"Check online for updates from Microsoft Update" missing in Windows 11 (WSUS GPO)

Dieter Tontsch (GMail) 877

We have migrated our first few Windows 10 installations to Windows 11. We are operating in a 2019 Active Directory and we use GPOs for WSUS.
Our GPO provides a local WSUS server, but it also allows Updates from Microsoft.

I have observed that this blue link saying Check online for updates from Microsoft Update is entirely missing from Windows 11 update settings.
I am not very happy anyway with the approach MS takes, automating this update mechanism more and more, not even in Windows Server OS it's possible anymore, like it was with Windows 2021 R2, to deselect updates or such things. This whole procedure meanwhile is a take it ar leave it approach.
However, this Check online for updates from Microsoft Update was very handy, if some updates didn't arrive yet on our WSUS, or by some missing config they did not load to WSUS etc. Is there any chance to get this feature enabled?

Also, what happens if one has no connection to it's WSUS (no VPN) for quite a while, is there any chance to get updates directly online form MS?

Cheers,
Dieter

Rita Hu -MSFT 9,626 Reputation points

2021-10-15T02:12:20.32+00:00

@Anonymous
Please review the below registry value on windows 11 clients and share with us to help me research further:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

Thanks for your sharing and cooperation.

Regards,
Rita

Accepted answer

myusrn 106 Reputation points

2021-12-02T19:46:32.153+00:00

Hi @Anonymous - I was experiencing what appears the same issue as you were on my win10 enterprise managed setup that i joined to insider program one month before win11 released in order to upgrade early and dogfood for any issues.

From that point up until and after rtm I lost access to the “check online for updates from microsoft update” link that normally displays just under the “check for updates [ from my enterprise IT managed wsus ]” button.

To work around this I was having to remove my enterprise IT [sc]cm client install in order to make the "check for updates" button revert to using microsoft update instead of my enterprise IT managed wsus so that I could pull win11 updates prior to rtm and cumulative updates after rtm. Not a viable long term solution as i want / need both options.

Coincidentally we have just started piloting the w365 cloud pc SaaS service and that team enabled me with a win11 enterprise managed cloud pc setup where i was seeing the expected and desired “check online for updates from microsoft update” link displayed just under the “check for updates [ from my enterprise IT managed wsus ]” button.

I compared my hklm\Software\Policies\Microsoft\Windows\WindowsUpdate key on that w365 cloud pc win11 setup, where I do see expected “check online for updates from microsoft update” link in addition to “check for updates [ from my enterprise IT managed wsus ]” button. I noticed it was lacking one value than mine contained, "DoNotConnectToWindowsUpdateInternetLocations"=dword:00000000.

I deleted that registry value and revisited windows update screen and now I am setting the expected “check online for updates from microsoft update” link just below the “check for updates [ from my enterprise IT managed wsus ]” button and when i click it i appear to be getting the expected functionality. This would suggest the presence of "DoNotConnectToWindowsUpdateInternetLocations" is being interpreted as 0x1 and ignoring what value data settings of 0x0.
Please sign in to rate this answer.

4 people found this answer helpful.
Dieter Tontsch (GMail) 877 Reputation points

2021-12-08T18:50:06.89+00:00

You are gorgeous, deleting this key, respectively even just renaming it, did also solve my problem.

Thank you very much

Cheeers,
Dieter

boxfox 1 Reputation point

2022-10-18T15:31:07.56+00:00

My apologies for the thread necromancy, but I wanted to add that this also functions in Windows 10 Education edition (10/18/22, build 10.0.19043), and also to thank you, myusrn.

Thomas Langhans 1 Reputation point

2023-09-22T10:37:22.3233333+00:00

I found out a very strange behaviour there: I've got two computers, identically configured, same ConfigMgr Task Seqence installation, same GPOs, same computer group memberships, one shows "Check online for updates from Microsoft Update Link" if "DoNotConnectToWindowsUpdateInternetLocations" is set to 0 and the other one shows the link if the value is set to 1. That's definitly seems to be a bug.

Can anyone kindly expain that issue please?
Sign in to comment

13 additional answers

SR dream 0 Reputation points

2023-10-31T07:25:39.4733333+00:00

Hi Team,

Will ,Check for online updates , affect WSUS server or that break the system like optional updates? Please need some clarity, I am not sure if we need to check both "check for updates" and Check for online updates" in W11? Please clarify
Please sign in to rate this answer.
myusrn 106 Reputation points

2023-10-31T17:05:52.29+00:00

Hi @SR dream , the wsus [ windows software update service ] is managed by one's IT department and typically only provides updates that IT team has tested and confirmed to not to cause any issues on company issued hardware and software configurations. The "check for online updates", aka microsoft update, option is necessary if a user wants to pull updates not currently provided by one's enterprise wsus setup and/or updates such as windows insider builds. This is why there is a registry setting so that some enterprises can hide that option if they don't want users making use of it to pull updates they haven't tested.

SR dream 0 Reputation points

2023-10-31T20:47:20.8+00:00

Thank you @myusrn

Barbara Joost 5 Reputation points

2023-11-01T12:13:49.0433333+00:00

The option "check for online updates" is often needed for mobile devices on the way outside premises what are not able to reach the internal WSUS. It's better to get a not testet update than working with an old insecure patch level.
Sign in to comment
Dieter Tontsch (GMail) 877 Reputation points

2021-12-09T12:31:18.487+00:00

honestly, I also thought to try that, but then I somehow forgot about it :D
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
Barbara Joost 11 Reputation points

2021-12-09T12:23:01.61+00:00

A colleague detected, that the link appears if the value of the registry key will be set to 1. In other words, we found a bug. Win 11 interprets this value in direct opposite direction like Win10. Somebody at Microsoft don't understand what is on or off in binary values...
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
Barbara Joost 11 Reputation points

2021-12-08T15:57:50.767+00:00

Found it. This registry key will be controlled by the policy "Do not connect to any Windows Update Internet locations".

https://gpsearch.azurewebsites.net/#10875

In our environment this policy is explicitly set to disabled. This creates the registry key in question with the value "0", I think. The key exists on Windows 10 too, but has not the same effect like on Windows 11.

I will create a GPO for W11 where this policy is set to "not configured". Let's see.
Please sign in to rate this answer.

1 person found this answer helpful.

0 comments No comments
Sign in to comment

Share via

"Check online for updates from Microsoft Update" missing in Windows 11 (WSUS GPO)

13 additional answers