lalanc01​ 

Here's how it works:

- Windows Autopatch and Windows Update Client policies are applied to devices via Intune. As long as the device remains enrolled in Intune and has connectivity, policies continue to apply regardless of how often a user logs in. However, if the device loses connectivity or goes offline for extended periods, it won't check in to receive new policies or updates.

- License assignment: M365 E5 licenses are user-based. If a licensed user is removed or the license is unassigned, the device may lose access to features that require that license (like Autopatch enrollment). Group-based licensing in Entra ID can help automate this.

- The scenario you're describing — devices stopping patch compliance when users stop logging in — is more likely related to the devices going offline/not checking in rather than license removal. Check the last check-in dates in the Intune portal for those devices. Devices that haven't checked in for 30+ days won't receive new update policies.

I'd recommend checking the Intune device compliance and last sync dates to narrow down whether it's a connectivity or licensing issue.