Hello Spencer
To achieve this, you can create a Group Policy Object (GPO) specifically for the test devices that have been moved to Co-Management. This GPO can be configured to disable the specific settings that are preventing access to Windows Update for Business (WUFB).
Here are the steps you can take:
Create a new Organizational Unit (OU) in Active Directory for the test devices that have been moved to Co-Management. Move the test devices to this new OU.
Create a new GPO in Group Policy Management Console (GPMC) specifically for the test devices. You can configure this GPO to disable the specific settings that are preventing access to WUFB.
Apply the new GPO to the OU where the test devices are located. This will ensure that only the test devices have these specific settings applied, while the rest of the organization's devices will continue to be managed by the existing GPOs.
Once the new GPO is applied to the test devices, monitor their behavior to ensure that they are now able to access WUFB and receive the necessary updates from Intune.