Microsoft is notorious for delivering untested updates that break the system. In Microsoft Intune, you can uninstall these Windows updates and roll back the system to its previous state.
A requirement is that the device runs Windows 10, 1803, or later. During the uninstall period, the update ring will be paused, and Feature & Quality updates can be uninstalled.
End users have no control over the uninstallation process and if the uninstallation requires a restart, the device will reboot without offering the users to postpone or schedule the restart later.
Uninstall option in update ring
What are the prerequisites for Uninstalling Feature or Quality updates?
- The device must be installed with the latest Feature or Quality updates.
- The device must be running with Windows 10, 1803, or a later version.
- An update can only be removed within uninstall period (2-60 days from installation). You cannot uninstall an update that has been installed for a longer time than configured uninstallation period.
- The Update ring must be in a paused state.
What are the steps to uninstall Windows 11 updates using Intune?
Follow these steps to uninstall Windows updates on Windows 11 devices:
- Login to the Microsoft Intune Admin Center and navigate to Devices-> Select the update ring.
If you select Uninstall, you will see the options Feature and Quality update to uninstall. So, if you want to uninstall monthly security updates, select the option, Quality.
Uninstall windows 11 Quality update
- Now, you will receive a prompt to confirm Quality update uninstallation. Next, click OK to proceed. Also, please verify if the machines are compliant with the update ring.
Remove windows 11 Quality update
- During the uninstallation process, the update ring moved paused state and is no longer active. The latest Quality updates are set to be uninstalled on the machines based on uninstall period and the days remaining are 35. Uninstall period is configured in the update rings Update setting.
Quality update – Uninstalled and Paused
- The Uninstallation update ring policy is applied to the machines as you can see Updates paused state under Settings -> Windows and new update installation will not initiate on the machines.
Update paused in Windows 11 device
- Event viewer (Date and Time: 17-04-2023 18:17:38) shows KB5025239 security update is getting uninstalled as this update is installed on the machines within configured uninstall period. Uninstallation is initiated.
Update uninstallation initiated on device
- System reboot(Eventviewer Date and Time 17-04-2023 18:21:38) is required to complete the uninstallation.
Update uninstallation requires system reboot
When will the machine reboot after a Windows 11 Quality Update has been uninstalled?
- The below prompt messages will appear for system reboot on the machine and click close. The machine will reboot in another 2 minutes. Post reboot, “2023-04 Cumulative update for windows 11version 22H2 for x64-based systems (KB5025239)” update will be removed
Quality update – System reboot
Quality update – Shutdown in progress
- Post system reboot, the update has been uninstalled successfully and the state will change as Absent in the Event Viewer (Date and Time 17-04-2023 18:28:48).
Update uninstalled on device
- Open Control Panel and go to Program and features -> Installed updates, you can see KB5025239 update has been removed from the machine.
Update uninstalled successfully
MDM Windows update policy details
To troubleshoot issues related to MDM Quality Update policies, you can check the relevant registries in the device’s system. These are:
Quality update uninstall – Policy manager
Quality update uninstall – Policy State
MDM Policy for Quality update uninstall – Registry
At what location is MDM Quality Update Policy found in the Event Viewer?
MDM Quality update Policy is captured in the below location in Event Viewer. Please find the below screenshot.
Applications and Services Logs > Microsoft > Windows > Device Management-Enterprise-Diagnostic-Provider
MDM policy for Quality update uninstall – Event Viewer
How can I troubleshoot issues related to MDM Quality update policies using logs in the Event Viewer?
Event logs are the best way to start troubleshooting MDM-related issues and you will get more information about issues in the above location.
For troubleshooting purposes, please collect logs in the Event Viewer. Right-click on the admin node and save all events and choose the location.
- Now, provide the file name and click save.
- To get more details in logs, enable debug logs by right-clicking on debug node and then clicking Enable Log.
- MDM Quality update Policy details will be captured in the below path in Registry and use WBEMTEST to verify the policy in WMI.
Wrapping it up:
To sum it up, Microsoft Intune provides a hassle-free approach to uninstall Windows updates on Windows 11 devices. This can be a useful feature, especially when an update breaks the system. With Intune, you can easily uninstall the update and roll back the system to its previous state.
However, there are certain prerequisites that need to be met for successful uninstallation, and end-users have no control over the uninstallation process. The MDM event viewer can also be used for troubleshooting purposes.
Overall, Intune’s update management capabilities are a valuable tool for IT administrators to ensure the smooth functioning of their organization’s devices.
Facing issues with Intune Management or Windows deployment/installation on your systems?
CONTACT US TODAY
FAQs related to Windows 11 Update Uninstallation Using Intune
Microsoft Intune is a cloud-based endpoint management solution that enables organizations to manage and secure their mobile devices, PCs, and applications from a single console. With Intune, organizations can control access to corporate resources, enforce security policies, and deploy and manage applications across their devices.
Sometimes Windows updates can cause problems, such as system instability, crashes, or application compatibility issues. By uninstalling problematic updates using Intune, you can revert your device to a previous state and avoid these issues.
No, end-users do not have control over the uninstallation process of Windows 11 or any other updates. If the uninstallation requires a restart, the device will reboot without offering the users to postpone or schedule the restart later.
After the system reboots, you can check the Event Viewer to see if the update has been uninstalled successfully. You can also go to Control Panel -> Program and Features -> Installed Updates. Here, you can verify that the update has been removed from the machine.