These are the steps that definitely fixed the issue for me:
Delete the computer from the WSUS console
On the affected client, stop the Windows Update service
On the affected client, rename the folder C:\Windows\SoftwareDistribution
Start the Windows Update service
Run the following command in and administrative prompt:
wuauclt /detectnow /reportnow /scannow /resetauthorization
After 15 minutes or so the client will reappear in the WSUS console and report correctly
I had a related issue with MDT deployed machines not detecting any updates.
I ran this script on the PC.
https://www.tenforums.com/tutorials/24742-reset-windows-update-windows-10-a.html