Windows Update Management via Intune & WSUS

Question

Hello Experts,

I have a question. Let's say I have a WSUS in my office where all the windows endpoints get updates. Plus we have Intune tenant in our Org and most of the PCs are enrolled. Since most of the users WFH these days their PCs not getting updates as they don't have connectivity to WSUS. Is it possible that we can also deploy Windows Updates from Intune utilizing Windows Update for business for these devices that already pointed to WSUS? Would it work?

Please advice.

Answer 1

Here is the catch: if you have not explicitly disabled dual-scan, you are good to use intune to patch your windows devices.
Some information about the dual scan https://techcommunity.microsoft.com/t5/configuration-manager-blog/third-party-updates-and-windows-update-for-business/ba-p/1660970

additional information incase you would like to remove the registry keys incase you have dual scan disabled.

powershell script to clear the reg keys:

$ErrorActionPreference = 'SilentlyContinue'
Remove-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate' -Force -Name WUServer
Remove-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate' -Force -Name TargetGroup
Remove-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate' -Force -Name WUStatusServer
Remove-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate' -Force -Name TargetGroupEnable
Set-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU' -Value 0 -Force -Name UseWUServer
Set-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU' -Value 0 -Force -Name NoAutoUpdate
Set-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate'    -Value 0 -force -Name DisableWindowsUpdateAccess
Restart-Service -Name wuauserv

Thanks,
Eswar
www.eskonr.com