Windows 10 Enterprise Devices unexpectedly updating

I recently had the Situation in my Environment, that I’ve found a few managed Windows 10 1703 Enterprise Devices, which updated on their own to Windows 10 1709. I immediately had Dual-Scan in mind, however we don’t have any deferral policies configured in Group Policy, nor are we using any Servicing Plans in ConfigMgr.

Additionally, there were numerous Devices that installed Quality- and Driver-Updates from Microsoft Update.

As written, those devices are all being managed by Configuration Manager current branch, which also does all the Update Deployments. After raising a Support Call with Microsoft and few hours of troubleshooting later, we have enabled the following Group Policy Setting.

Computer Configuration\Policies\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off access to all Windows Update features

This is the same setting, which was mentioned as a workaround in the above linked Dual Scan Blog post.

Since of today, we haven’t got any reports of other unexpected updates.

As an additional note, the above GPO Setting doesn’t break any Microsoft Store functionality. The one responsible for this is called “Do not connect to any Windows Update Internet locations“.

Rate this post


  1. Susan Bradley 24. January 2018

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.