unforeseen Windows 11 Upgrades Plague Intune-Managed Corporate Devices
Table of Contents
In a surprising turn of events, numerous corporate computers managed through Microsoft’s Intune platform have been unexpectedly upgraded to newer versions of Windows 11, even when explicit policies were in place to prevent such upgrades.This issue extends beyond routine security and service updates,causing significant disruption for IT departments.
Microsoft Acknowledges the Issue, Initiates Remediation
Microsoft has officially recognized the problem through a notification (IT10561350) posted on the Microsoft 365 Admin Centre, as reported by BleepingComputer. while the exact number of affected machines remains undisclosed, the issue appears to be widespread. The root cause is attributed to an unspecified coding error within Microsoft’s systems.
The unsolicited upgrades began occurring on Saturday, prompting Microsoft to initiate a repair deployment process on Wednesday. To mitigate further issues, Microsoft advises IT administrators to temporarily halt the installation of new major Windows Update versions on Intune-managed devices.
Impact on Intune users and Recovery Options
Unlike typical home users who rely on default Windows Update settings, Intune-managed environments are designed for controlled deployments. the unauthorized upgrades circumvent these controls, creating potential compatibility issues and workflow disruptions. Unfortunately, Microsoft has confirmed that affected computers will not automatically revert to their previous state.
For organizations requiring a rollback, a manual migration to the previous Windows version is necessary. Fortunately, Windows retains the previous installation for a 10-day period, simplifying the rollback process.
Echoes of the Past: A Similar Incident with Windows Server
This incident bears a striking resemblance to a previous issue in November, where Windows Server 2022 and Server 2019 systems were spontaneously upgraded to Windows Server 2025. In that instance, the update was intended to be optional but was automatically installed, even on servers lacking the appropriate licenses. Microsoft attributed the problem to third-party tools misinterpreting update metadata.
According to Microsoft, third-party tools incorrectly interpreted the update metadata and therefore the upgrade made.
The recent incidents highlight the critical importance of robust update management strategies, especially in enterprise environments. Organizations should carefully review their Intune policies and consider implementing additional safeguards to prevent future unauthorized upgrades. This may include:
- thoroughly testing updates in a pilot environment before widespread deployment.
- Implementing stricter update rings and deferral policies.
- Monitoring update deployment status and promptly addressing any unexpected behavior.
As Microsoft continues to investigate and address the underlying causes of these issues, proactive measures are essential to maintain system stability and prevent disruptions to business operations.
