Mar 15 2022 11:36 AM
We've been using GPOs since years to block automatic updates, as we patch/upgrade Windows 10 Enterprise clients using a third-party management system. However, since last week we started getting reports from some users that they are being offered the upgrade from 1909 to 20H2 or 21H2, directly from Microsoft.
As shown in the picture, the admin turned off updates. However, users get a popup offering the upgrade. Furthermore, looks like users can now see and start Windows Feature Upgrades from the optional updates link.
What changed? When did it change?
How can we stop these upgrade notifications and block user access to "optional updates"?
Mar 17 2022 08:16 AM
@pdlt3 I recommend that you reach out to support so we can dive into specifically what's happening, since there are mixed signals.
If you are using Windows Update for Business and Feature Update deferrals, or you are using Feature update profiles in Intune, then feature updates would not show up as optional. Approved updates are treated as required. In addition, the max deferral for feature updates would be 1 year, so devices managed this way should not be on anything older than 21H1.
Support can help dive into your settings in your admin tool, the settings on the device, and can figure out what changes are needed to get the desired behavior.
Another option, is to follow the recommended settings in this
Manage Windows updates in the cloud - Learn | Microsoft Docs
HTH,
-David
Mar 17 2022 08:27 AM
Mar 17 2022 08:39 AM
@Susan Bradley Something like that is a great idea for troubleshooting, which is an area I'm definitely interested in improving. Thank you for the idea.
-David
Mar 21 2022 10:22 AM