This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 12%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBF%3C/text%3E%3C/svg%3E)
Not sure if I am in the right place but this question is about Configuration Manager.
When software updates become available, in CM, it shows that only 1 device is required but non being installed. We have 90+ computers that this update should be installed on.
'
Seems like Windows Update is installing it vs CM. I see this with Office 365 updates and others.
Is there a way to fix this so that CM does the updates and not Windows?
@Bill Fry
Thank you for posting in Microsoft Q&A forum and you are in the right place.
You may check if you have configured any group policy of WUfB? The WUfB setting will enable our clients to also reach out to Microsoft Update online to fetch update bypassing our WSUS/SCCM end-point. And check if your "Do not allow update deferral policies to cause scans against Windows Update" policy have enabled.
For more details, you may refer to below link:
https://techcommunity.microsoft.com/t5/configuration-manager-archive/using-configmgr-with-windows-10-wufb-deferral-policies/ba-p/274278
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
The ConfigMgr site isn't instantly aware of the update compliance of managed systems. This is reported in every 7 days (by default) for updates that are not deployed. This in no way prevents you from deploying the required updates though. In general, if an update is applicable to an in-scope product in your environment, you should deploy it per our update policy and not wait for update compliance scanning results as that would make your process reactive instead of proactive and security should be a proactive activity.