question

karthikpalani-9530 avatar image
0 Votes"
karthikpalani-9530 asked saldana-msft edited

Windows Update Error - Intune

Hi All,

I am finding the below error when i run GP update

"Windows failed to apply the MDM policy settings. MDM policy policy might have its own log"

As per MS, they recommend to ignore (https://docs.microsoft.com/en-us/troubleshoot/mem/intune/windows-failed-to-apply-mdm-policy#:~:text=This%20issue%20occurs%20if%20the,you%20receive%20the%20warning%20message.) which is fine

But seems "CHECK FOR UPDATES" under updates & security is enabled and user can check for update online. Before it was greyed out but now it is enabled

Is this related to MDM or something causing it. Please advice

mem-cm-generalmem-intune-enrollmentmem-cm-updates
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Crystal-MSFT avatar image
0 Votes"
Crystal-MSFT answered Crystal-MSFT commented

@karthikpalani-9530, For the GP update warning message, we can safely ignore it. From your description, it seems the "Check for updates" is enabled after we deploy windows 10 update rings profile or Windows 10 Feature update in Intune. if there's any misunderstanding, feel free to let us know.

To disable the function, we can set "Option to check for Windows updates" as disable in the windows update ring policy in Intune.
66759-image.png

Hope it can help.

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



image.png (97.0 KiB)
· 3
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

karthikpalani-9530 avatar image karthikpalani-9530 ·

Thanks for the information

I verified the above steps, the machines which are affected are not part of Intune auto enrollment or Update policies.

I even verified SCCM which is not causing this issue. Is there any log i can check on why this "Check for Updates" is enabled

Please suggest

0 Votes 0 ·
Crystal-MSFT avatar image Crystal-MSFT karthikpalani-9530 ·

@karthikpalani-9530, From your description, it seem you don't use Intune to configure the Windows update for Business. Based on my research, GPO can also control the behavior by "Turn off access to all Windows Update features". We can check if it is set.
https://community.spiceworks.com/topic/2203652-disable-check-online-for-updates-from-microsoft-update-and-nothing-else
Note: Non-microsoft link, just for the reference.

However, if it is also not controlled by GPO. Based on my experience, that means, the setting is on by default, the organization didn't control it. If we want to control it, we can set policy in GPO or Intune Windows 10 update rings policy to do it.

Hope it can help.

0 Votes 0 ·
Crystal-MSFT avatar image Crystal-MSFT Crystal-MSFT ·

@karthikpalani-9530, How's everything going? I am writing to see if there's anything else we can help. If yes, feel free to let us know.

0 Votes 0 ·