question

40469054 avatar image
0 Votes"
40469054 asked saldana-msft edited

Windows Update is not possible on Surface Go 2 under Intune

【Situation and operation summary】
Some terminals can and cannot update Windows under the same environment .
The OS version will be updated from 1909 to 20H2.
An error (0wx1900223) is displayed even with a manual update.
Changed the limit of Intune feature update to 20H2.

【Please tell me the solution and investigation items.】
I was able to see one of the manual update solutions. In the local group policy, "Disable safeguards for feature updates" of "Windows Update for Business" was set to "Enable". After that, when I did a manual update, the update started and it became 20H2. Hopefully, we will update with less user interaction.

mem-intune-generalmem-intune-device-configurationsmem-intune-admin-center
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LuDaiMSFT-0289 avatar image
0 Votes"
LuDaiMSFT-0289 answered 40469054 edited

@40469054 Thanks for posting in our Q&A. From your description, I know that you want to update windows via intune, but it can't update on some devices. If there is anything misunderstanding, feel free to let us know.

For this issue, we appreciate your help to check some information:
1.Please check if the deployment status of update rings policy is succeeded on the target device in the Intune Portal.
2.Please check if the update policies are managed by intune. On the targeted Windows 10 device, go to Settings > Updates and Security > Windows Update > Advanced Options > View configured update policies, verify that the policy type is Mobile Device Management. For example:
126273-image.png

If there is anything update, feel free to let us know.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



image.png (46.7 KiB)
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Lu Dai-MSFT
Thank you for your answer.
The confirmation item "1" presented was successful. However, "2" has not been investigated yet. I will continue to investigate.
Is there anything else I can check on the Intune portal?

I'm sorry for troubling you.

0 Votes 0 ·

@40469054 Thanks for your update.

We only could check the policy's status in intune portal. And more detailed information is in the device. In addition to the above check, please check Registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Update. Verify that the values of the keys match the settings specified in your Update Ring policy.

If the Windows update policy type is set to Mobile Device Management and the registry key values are correct, it seems that this issue is not directly related to Intune, it is more likely an issue with windows client.

Thanks for understanding.

0 Votes 0 ·

@Lu Dai-MSFT Thank you for your reply.
I'm sorry, please let me check again.
Is there a solution only to the manual update method mentioned in the original question? I would like to know if there is another way to update.

Of course, we will continue to ask the person in charge to investigate the matters to be investigated.

0 Votes 0 ·
Show more comments
Jason-MSFT avatar image
0 Votes"
Jason-MSFT answered

I was able to see one of the manual update solutions. In the local group policy, "Disable safeguards for feature updates" of "Windows Update for Business" was set to "Enable"

The whole point of safeguard holds is to prevent a device from seeing a feature update that is known to cause issues on that device type. Bypassing safeguard holds is asking for those known problems to manifest themselves on the device and we strongly recommend against doing this on production systems.

To identify applicable safeguard holds in your environment, you need to implement update compliance: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/access-safeguard-hold-details-with-update-compliance/ba-p/1809652

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.