question

Chanuka-Francis avatar image
0 Votes"
Chanuka-Francis asked Chanuka-Francis commented

Windows Update Management via Intune & WSUS

Hello Experts,

I have a question. Let's say I have a WSUS in my office where all the windows endpoints get updates. Plus we have Intune tenant in our Org and most of the PCs are enrolled. Since most of the users WFH these days their PCs not getting updates as they don't have connectivity to WSUS. Is it possible that we can also deploy Windows Updates from Intune utilizing Windows Update for business for these devices that already pointed to WSUS? Would it work?

Please advice.

mem-intune-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

EswarKoneti-MVP avatar image
0 Votes"
EswarKoneti-MVP answered Chanuka-Francis commented

Here is the catch: if you have not explicitly disabled dual-scan, you are good to use intune to patch your windows devices.
Some information about the dual scan https://techcommunity.microsoft.com/t5/configuration-manager-blog/third-party-updates-and-windows-update-for-business/ba-p/1660970

additional information incase you would like to remove the registry keys incase you have dual scan disabled.

powershell script to clear the reg keys:

 $ErrorActionPreference = 'SilentlyContinue'
 Remove-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate' -Force -Name WUServer
 Remove-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate' -Force -Name TargetGroup
 Remove-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate' -Force -Name WUStatusServer
 Remove-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate' -Force -Name TargetGroupEnable
 Set-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU' -Value 0 -Force -Name UseWUServer
 Set-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU' -Value 0 -Force -Name NoAutoUpdate
 Set-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate'    -Value 0 -force -Name DisableWindowsUpdateAccess
 Restart-Service -Name wuauserv

Thanks,
Eswar
www.eskonr.com

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@EswarKoneti-MVP this helps, many thanks!

0 Votes 0 ·