Computer only in Intune receive GPO for Windows Update causing blocking of update

Copper Contributor


it's several hours i'm trying to found the origin of this problem. The first symptom i seen is the message in Windows Update "Your organization has turned off automatic update":

Windows 10 22h2




In advanced i can see Disable automatic updates Source Administrator Type Group Policy



In the registry i can see the key NoAutoUpdate to 1. If i switch it to 0, after reboot or after gpupdate, it's switching back to 1 ?!



Something change theses settings .


I already tried the MDMWinOverGP with success applying. But in fact in the documentation we can see  :  Nor does it apply to the Update Policy CSP for managing Windows updates. 

It seems not affecting Windows Update.



Any idea? 


Thank you!


3 Replies
Hi Julian
It seems that you are facing a situation where a Group Policy Object (GPO) is still being applied to computers managed by Intune, causing issues with Windows Update.

- Identify the Conflicting GPO: Use the gpresult command to identify the GPO that is causing the conflict. Look for the "Windows Components/Windows Update - Configure Automatic Updates" setting, which may be set to "Disabled" and preventing Intune from managing updates.

Question: Is the device managed through both SCCM (System Center Configuration Manager) and Intune. When a device is co-managed, the policies pushed through MECM (Microsoft Endpoint Configuration Manager, formerly SCCM) will be displayed as Local Group Policy under the GPResult. Co-management allows for the management of Windows 10 devices with both Configuration Manager and Intune. The co-management dashboard in Configuration Manager can be used to review information about co-managed devices, including their status and enrollment. Additionally, Microsoft Intune provides features to monitor and manage device configuration policies, allowing users to check the status of a policy, view assigned devices, and troubleshoot any conflicts.
MDMwinsoverGPO csp only supports policy csp. It does not support defender and windows updates csp. If you have windows update settings created in GPO, then you need to remove them in favor of management through Intune.
the computer is outside the domain and gpresult is empty. It's why i don't found the origin of this :(