Hi There.
Hope someone can help shed some light on the problem we have.
I have an ever-increasing number of machines in our environment is installing Windows 10 "21H1 Update" this update is not being deployed via SCCM at all for the last 5 months.
None of the SCCM logs show the installation of 21H1 however they do appear in the Windows Update Logs, We have also had a 3rd party company confirm it's not SCCM but they are also not sure as to how Windows updates are getting this update if all updates come from SCCM.
I have all 3 of these KB's are installed in our environment and it seems that they include the "Enablement Package" for the version of Windows installed. Article ID 4517245, Article ID 4562830 and KB5000736
I don't use Windows for Business nor have I deployed the Enablement Package out to my machines so. About 75% of my environment has 1909 installed.
As we run 3rd party applications across a large majority of our machine any so any changes in our environment needs to be tested before a full deployment goes out to them all.
I have 3 questions:
How can I stop this from happening?
And gain control of this deployment?
How can I roll these machines back as most have past the 10 days grace period to roll back?





