This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 97%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
hello experts i hope someone can help with the below :
how can i create a custom policy ( oma-uri) with intune to change the below key registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU noautoupdate =0
i know it can be done via powershell script using remediation , but i need it as a profile to win over the local group policy i have .
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Intune has several build-in policy to manage updates and you won't need to change the registry, take a look at:
https://learn.microsoft.com/en-us/mem/intune/protect/windows-update-settings
Thanks for the reply , i have configured so far AllowMUUpdateService and AllowUpdateService values , but none seems to set the value of the noautoupdate = 0 ...
do you have an idea which csp change this value ??
That won’t work as the GPO will revert it again. What you should do is remove the GPO policy if you want Intune to manage updates on the devices.
@haZ Thanks for posting in our Q&A.
For this issue, I have done the test in my lab. I tried to deploy a custom policy to enable automatic updates. I can see the policy under "Policies set on your device", but the registry key of noautoupdate is also "1", not set to "0".
So, I think policies have precedence. For this policy, GPO precedes over intune. Given this situation, it is suggested to make it via PowerShell Scripts.
Thanks for understanding.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.