We are testing Windows 11 devices. We have SCCM but we noticed that endpoints are not updating.
We have group policy for all endpoints to only take updates from SCCM.
The other policies we use are:
- Enable Client-side targeting – set to enabled
- Configure Automatic Updates – set to disabled
All policies related to windows updates are set to not configured.
With the current policies none of the endpoints seem to update via SCCM.
We have worked with our MSP and provided them logs and the outcome from this was suggested to use a regkey: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\UseUpdateClassPolicySource
DWORD set to 1.
With a sample of 3x endpoints we can see that endpoints now update. But I am concerned where the endpoints are receiving updates from.
Because when I check in CCM logs it does not show that the updates are coming from SCCM. But rather updates are being downloaded into Software Distribution which is traditionally used by Windows Update service via the internet.
What I want to know is do we need to use this regkey to update future Win 11 endpoints as we will be very soon refreshing our estate onto Win 11?
Also want to confirm with this regkey would this be forcing endpoints to only receive updates from SCCM rather than from the internet?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)