Nov 19 2020 08:22 AM
Hello!
We are co-managed and are in the process of testing out WUfB workloads. We have a leftover GPO that is setting the "Configure Automatic Updates" policy to Disabled. If I manually remove the corresponding reg key on a test workstation then WUfB seems to work as expected. Can you confirm that removing this GPO/key is necessary for WUfB to work properly and also recommend any other GPOs/settings/reg keys that could conflict with the policy we're setting in Intune & proper WUfB operation? Also, would re-enabling/removing the "Configure Automatic Updates" policy have any other impact on our existing SCCM environment? (We do still want to use dual-scan to install third party patches via ConfigMgr). Thanks!
Nov 19 2020 09:22 AM
Solution@egoodman disabling "Configure Automatic Updates" will result in WUfB not working given it will literally disable automatic updates for that device. With WUfB less is actually more.
Configure:
Honestly, that is it. That is all you really need to configure to have a great end user experience and keep devices compliant.
Do Not Configure:
Finally, when you are using Configuration Manager with "do not allow deferrals to cause scans against Windows Update" you will not get any updates from Windows Update AND the native update stack / UX will not be in use. That means that all of the Windows Udpate policies pertaining to experience (including configure automatic updates) will not apply. Therefore for 100% ConfigMgr environments this should not be a problem.
Please let me know if you have any more questions. :)
Apr 16 2021 02:17 PM
Thank you so much. We are in the same boat but still having issues. In our scenario we have the following GPO configured currently :
Configure Automatic Updates - Set as Disabled from Domain GPO
Do not allow update deferral policies to cause scans against Windows Update - Set as Disabled from Local GPO (from SCCM)
Do not connect to any Windows Update Internet locations - Set as Enabled from Domain GPO
Specify intranet Microsoft update service location - Set as Enabled from Local GPO (from SCCM)
To manage from Intune we are planning to do the following
1. Add the device to Co-management
2. Modify the following GPO's
Configure Automatic Updates - Delete the Registry Entry and set as Not Configured in GPO
3. Create a new profile under "Windows 10 update rings" in Intune with the required settings and assign to the devices
Will that help us to move towards to WuFB or do we need to do anything else ?
Thanks,
V
Nov 19 2020 09:22 AM
Solution@egoodman disabling "Configure Automatic Updates" will result in WUfB not working given it will literally disable automatic updates for that device. With WUfB less is actually more.
Configure:
Honestly, that is it. That is all you really need to configure to have a great end user experience and keep devices compliant.
Do Not Configure:
Finally, when you are using Configuration Manager with "do not allow deferrals to cause scans against Windows Update" you will not get any updates from Windows Update AND the native update stack / UX will not be in use. That means that all of the Windows Udpate policies pertaining to experience (including configure automatic updates) will not apply. Therefore for 100% ConfigMgr environments this should not be a problem.
Please let me know if you have any more questions. :)