laptop bypass update policy

Brass Contributor

Hello 

 

Please i need your help on this issue. 

 

Yes, I have Intune managed devices. The policy bypassed is Windows Update.

 

We do not allow users to update automatically but Window 11 laptops especially Lenovo are doing updates.

 
Below are what i want to achieve: 
 
1. How can we stop Windows 11 Lenovo Laptops from doing automatic windows updates because it is bypassing the policy. 
 
2. How to stop the windows 11 Lenovo/Dell laptops from asking for BitLocker key after doing an update. 
 
WE do not have this issue on windows 10 laptops. 
 
Below is the policy. It is user based. Only users added here have permission to run windows Update but windows 11 devices are bypassing.
 
MikeJohn1710_0-1711046728888.png

 

MikeJohn1710_1-1711046751574.png

 

MikeJohn1710_2-1711046769207.png

 

3 Replies

@MikeJohn1710  To address your concerns:

Preventing Automatic Updates on Windows 11 Lenovo Laptops: Ensure that the Windows Update policy is properly configured in Intune. You may need to review the settings and ensure they are correctly applied to Windows 11 devices. Additionally, consider reviewing the Windows Update settings on the affected laptops locally to ensure there are no conflicting settings or overrides.

Stopping BitLocker Key Requests After Updates on Windows 11 Lenovo/Dell Laptops: This issue could be related to the firmware or driver updates being applied during Windows updates. Ensure that the laptops have the latest firmware and drivers installed. You may also want to review the BitLocker policy settings in Intune to ensure they are configured correctly.

Hello @rutviksoni 

 

Thank you for your email.

 

We are having a conflict issue between 2 policies.

 

Policy 1
Update ring policy.

 

Image 1.png

 

image 2.png

 

 

 

 

 

image 3.png

image 4.png

 

 

 

 

Policy 2:  Configuration policy.

How can this Option to check for Windows updates be

Disabled on this configuration policy so it does not conflict with the policy 1 and I could I have everything in one policy only.

 

image 5.png

 

 

@MikeJohn1710 

managing updates and BitLocker key requests on Windows 11 Lenovo laptops through Intune policies. Here are some steps you can take to address your concerns:

  1. Preventing Automatic Updates on Windows 11 Lenovo Laptops:
    • Double-check the Windows Update policy settings in Intune to ensure they are configured correctly for Windows 11 devices. Make sure that the policy is properly targeted and assigned to the relevant device groups.
    • Verify the Windows Update settings on the affected laptops locally to ensure there are no conflicting settings or overrides that may be causing them to bypass the policy. You can do this by accessing the Windows Update settings on the devices and comparing them with the settings defined in Intune.
  2. Stopping BitLocker Key Requests After Updates on Windows 11 Lenovo/Dell Laptops:
    • Ensure that the laptops have the latest firmware and drivers installed. Firmware and driver updates can sometimes trigger BitLocker key requests after updates. Make sure to regularly check for and apply any available firmware and driver updates from Lenovo/Dell's official support websites.
    • Review the BitLocker policy settings in Intune to ensure they are configured correctly and aligned with your organization's requirements. You may need to adjust the BitLocker policy settings to better handle BitLocker key requests after updates.

Regarding the conflict between Policy 1 (Update ring policy) and Policy 2 (Configuration policy), you can try the following approach to streamline your policies:

  • Consider consolidating Policy 1 and Policy 2 into a single comprehensive policy. This can help reduce conflicts and make policy management more straightforward.
  • Review the settings of both policies to identify any conflicting configurations. Adjust the settings as necessary to ensure they align with your organization's requirements and do not conflict with each other.
  • Test the updated policy thoroughly in a controlled environment before deploying it to production devices to ensure that it behaves as expected and addresses the issues you're encountering.

I hope these suggestions help you resolve your issues and streamline your policy management process. If you need further assistance or clarification on any point, feel free to ask. We're here to help!