What do i need to setup or configure to block devices from running update?
What devices do you not want to update?
all devices 》 use layer7 firewall
specific devices 》use group policy with layer7 firewall .
at L3 or L7?
i have it enable at L7 but still some client jump through and still run update.
Network Wides >Group Policy > Software & anti-virus updates > All softwares and anti-virus updates