Found that Windows 10 does not upgrade if access protection is not disabled in VSE policy. Anybody found similar issue? How can I allow users to upgrade without turning off access protection?
What was being blocked in the accessprotectionlog? You can find the process and either add it to your low-risk policy, or to the access protection policy and push it down to users.