Hi Julian
It seems that you are facing a situation where a Group Policy Object (GPO) is still being applied to computers managed by Intune, causing issues with Windows Update.

- Identify the Conflicting GPO: Use the gpresult command to identify the GPO that is causing the conflict. Look for the "Windows Components/Windows Update - Configure Automatic Updates" setting, which may be set to "Disabled" and preventing Intune from managing updates.

Question: Is the device managed through both SCCM (System Center Configuration Manager) and Intune. When a device is co-managed, the policies pushed through MECM (Microsoft Endpoint Configuration Manager, formerly SCCM) will be displayed as Local Group Policy under the GPResult. Co-management allows for the management of Windows 10 devices with both Configuration Manager and Intune. The co-management dashboard in Configuration Manager can be used to review information about co-managed devices, including their status and enrollment. Additionally, Microsoft Intune provides features to monitor and manage device configuration policies, allowing users to check the status of a policy, view assigned devices, and troubleshoot any conflicts.

MDMwinsoverGPO csp only supports policy csp. It does not support defender and windows updates csp. If you have windows update settings created in GPO, then you need to remove them in favor of management through Intune.