Jan 23 2020 05:23 AM
Jan 23 2020 05:23 AM
Recently I switched the Windows Update Policies co-management workload from Configmgr to Pilot Intune and created update rings in Intune assigned to my pilot group. The update ring is set to defer both quality and feature updates for 0 days, with deadlines of 2 and 28 days. The clients don't seem to be updating based on that schedule though. It's been more than the 28 days since I set this up, and none of the computers in the pilot ring have installed a feature update since the change was made. The computers in the pilot group are running a mix of Win10 1903, 1809, and 1803. They have received the January 2020 updates, but I think those still came from configmgr, not Intune / Windows Update for Business.
What am I missing that would cause the clients to still get windows updates from Configmgr and not intune/WUfB?
Jan 29 2020 10:15 AM
@Moe_Kinani Yes, most of them do show compliant overall. A few are non-compliant, but that's clearly attributable to a specific policy setting, in each case either secure boot or bitlocker related. Those are known issues.
Looking down the list under End User Update status though, most of these computers show update status as up to date, but feature update version as v1903. The update ring is set to defer feature updates for 45 days, and with a 7 day deadline for feature updates and 2 day grace period. Shouldn't these all have updated to v1909 by now?
Jan 29 2020 02:43 PM
Jan 29 2020 10:23 PM
Defer Feature Update is a setting from Windows Update for Business, whereas you refer to the new function to specify a certain Windows build (Feature update (preview)).
@Steve Whitcher Just some brainstorming points that came in my mind:
- Is this happening to all devices or just to some?
- Are the devices in a free internet environment or is there a proxy in between?
- Is there a GPO setting conflicting with the Intune MDM Policy? Check the registry, WUfB is definied here: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
- Is the device connecting to Windows for updates? You can look up the connections with wireshark. Is there maybe some WSUS setting left on the devices?
If nothing works, did you contact Microsoft?
Jul 29 2020 09:46 PM
I have a similar issue to yours - have you ever found the solution to this
then also I see a lot of Windows 10 systems show as "Not applicable" when reporting on the update ring
does this mean that the system is actually up to date - I have to knw this for SLA reporting currently I sit with about 25% of the Windows 10 devices showing as "not applicable" in the reports