Windows Update bug blocks Azure Virtual Desktops security updates

Microsoft is working to fix a known issue blocking Azure Virtual Desktops devices from downloading downloading and installing recent security updates via Windows Server Update Services (WSUS).

“We are investigating an issue where devices running Windows 10 Enterprise multi-session, version 1909 might not be able to download updates later than May 2021,” Microsoft says in the Windows Health Dashboard.

“This is observed in the Settings app under the Windows Update setting, which will display the message ‘You’re up to date’ even if no updates later than May 2021 have been installed.”

The known issue impacts both client (Windows 10 Enterprise multi-session, version 1909) and server (Windows Server multi-session, version 1909) platforms.

Microsoft is currently working on resolving this bug and will update addressing the bug in an upcoming Windows release.

Workarounds available

Until a fix is available for this issue, Microsoft provides two workarounds that would allow customers to apply monthly security updates on Azure Virtual Desktops systems from WSUS.

The first one requires deploying up-to-date images, including all Azure Marketplace security updates to impacted devices.

The second approach, needed if image redeployment is not an option, requires you to download the security updates from the Microsoft Update Catalog and install them manually on these devices.

“You can download these updates from the Microsoft Update Catalog as Microsoft Update (.msu) files and deploy them using your management solution,” Microsoft explains.

“These downloads are Microsoft Update (.msu) files. You can now add these files to your endpoint management system and deploy to devices running Windows 10 Enterprise or Education, version 1909.”

Detailed instructions on how to redeploy images and manually install updates are available in the KB5004926 support document.