Best Guide to Remove Windows Update Features Access with Intune

In this article, I will explain how to remove access to all Windows update features with Microsoft Intune. This setting allows you to remove access to Windows Update, including blocking access to the Windows Update website.

Most of you might have faced issues like end-users upgrading their machines with patches or new feature updates and drivers by themselves since the “Check for updates” feature is enabled. Most organizations can’t disable the entire “Windows Update” feature.

This setting allows you to remove access to scan Windows Update. If you enable this setting user access to Windows Update scan, download and install is removed. The policy supported on At least Windows Server 2016 or Windows 10 and later OS.

So many cases we observed that end-users clicking on the hyperlink which downloads and install updates directly from Microsoft Catalog/Site, This will leads to a complete OS feature upgrade.

Patch My PC

Here, we are going to implement a policy to remove access to use all Windows Update features options from end-user machines.

Best Guide to remove access to use all Windows Update features with Intune. Fig. 1
Best Guide to remove access to use all Windows Update features with Intune. Fig. 1

Benefits of Remove Access to Use All Windows Update Features

Removing access to Windows Update features can be beneficial in certain scenarios. However, it’s essential to balance the benefits of restricting access to Windows Update with the potential drawbacks.

Blocking updates entirely can leave systems vulnerable to security threats and may result in missed bug fixes or performance improvements. Therefore, it’s crucial for organizations to have a well-defined update management strategy that considers both security and operational requirements.

OptionsDetailed Description
Controlled EnvironmentIn corporate or organizational settings, system administrators may want to control when and how updates are installed to ensure compatibility with existing software and to minimize disruptions to workflow.
StabilityUpdates, especially major ones, can sometimes introduce bugs or compatibility issues with specific hardware or software configurations. By controlling access to updates, organizations can test updates thoroughly before deploying them to ensure system stability.
SecurityWhile regular updates are crucial for maintaining security, in some cases, organizations may have specific security protocols or software in place that conflict with Windows updates. By restricting access to Windows Update features, administrators can ensure that security measures are not compromised.
Bandwidth ManagementIn environments with limited internet bandwidth, such as remote locations or on networks with many connected devices, controlling Windows Update can help manage bandwidth usage more effectively.
Regulatory ComplianceIn regulated industries such as healthcare or finance, strict control over system updates may be necessary to comply with industry regulations or data protection laws.
CustomizationSome organizations prefer to deploy updates using their own tools or processes to ensure consistency across their systems. Restricting access to Windows Update allows them to manage updates according to their own schedules and procedures.
Best Guide to remove access to use all Windows Update features with Intune. Table. 1

Create Intune Configuration Profile to Remove Windows Update Features Access

Here are the steps to create the policy to remove access to use all Windows Update features with Intune. Let’s discuss the step-by-step method to create the policy.

Adaptiva
  • Log In to the Microsoft Intune Admin Center using your administrator credentials.
  • Navigate to Devices  Windows > Configuration Profiles.
  • Click on +Create +New Policy.
Best Guide to remove access to use all Windows Update features with Intune. Fig. 2
Best Guide to remove access to use all Windows Update features with Intune. Fig. 2

We can now create a profile using an existing Windows template. To do that, specify the following details under the Create a profile option.

  • Platform: Windows 10 and later
  • Profile type: Templates
  • Template name: Administrative templates
Best Guide to remove access to use all Windows Update features with Intune. Fig. 3
Best Guide to remove access to use all Windows Update features with Intune. Fig. 3

In the Basics option, we can give the policy name as “Remove access to use all Windows Update features” and click on Next.

Best Guide to remove access to use all Windows Update features with Intune. Fig. 4
Best Guide to remove access to use all Windows Update features with Intune. Fig. 4

Under the Configuration Settings pane, we must select Computer Configuration and click the System folder.

Best Guide to remove access to use all Windows Update features with Intune. Fig. 5
Best Guide to remove access to use all Windows Update features with Intune. Fig. 5

On the next pane, we can see many predefined System settings names. Click on “Search to filter items” type “Windows Update” as a keyword, and hit enter.

Best Guide to remove access to use all Windows Update features with Intune. Fig. 6
Best Guide to remove access to use all Windows Update features with Intune. Fig. 6

On the search results, click on the settings “Turn off access to all Windows Update features”, then select on Enabled radio button and click on OK.

Turn off access to all Windows Update features under the path \System\Internet Communication Management\Internet Communication settings

Note! This policy setting allows you to remove access to Windows Update. If you enable this policy setting, all Windows Update features are removed. This includes blocking access to the Windows Update website at http://windowsupdate.microsoft.com, from the Windows Update hyperlink on the Start menu, and also on the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you will neither be notified about nor will you receive critical updates from Windows Update. This policy setting also prevents Device Manager from automatically installing driver updates from the Windows Update website. If you disable or do not configure this policy setting, users can access the Windows Update website and enable automatic updating to receive notifications and critical updates from Windows Update.

Best Guide to remove access to use all Windows Update features with Intune. Fig. 7
Best Guide to remove access to use all Windows Update features with Intune. Fig. 7

On the next page, Leave the Scope tags as Default, or if you want to give any custom scope tags available in the tenant, you can also select that.

Best Guide to remove access to use all Windows Update features with Intune. Fig. 8
Best Guide to remove access to use all Windows Update features with Intune. Fig. 8

Click on Next and assign the policy to HTMD – Test Computers. In the Included Groups option, click on Add Groups and select the required device group.

Best Guide to remove access to use all Windows Update features with Intune. Fig. 9
Best Guide to remove access to use all Windows Update features with Intune. Fig. 9

On the Review + Create page, carefully review all the settings you’ve defined for the “remove access to use all Windows Update features” policy. Select Create to implement the changes once you’ve confirmed everything is correct.

Best Guide to remove access to use all Windows Update features with Intune. Fig. 10
Best Guide to remove access to use all Windows Update features with Intune. Fig. 10

Monitor Windows Update Features Access Removal Policy with Intune

The policy has been deployed to the Microsoft Entra ID groups. So once the targeted devices are synced, it will take effect as soon as possible. To monitor the policy deployment status from the Microsoft Intune Portal, follow the below-mentioned steps.

Navigate to Devices > Windows > Configuration Profiles > Search for the “Remove access to use all Windows Update features” policy. Under the Device and user check-in status, you can see the deployment status for the same.

Best Guide to remove access to use all Windows Update features with Intune. Fig. 11
Best Guide to Remove access to use all Windows Update features with Intune. Fig. 11

End User Experience –  Remove access to use all Windows Update features Policy

Log in to your targeted device, and here I am, trying to test whether the “Remove access to use all Windows Update features” policy is working as expected.

Click on Start and search for Windows Update and select “Windows Update Settings.” You can see that the Check for updates option has been disabled after applying the policy.

Best Guide to remove access to use all Windows Update features with Intune. Fig. 12
Best Guide to remove access to use all Windows Update features with Intune. Fig. 12

I appreciate you taking the time to read my article. I’m excited to see you in the upcoming post. Continue to support the HTMD Community.

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

Author

Vaishnav K has over 10+ years of experience in SCCM, Device Management, and Automation Solutions. He writes and imparts his knowledge about Microsoft Intune, Azure, PowerShell scripting, and automation. Check out his profile on LinkedIn.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.