The Palo Alto Networks firewall can block access to windows updates for all users. To do so, block relevant URLs in the URL filtering profile.
Keep reading to learn how to block Windows updates for all windows machines inside the network.
Steps
Go to Objects > Security Profiles > URL filtering and click Add.
Give the profile a name and add the below URLs in the block list, with the action selected as "block," and click OK. windowsupdate.microsoft.com *.windowsupdate.microsoft.com *.update.microsoft.com *.windowsupdate.com download.windowsupdate.com download.microsoft.com *.download.windowsupdate.com wustat.windows.com ntservicepack.microsoft.com *.ws.microsoft.com
Call this newly created URL filtering profile in the relevant security policy.