The app installer is a package manager built into Windows OS. It provides similar functions to APT in Linux based OS. The package managers executable is called winget and behaves similar to apt-get. It cannot be controlled by ConfigMgr. Deploying Store apps through Intune is now the only supported way to install these types of applications.
As of August 2023 there are no settings catalog configurations available. Configuration has to be done through custom OMA URIs, GPO or imported ADMX files.
Note: To get the latest ADMX files use a patched Windows computer and grab "C:\Windows\PolicyDefinitions\DesktopAppInstaller.admx" plus the en-us adml "C:\Windows\PolicyDefinitions\en-US\DesktopAppInstaller.adml"
Note2: Importing the app installer ADMX file into Intune the Windows.admx is also required.
Note3: The ADMX does not contain all available settings from the CSP.
To block users access to winget use the 'Enable App Installer' setting and set it to 'disabled'. Please keep in mind, that this is a device setting and will therefore be applied to all users on a device, regardless what object type it is assigned to.
The default sources for the app installer are winget and msstore. These are enabled by default. Depending on your situation, you might want to limit access to winget to one of the defaults or to a custom source.
By default, ms-appinstaller links can be used in several places like this ms-appinstaller:?source=https://aka.ms/getwinget (put this in a "run" window). This policy is not in the ADMX and must be set using a custom OMA URI. Here are some examples of how that looks.
Refer to the official documentation. Logs are located in %LOCALAPPDATA%\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\DiagOutputDir