Intune managed test VM - last scan time way back in November

Question

Hi, I have a test VM being co-managed by MECM & Intune with Windows 10 updates workload being managed by Intune. However I always see this last scan time no matter what I try on troublesome machine.

How to troubleshoot this? On other test machine (although physical) last scan time is from this morning.

Answer 1

@Bojan Zivkovic Intune‘s Windows Update policies only define an update strategy and they don't provide the update infrastructure itself.

So the co-managed devices which Windows Update policy has been moved to intune still need to update with WSUS. The following article will help us understand Windows Update policy:
https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-troubleshooting-windows-10-update-ring-policies/ba-p/714046

Hope the above information will help.

Answer 2

I do not get it - if devices still use WSUS that means outside LAN they will never be updated and advantage of leveraging Intune (even in co-management with MECM - at least I was told so) was always being independent from LAN. Leveraging Microsoft Update Services as here was what I expected.

Answer 3

@Bojan Zivkovic Maybe I didn't explain clearly.

Intune doesn't control where the device gets updates from. If the device originally got updates from WSUS, it still gets updates from WSUS. If the device originally got updates from Windows Update, it still gets updates from Windows Update.

We can run the following command in PowerShell to confirm where the device gets updates from:

$MUSM = New-Object -ComObject "Microsoft.Update.ServiceManager"  
$MUSM.Services | select Name, IsDefaultAUService  

Answer 4

I ran these two lines on Windows 10 VM - Windows Update is true. This should mean now it goes directly to the Microsoft Update Services instead of WSUS - before moving updates workload to Intune update was managed by MECM and WSUS. According to this updates workload move for pilot collection went fine on this machine.