Client update for Microsoft Configuration Manager version 2303

Applies to: Configuration Manager (current branch, version 2303)

Summary of KB25073607

  • October 30, 2023: This update is available after revision to correct an issue updating the WindowsUpdate registry key. The revised update uses KB article ID 25506239.

An update is available that fixes the following issues with the Configuration Manager current branch, version 2303.

  • Windows 11 version 22H2 clients configured with a deferral policy for Windows Updates and managed by Configuration Manager current branch, version 2303, may not show updates as applicable.

    This happens because the value for the UseUpdateClassPolicySource registry key under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU isn't correctly set. This update correctly sets the value for Configuration Manager clients.

  • Clients may incorrectly display a Windows Hello for Business toast notification that resembles the following below.

    This system is configured to use Windows Hello for Enterprise. Click here to configure your PIN

    This company resource access feature was deprecated in Configuration Manager version 2203, but if the client receives Windows Hello for Business policy through other means, such as group policy, the message above can be displayed.

Update information for Microsoft Configuration Manager

The following hotfix to resolve this problem is available for download from the Microsoft Download Center:


The original version of the hotfix used KB25073607 in the name. After you download the hotfix, see the following documentation for installation instructions:

Use the Update Registration Tool to import hotfixes to Configuration Manager


To apply this hotfix, you must be using Configuration Manager, version 2303 in addition to the following update:

KB21010486 Update rollup for Microsoft Configuration Manager version 2303

Restart information

This update doesn't require a computer restart or initiate a site reset.

Other installation information

After you install this update on a primary site, pre-existing secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, select Administration > Site Configuration > Sites > Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. Configurations and settings for the secondary site are not affected by this reinstallation. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.

Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:

select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')

If the value 1 is returned, the site is up to date, with all the hotfixes applied on its parent primary site.

If the value 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.

Hotfix replacement information

This hotfix doesn't replace any previously released hotfix.

File information

File information is available in the downloadable KB25506239_FileList.txt text file. File information for the original release is available in KB25073607_FileList.txt.

Release history

  • September 20, 2023: Initial hotfix release
  • October 30, 2023: Hotfix re-released to correct registry issue