We have deploy new windows clients using Autopilot and MS Intune.
\nWe have existing WSUS server for managing Windows updates.
\nHow can we make use of the existing WSUS server to manage/deployment of Windows Update to autopilot clients?
\nCan this be done<\/p>","upvoteCount":2,"answerCount":4,"datePublished":"2025-06-24T05:46:01.454Z","author":{"@type":"Person","name":"yeowkm","url":"https://community.spiceworks.com/u/yeowkm"},"suggestedAnswer":[{"@type":"Answer","text":"

Advertisement

Close

We have deploy new windows clients using Autopilot and MS Intune.
\nWe have existing WSUS server for managing Windows updates.
\nHow can we make use of the existing WSUS server to manage/deployment of Windows Update to autopilot clients?
\nCan this be done<\/p>","upvoteCount":2,"datePublished":"2025-06-24T05:46:01.509Z","url":"https://community.spiceworks.com/t/use-wsus-server-for-autopilot-clients-windows-update/1217695/1","author":{"@type":"Person","name":"yeowkm","url":"https://community.spiceworks.com/u/yeowkm"}},{"@type":"Answer","text":"

Advertisement

Close

WSUS is deprecated, you should look at your options.<\/p>\n

If you’re using Intune and autopilot, why aren’t you using the update rings feature?<\/p>\n

But to specifically answer your question, your clients wont see WSUS because it’s on-prem and your devices are not domain joined, so GPO wont apply, even if it did or you could use WSUS, you’d need a VPN on your clients to see it or make your WSUS internet facing, this then means you have to consider the security of it and you will also use up more internet when you deploy updates.<\/p>\n

It makes more sense to either patch with the 365 tools you have or use a native cloud managed updating solution, such as previously mentioned Vendors > Action1<\/span><\/a><\/p>\n

Remaining with legacy products when your setup is mostly modern isn’t practical.<\/p>","upvoteCount":1,"datePublished":"2025-06-24T10:28:17.825Z","url":"https://community.spiceworks.com/t/use-wsus-server-for-autopilot-clients-windows-update/1217695/2","author":{"@type":"Person","name":"Rod-IT","url":"https://community.spiceworks.com/u/Rod-IT"}},{"@type":"Answer","text":"

Windows Updates for Business managed by Intune would be my suggestion here…OP would have to create GPO’s and define OU’s for WSUS to work, and defeat Intune’s intended purpose…<\/p>","upvoteCount":0,"datePublished":"2025-06-24T16:19:07.530Z","url":"https://community.spiceworks.com/t/use-wsus-server-for-autopilot-clients-windows-update/1217695/3","author":{"@type":"Person","name":"Jay-Updegrove","url":"https://community.spiceworks.com/u/Jay-Updegrove"}},{"@type":"Answer","text":"

As already told by everyone, since you’re using Autopilot and Intune, it’s best to avoid integrating WSUS and instead follow these steps:<\/p>\n

Use Intune Update Rings: Set up update rings in Intune to manage quality and feature updates. This aligns with your cloud-first environment and gives you better control.<\/p>\n

Avoid WSUS for Modern Devices: WSUS requires domain join, GPOs, or VPN access. Making WSUS internet-facing introduces security risks and defeats the purpose of using Intune.<\/p>\n

Leverage Windows Update for Business: It’s designed for cloud-managed devices like yours and integrates directly with Intune for seamless update management.<\/p>","upvoteCount":1,"datePublished":"2025-07-01T05:21:23.102Z","url":"https://community.spiceworks.com/t/use-wsus-server-for-autopilot-clients-windows-update/1217695/4","author":{"@type":"Person","name":"afroz-stellar","url":"https://community.spiceworks.com/u/afroz-stellar"}}]}}