Microsoft's approach balances security with compatibility, but organizations should prepare for potential disruptions. Some older hardware may no longer receive driver updates that meet the new standards, requiring hardware replacement or alternative solutions. Security teams should work with procurement and IT departments to assess these risks during hardware refresh cycles.

Testing and Deployment Recommendations

For organizations participating in the Windows Insider Program, Build 26300.8068 provides an early opportunity to test these policy changes. Microsoft recommends deploying the build to non-critical test devices first, focusing on specific use cases relevant to the organization.

Administrators should create test scenarios for both policy changes. For app removal, test removing various Store apps and verify that system functionality remains intact. For driver policy, test installation and operation of all critical hardware devices, paying particular attention to specialized equipment like medical devices, industrial controllers, or scientific instruments.

Document any issues encountered during testing and report them through the Feedback Hub. Microsoft uses Insider feedback to refine policies before general release, so detailed reports help improve the final implementation. Include specific error messages, hardware details, and reproduction steps in any feedback submitted.

Organizations not participating in the Insider Program should monitor Microsoft's documentation for when these policies reach general availability. The company typically announces policy changes through official channels like the Windows IT Pro Blog and Microsoft Docs. Subscribe to relevant RSS feeds or notification services to stay informed about upcoming changes.

Future Outlook and Development Trajectory

These policy changes signal Microsoft's continued focus on enterprise management capabilities in Windows 11. The company has steadily improved administrative controls since Windows 10, with each release adding new tools and policies for IT departments. The ability to manage Store apps through standard tools represents a logical extension of this trend.

The driver policy aligns with broader industry movements toward stronger software supply chain security. Other operating systems and platforms have implemented similar restrictions in recent years, reflecting growing concerns about compromised software components. Microsoft's implementation follows established security best practices while attempting to minimize disruption.

Looking ahead, organizations should expect more policy refinements as Microsoft responds to feedback from Insider testing. The company typically iterates on policy implementations based on real-world usage data and administrator input. Final implementations in general availability releases may differ from what appears in Dev Channel builds.

Administrators should also prepare for potential expansion of these policies to other Windows versions. Microsoft often tests policies in Windows 11 before implementing them in Windows 10 or server editions. Monitor announcements for any indication of broader policy adoption across the Windows ecosystem.

Actionable Steps for IT Departments

  1. Assess current Store app usage: Inventory which Microsoft Store apps are installed across your organization and determine which ones should be removed from standardized deployments.

  2. Test removal procedures: Create PowerShell scripts or Intune configurations to remove unwanted Store apps and test them in isolated environments before broader deployment.

  3. Inventory hardware and drivers: Document all hardware devices in use, particularly specialized equipment, and verify that drivers meet current signing requirements.

  4. Engage with hardware vendors: Contact vendors of critical hardware to confirm their driver signing practices and update schedules for compliance with new requirements.

  5. Establish testing protocols: Develop standardized testing procedures for Insider builds that focus on policy changes and their impact on organizational workflows.

  6. Monitor Microsoft communications: Subscribe to official channels for policy announcements and prepare adjustment plans based on published timelines.

  7. Document compatibility issues: Maintain detailed records of any problems encountered during testing to inform future deployment decisions and vendor discussions.

  8. Plan for hardware refresh: Identify any hardware that may become incompatible due to driver signing requirements and schedule replacements during normal refresh cycles.

These policy changes represent significant improvements in Windows 11 manageability and security, but they require careful planning and testing. Organizations that proactively address these changes will benefit from enhanced control and reduced security risks, while those that delay may face compatibility issues and increased administrative burden.