Tech Community Live: Windows edition
May 31 2023, 07:30 AM - 11:30 AM (PDT)
Microsoft Tech Community

SCCM to WufB




We are co-managed and are in the process of testing out WUfB workloads. We have a leftover GPO that is setting the "Configure Automatic Updates" policy to Disabled and few others.


Configure Automatic Updates - Set as Disabled from Domain GPO
Do not allow update deferral policies to cause scans against Windows Update - Set as Disabled from Local GPO (from SCCM)
Do not connect to any Windows Update Internet locations - Set as Enabled from Domain GPO
Specify intranet Microsoft update service location - Set as Enabled from Local GPO (from SCCM)


To manage from Intune we are planning to do the following

1. Add the device to Co-management workloads
2. Modify the following GPO's
Configure Automatic Updates - Delete the Registry Entry and set as Not Configured in GPO
3. Create a new profile under "Windows 10 update rings" in Intune with the required settings and assign to the devices


But still devices does not scan.


Will that help us to move towards to WuFB  or do we need to do anything else ?

3 Replies
Hi ! I think you are policies configuration is wrong and need to be corrected
Which policies ?
1. Get rid of the group policies for Windows Update completely. Even with ConfigMgr, you should not have had any except possibly one that disables Automatic Updates (and nothing else). For WUfB, Automatic Updates must be enabled (which is the default) so it's best to simply not configure any group policies at all when using WUfB.
2. Check comanagementhandler.log on the client system and/or the device in Intune to validate the Windows Update workload has been moved to Intune.
3. What are your deferrals set to in the Update ring in Intune?
4. Are you sure the device is targeted by the Update ring?