Block a specific windows update

Iron Contributor

Hi everyone,


We started using Intune in the past month and a half. Both with SCCM co-managed computers and Intune only enrolled computers.

On June 9th, Microsoft published kb4560960 which has known issues with the print spooler. Microsoft then superseded this update with KB4567512.

Here is the problem: My deployment ring is scheduled to deploy any deployed update 3 weeks after it is generally available. This means, if Microsoft decides to pull the update back because of a fault in the update I can be happy because the issue was taken care of in those 3 weeks. But in this case, Microsoft didn't pull the update, I was affected by the bug in kb4560960 and was required to manually install KB4567512 to fix this.

For me this is bad management because I can't control this in anyway and it also means that any screwed up updates  that will be published can potentially ruin my computer because I was stop this in any way... Even if I pause the ring I will still have to deal with this after I resume it...

Am I right or am I missing something?


Thanks, Rahamim.

3 Replies
Hi RahamimL,

You are correct. You can’t block or delete specific update by KB number, but you uninstall quality, feature etc.

Hope this helps and good luck!

@RahamimL you could temporarily change your deferral settings when the fixed patch is out and change it back to when this is installed.

I spoke to our advisor and he says that pausing the ring and resuming it will cause the superseded update not to be installed.
He didn't test this though.