A bug in Intune causes the blocking of Windows 11 installation on Windows 10 computers to be ignored. As a result, the OS still ends up on systems that might not be ready for it.
Administrators who, for one reason or another, do not want Windows 11 to be rolled out to Windows 10 systems under their jurisdiction can block its installation via Intune. A bug in this cloud-based management tool now causes the policy rule to be ignored, and Windows 11 is installed anyway.
The bug has reportedly been manifesting since April 12 and affects some devices. The scale of the problem is not so clear. Microsoft confirms the issue via the Microsoft 365 admin center. However, the Windows builder doesn’t know exactly what’s causing it. Although Microsoft strongly urges users to upgrade, it’s not an intentional rollout.
Blocking Updates
The only way to prevent an unwanted rollout of Windows 11 at this time is to pause all feature updates via Intune. This also keeps Windows 11 at bay. Devices that have already received Windows 11 cannot be easily rolled back. This requires manual intervention.
Although the end of support for Windows 10 is rapidly approaching, there are numerous reasons for administrators to delay the rollout of Windows 11. Legacy compatibility could be an issue, for example, or additional staff training might be necessary. In any case, an administrator usually has a good reason to set policy in Intune and block the upgrade.
While the scale of the problem is likely limited, it might be a good idea to err on the side of caution and block feature updates for the entire organization when an unwanted Windows 11 update is not desirable.