Uninstall Windows 11 Updates Using Intune: A Hassle-Free Approach

WME Blog Uninstall Windows 11 Updates Using Intune - A Hassle-Free Approach

Microsoft is notorious for delivering untested updates that break the system. In Microsoft Intune, you can uninstall these Windows updates and roll back the system to its previous state.

A requirement is that the device runs Windows 10, 1803, or later. During the uninstall period, the update ring will be paused, and Feature & Quality updates can be uninstalled.

End users have no control over the uninstallation process and if the uninstallation requires a restart, the device will reboot without offering the users to postpone or schedule the restart later.

Uninstall Windows 11 Updates Using Intune - Picture 01

Uninstall option in update ring

What are the prerequisites for Uninstalling Feature or Quality updates?

  • The device must be installed with the latest Feature or Quality updates.
  • The device must be running with Windows 10, 1803, or a later version.
  • An update can only be removed within uninstall period (2-60 days from installation). You cannot uninstall an update that has been installed for a longer time than configured uninstallation period.
  • The Update ring must be in a paused state.

What are the steps to uninstall Windows 11 updates using Intune?

Follow these steps to uninstall Windows updates on Windows 11 devices:

  • Login to the Microsoft Intune Admin Center and navigate to Devices-> Select the update ring.

If you select Uninstall, you will see the options Feature and Quality update to uninstall. So, if you want to uninstall monthly security updates, select the option, Quality.

Uninstall Windows 11 Updates Using Intune - Picture 02

Uninstall windows 11 Quality update

  • Now, you will receive a prompt to confirm Quality update uninstallation. Next, click OK to proceed. Also, please verify if the machines are compliant with the update ring.
Uninstall Windows 11 Updates Using Intune - Picture 03

Remove windows 11 Quality update

  • During the uninstallation process, the update ring moved paused state and is no longer active. The latest Quality updates are set to be uninstalled on the machines based on uninstall period and the days remaining are 35. Uninstall period is configured in the update rings Update setting.
Uninstall Windows 11 Updates Using Intune - Picture 04

Quality update – Uninstalled and Paused

  • The Uninstallation update ring policy is applied to the machines as you can see Updates paused state under Settings -> Windows and new update installation will not initiate on the machines.
Uninstall Windows 11 Updates Using Intune - Picture 05

Update paused in Windows 11 device

  • Event viewer (Date and Time: 17-04-2023 18:17:38) shows KB5025239 security update is getting uninstalled as this update is installed on the machines within configured uninstall period. Uninstallation is initiated.
Uninstall Windows 11 Updates Using Intune - Picture 06

Update uninstallation initiated on device

  • System reboot(Eventviewer Date and Time 17-04-2023 18:21:38) is required to complete the uninstallation.
Uninstall Windows 11 Updates Using Intune - Picture 07

Update uninstallation requires system reboot

When will the machine reboot after a Windows 11 Quality Update has been uninstalled?

  • The below prompt messages will appear for system reboot on the machine and click close. The machine will reboot in another 2 minutes. Post reboot, “2023-04 Cumulative update for windows 11version 22H2 for x64-based systems (KB5025239)” update will be removed
Uninstall Windows 11 Updates Using Intune - Picture 08

Quality update – System reboot

Uninstall Windows 11 Updates Using Intune - Picture 09

Quality update – Shutdown in progress

  • Post system reboot, the update has been uninstalled successfully and the state will change as Absent in the Event Viewer (Date and Time 17-04-2023 18:28:48).
Uninstall Windows 11 Updates Using Intune - Picture 10

Update uninstalled on device

  • Open Control Panel and go to Program and features -> Installed updates, you can see KB5025239 update has been removed from the machine.
Uninstall Windows 11 Updates Using Intune - Picture 11

Update uninstalled successfully

MDM Windows update policy details

To troubleshoot issues related to MDM Quality Update policies, you can check the relevant registries in the device’s system. These are:

  • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\Diagnostics\ConfigManager\Update
  • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Update
Uninstall Windows 11 Updates Using Intune - Picture 12

Quality update uninstall – Policy manager

Uninstall Windows 11 Updates Using Intune - Picture 13

Quality update uninstall – Policy State

Uninstall Windows 11 Updates Using Intune - Picture 14

MDM Policy for Quality update uninstall – Registry

At what location is MDM Quality Update Policy found in the Event Viewer?

MDM Quality update Policy is captured in the below location in Event Viewer. Please find the below screenshot.

Applications and Services Logs > Microsoft > Windows > Device Management-Enterprise-Diagnostic-Provider

Uninstall Windows 11 Updates Using Intune - Picture 15

MDM policy for Quality update uninstall – Event Viewer

How can I troubleshoot issues related to MDM Quality update policies using logs in the Event Viewer?

Event logs are the best way to start troubleshooting MDM-related issues and you will get more information about issues in the above location.

For troubleshooting purposes, please collect logs in the Event Viewer. Right-click on the admin node and save all events and choose the location.

  • Now, provide the file name and click save.
  • To get more details in logs, enable debug logs by right-clicking on debug node and then clicking Enable Log.
  • MDM Quality update Policy details will be captured in the below path in Registry and use WBEMTEST to verify the policy in WMI.
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers

Wrapping it up:

To sum it up, Microsoft Intune provides a hassle-free approach to uninstall Windows updates on Windows 11 devices. This can be a useful feature, especially when an update breaks the system. With Intune, you can easily uninstall the update and roll back the system to its previous state.

However, there are certain prerequisites that need to be met for successful uninstallation, and end-users have no control over the uninstallation process. The MDM event viewer can also be used for troubleshooting purposes.

Overall, Intune’s update management capabilities are a valuable tool for IT administrators to ensure the smooth functioning of their organization’s devices.

Facing issues with Intune Management or Windows deployment/installation on your systems?

Question Mark 3D

CONTACT US TODAY

FAQs related to Windows 11 Update Uninstallation Using Intune

Microsoft Intune is a cloud-based endpoint management solution that enables organizations to manage and secure their mobile devices, PCs, and applications from a single console. With Intune, organizations can control access to corporate resources, enforce security policies, and deploy and manage applications across their devices.

Sometimes Windows updates can cause problems, such as system instability, crashes, or application compatibility issues. By uninstalling problematic updates using Intune, you can revert your device to a previous state and avoid these issues.

No, end-users do not have control over the uninstallation process of Windows 11 or any other updates. If the uninstallation requires a restart, the device will reboot without offering the users to postpone or schedule the restart later.

After the system reboots, you can check the Event Viewer to see if the update has been uninstalled successfully. You can also go to Control Panel -> Program and Features -> Installed Updates. Here, you can verify that the update has been removed from the machine.

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=