Share via

Windows 11 Intune MDM update not offered errors

Daniel Kendall 0 Reputation points
2025-03-25T08:54:26.7633333+00:00

We are a corporate customer who are at present managing our transition from Windows 10 22H2 to Windows 11 24H2.

On one of our devices we have the following error:

InstallAccessDenied

Severity

Error

Owner

Customer Action

Description

Installer doesn't have permission to access or replace a file. The installer might have tried to replace a file that an antivirus, antimalware, or a backup program is currently scanning.

Recommended action

The Windows Update services could not access the necessary system locations, please retry the installation. (This can often occur with 3rd party security products, SEE Virus scanning recommendations for Enterprise computers that are running Windows or Windows Server (KB822158) - Microsoft Support )

And on the other we have a Compatibility safeguard but cant see anything on known issues and the readiness report shows 0 on issues (but medium risk)

All devices in question are part of a pilot group on intune with the following settings:

Update settings

Microsoft product updates

Allow

Windows drivers

Block

Quality update deferral period (days)

1

Feature update deferral period (days)

1

Upgrade Windows 10 devices to Latest Windows 11 release

Yes

Set feature update uninstall period (2 - 60 days)

2

Servicing channel

General Availability channel

User experience settings

Automatic update behavior

Notify download

Option to pause Windows updates

Disable

Option to check for Windows updates

Enable

Change notification update level

Use the default Windows Update notifications

Use deadline settings

Allow

Deadline for feature updates

0

Deadline for quality updates

0

Grace period

0

Auto reboot before deadline

Yes

And meet system requirements.

Any advice on how we can ensure this is offered via Windows Update?

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,570 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 53,821 Reputation points Microsoft External Staff
    2025-03-26T01:29:30.7466667+00:00

    @Daniel Kendall, Thanks for posting in Q&A. It sounds like you're encountering two distinct issues during your transition from Windows 10 to Windows 11. Let's address each one separately and provide some steps to resolve them.

    Issue 1: InstallAccessDenied Error.

    The Windows Update services could not access the necessary system locations, Please try the following suggestions to see if it can resolve.

    1. Disable Antivirus/Antimalware Temporarily:
      • Temporarily disable any third-party antivirus or antimalware software during the installation process. Remember to re-enable it after the installation is complete.
    2. Check for Locked Files:
      • Ensure that no other programs (like backup software) are accessing the files that the installer needs to replace. You can use tools like Process Explorer to identify and unlock these files.
    3. Windows Update Services:
      • Restart the Windows Update services.

    Issue 2: Compatibility Safeguard

    To upgrade to Windows 11 24H2, please configure Feature policy and select Windows 11 24H2 version to upgrade.

    https://learn.microsoft.com/en-us/intune/intune-service/protect/windows-10-feature-updates

    After checking the update settings in Intune are correctly configured to allow feature updates to Windows 11. For Feature update deferral period (days), it is recommended to be set to 0.

    For the compatibility safeguard issue, we can use Windows Update for Business reports to monitor various update health metrics for devices in their organization. The reports provide a list of active Safeguard Holds to provide you with insight into the safeguard holds that are preventing devices from updating or upgrading. Could you confirm if the readiness report you checked without error is this one?

    https://learn.microsoft.com/en-us/windows/deployment/update/safeguard-holds

    Meanwhile, ensure that all device drivers and firmware are up to date. This can often resolve compatibility issues. Make sure the hardware requirements are met.

    https://learn.microsoft.com/en-us/windows-hardware/design/minimum/minimum-hardware-requirements-overview

    Please try the above suggestion and if there's any update, feel free to let us know.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.