Microsoft
Microsoft
Microsoft
There are a couple of topics that you are bringing up so let me try to address them.
Today KIR is a separate service from Windows Update. KIR only makes configuration changes as noted in the blog. It does not push Windows Update packages to machines. If a WU package was pushed without your knowledge to your environment, pls contact Microsoft Support to see how to get that addressed and/or send feedback through the Feedback application. This should not happen.
To answer the question of going around your Windows Update restriction, because it is a separate service, it is not controlled by Windows Update settings. KIR targets all machines for a Windows version(s) that is either having the issue or could have the issue regardless of whether the actual update has been installed eg. all Windows 10 version 2004 machines. This means that if a user has the update KB in question installed and is experiencing an issue, KIR will mitigate that issue i.e. the user will stop seeing problems after a reboot. If a user has not YET installed the update KB, the KIR configuration will sit dormant on the machine until the update is installed at which point the issue will be automatically mitigated without the user ever knowing there was a problem.
We are investigating the creation of some UI to help users know when the KIR has been configured on the machine. We don't have this capability today unfortunately.