Ok so how does the new dangled Dual Scan functions work. For what matter – how does Microsoft Updates work in Windows 10 1607 and higher??
Well , you see, there are 3 ways in which Windows updates work (or don’t as the case may be…) especially if you are using SCCM
- OS Updates – These are the ones that show in the Setup Event log as having been install
- Application Updates – These are the ones that show in the Application Event log as having been installed aka legacy applications aka non-modern apps
- Modern apps – These are the ones via Windows Store and show in Microsoft-Windows-AppXDeploymentServer/Operational event log as being installed.
First thing you need to understand is that : “While system specific updates will still reach out to WSUS or SCCM, or against Microsoft Update if the machine is configured to use Microsoft Update instead of Windows Update, the Store App updates are not yet cached or supported on WSUS or SCCM yet. Ref: Why WSUS and SCCM managed clients are reaching out to Microsoft Online
SO if you want your appx apps to be updated DO NOT enable “Do not connect to any Windows Update Internet locations” it will stopp APppX apps being updated
To get updates working with SCCM, all you need to do is disable two settings and make sure all the others are un-configured AND you have no legacy registry settings interfering with your settings
The first setting stops users getting the prompts that your updates are out of date
The second just stops any configuring of automatic update.
This sounds counter-intuitive for SCCM, but the reality is SCCM uses Local Group Policy Settings to configure Automatic updates not GPO