Here is the catch: if you have not explicitly disabled dual-scan, you are good to use intune to patch your windows devices.
Some information about the dual scan https://techcommunity.microsoft.com/t5/configuration-manager-blog/third-party-updates-and-windows-update-for-business/ba-p/1660970
additional information incase you would like to remove the registry keys incase you have dual scan disabled.
powershell script to clear the reg keys:
$ErrorActionPreference = 'SilentlyContinue'
Remove-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate' -Force -Name WUServer
Remove-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate' -Force -Name TargetGroup
Remove-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate' -Force -Name WUStatusServer
Remove-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate' -Force -Name TargetGroupEnable
Set-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU' -Value 0 -Force -Name UseWUServer
Set-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU' -Value 0 -Force -Name NoAutoUpdate
Set-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate' -Value 0 -force -Name DisableWindowsUpdateAccess
Restart-Service -Name wuauserv
Thanks,
Eswar
www.eskonr.com