Enterprise users are receiving unprovoked offers to upgrade to Windows 11 due to an issue in Microsoft’s device management tools. The issue is with Microsoft’s Intune software, which typically allows system administrators to manage mobile devices. Intune governs the use of Windows, macOS, and Android devices attached to enterprise environments. The news was first reported by Bleeping Computer, which also noted that a code-fix was being deployed to systems. The problem was a “latent code issue,” which was then being fixed. It is unclear how Windows systems were offered upgrades to Windows 11. Intune typically determines the usage policies for devices and provisions hardware and software updates. Microsoft didn’t respond to questions from Computerworld about the issue or when it would be resolved. An advisory posted on Microsoft’s website also said system administrators must manually roll back updates to Windows 11 caused by the bug. Enterprises should also pause Windows Updates. Device management can be a problem if system administrators don’t have proper controls, or if rollouts are not compatible with the device management tools in place, said Jack Gold, principal analyst at J. Gold Associates. One example is rolling out a driver update that may not work or has zero capability to roll it back, like what happened with Crowdstrike, Gold said. The rollback from Windows 11 due to the Intune glitch should be tested on a limited basis and rolled out to the entire fleet of affected systems after ensuring no glitches show up, Gold said. The unintentional upgrade notices to Windows 11 come despite Microsoft’s recent announcement of automation and AI features for Intune, designed to automate device management and patch updates. Last month, the company announced Security Copilot, which is designed to prevent security attacks. A Copilot feature for Intune called “Vulnerability Remediation Agent” makes it easier to prioritize patch management and the remediation of security issues on devices. Microsoft last month also announced the preview of Windows 365 Frontline, which sets up a temporary “shared mode” for the cloud-based OS. An Intune automated feature prepares the virtual PC policies that include app access and other provisions. Gold said security and patch management, which is already unforgiving for sysadmins, will get even tougher with AI deployments on devices. Beyond managing devices, system administrators will need to take charge on managing the bits of data accessible to enterprise users for AI. “For the most part, rolling out AI should be no more difficult than other apps, but we’ve seen in the past that apps don’t always play nice together on the same system,” Gold said.