From f6d4a5f536e226f8077ec2db6bafb85fe4eb6ee0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafa=C5=82=20Fitt?=
<36852431+rafalfitt@users.noreply.github.com>
Date: Sun, 23 Feb 2025 14:41:18 +0100
Subject: [PATCH 1/6] Update design-create-appid-tagging-policies.md
Problems might occur if your policy is NOT build off the base templates - what's why it is strongly recommended to build off the base templates.
---
.../AppIdTagging/design-create-appid-tagging-policies.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md
index 363d4b5dd8..0a03a710a9 100644
--- a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md
+++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md
@@ -21,7 +21,7 @@ You can use the App Control for Business Wizard and the PowerShell commands to c
:::image type="content" alt-text="Configuring the policy base and template." source="../images/appid-appcontrol-wizard-1.png" lightbox="../images/appid-appcontrol-wizard-1.png":::
> [!NOTE]
- > If your AppId Tagging Policy does build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates. For more information on the issue, see the [AppId Tagging Known Issue](../operations/known-issues.md#slow-boot-and-performance-with-custom-policies).
+ > If your AppId Tagging Policy does not build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates. For more information on the issue, see the [AppId Tagging Known Issue](../operations/known-issues.md#slow-boot-and-performance-with-custom-policies).
2. Set the following rule-options using the Wizard toggles:
From 5a9bd43b00bae801dabd6d4b598ca42920b627b4 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 25 Feb 2025 06:10:12 -0500
Subject: [PATCH 2/6] revert change
---
.../start/includes/hide-recently-added-apps.md | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/windows/configuration/start/includes/hide-recently-added-apps.md b/windows/configuration/start/includes/hide-recently-added-apps.md
index 92a4d13c36..8dac911b1b 100644
--- a/windows/configuration/start/includes/hide-recently-added-apps.md
+++ b/windows/configuration/start/includes/hide-recently-added-apps.md
@@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
-ms.date: 04/10/2024
+ms.date: 02/25/2025
ms.topic: include
---
@@ -9,14 +9,8 @@ ms.topic: include
With this policy setting, you can prevent the Start menu from displaying a list of recently installed applications:
-- If **enabled**, the Start menu doesn't display the **Recently added** list. The corresponding option in Settings can't be configured (grayed out).
-- If **disabled** or **not configured**, the Start menu displays the **Recently added** list. The corresponding option in Settings can be configured.
-
-> [!IMPORTANT]
-> Starting in Windows 11, version 22H2 with [KB5048685](https://support.microsoft.com/topic/4602-ea3736d3-6948-4fd7-9faf-8d732ac2ed59), the policy setting behavior changed.
->
-> - If **enabled**, the corresponding option in Settings can't be configured (grayed out). The policy setting doesn't affect the display of recently installed applications in the Recommended section of the Start menu.
-> - If **disabled** or **not configured**, the corresponding option in Settings can be configured.
+- If **enabled**, the Start menu doesn't display the **Recently added** list. The corresponding option in Settings can't be configured (grayed out)
+- If **disabled** or **not configured**, the Start menu displays the **Recently added** list. The corresponding option in Settings can be configured
| | Path |
|--|--|
From b088c8510ef4689fb9975d831deccf1baf630111 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 25 Feb 2025 08:03:58 -0500
Subject: [PATCH 3/6] Freshness review
---
education/windows/suspcs/index.md | 2 +-
.../configuration/start/policy-settings.md | 2 +-
.../includes/show-notification-bell-icon.md | 23 +++++++++++++++++++
.../turn-off-abbreviated-date-time-format.md | 22 ++++++++++++++++++
.../additional-mitigations.md | 2 +-
.../credential-guard/configure.md | 2 +-
.../considerations-known-issues.md | 2 +-
.../credential-guard/how-it-works.md | 2 +-
.../credential-guard/index.md | 2 +-
.../hello-for-business/deploy/cloud-only.md | 2 +-
.../deploy/hybrid-cert-trust-adfs.md | 2 +-
.../deploy/hybrid-cert-trust-enroll.md | 2 +-
.../deploy/hybrid-cert-trust-pki.md | 2 +-
.../deploy/hybrid-cert-trust.md | 2 +-
.../deploy/hybrid-cloud-kerberos-trust.md | 4 ++--
.../deploy/hybrid-key-trust-enroll.md | 2 +-
.../deploy/hybrid-key-trust.md | 2 +-
.../hello-for-business/deploy/index.md | 4 ++--
.../deploy/on-premises-cert-trust-adfs.md | 2 +-
.../deploy/on-premises-cert-trust-enroll.md | 2 +-
.../deploy/on-premises-cert-trust.md | 2 +-
.../deploy/on-premises-key-trust-adfs.md | 2 +-
.../deploy/on-premises-key-trust-enroll.md | 2 +-
.../deploy/on-premises-key-trust.md | 2 +-
.../deploy/prepare-users.md | 2 +-
.../data-protection/configure-s-mime.md | 2 +-
.../data-protection/encrypted-hard-drive.md | 2 +-
27 files changed, 72 insertions(+), 27 deletions(-)
create mode 100644 windows/configuration/taskbar/includes/show-notification-bell-icon.md
create mode 100644 windows/configuration/taskbar/includes/turn-off-abbreviated-date-time-format.md
diff --git a/education/windows/suspcs/index.md b/education/windows/suspcs/index.md
index 3e41143df7..34ae3b990a 100644
--- a/education/windows/suspcs/index.md
+++ b/education/windows/suspcs/index.md
@@ -2,7 +2,7 @@
title: Use Set up School PCs app
description: Learn how to use the Set up School PCs app and apply the provisioning package.
ms.topic: how-to
-ms.date: 07/09/2024
+ms.date: 02/25/2025
appliesto:
- ✅ Windows 11
- ✅ Windows 10
diff --git a/windows/configuration/start/policy-settings.md b/windows/configuration/start/policy-settings.md
index 88ca88a0d4..08a7751472 100644
--- a/windows/configuration/start/policy-settings.md
+++ b/windows/configuration/start/policy-settings.md
@@ -2,7 +2,7 @@
title: Start policy settings
description: Learn about the policy settings to configure the Windows Start menu.
ms.topic: reference
-ms.date: 07/10/2024
+ms.date: 02/25/2025
appliesto:
zone_pivot_groups: windows-versions-11-10
---
diff --git a/windows/configuration/taskbar/includes/show-notification-bell-icon.md b/windows/configuration/taskbar/includes/show-notification-bell-icon.md
new file mode 100644
index 0000000000..e6b888ea52
--- /dev/null
+++ b/windows/configuration/taskbar/includes/show-notification-bell-icon.md
@@ -0,0 +1,23 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 02/25/2025
+ms.topic: include
+---
+
+### Show notification bell icon
+
+This policy setting allows you to show the notification bell icon in the system tray:
+
+- If you enable this policy setting, the notification icon is always displayed
+- If you disable or don't configure this policy setting, the notification icon is only displayed when there's a special status (for example, when *do not disturb* is turned on)
+
+> [!NOTE]
+> A reboot is required for this policy setting to take effect.
+
+| | Path |
+|--|--|
+| **CSP** |- `./User/Vendor/MSFT/Policy/Config/Start/`[AlwaysShowNotificationIcon](/windows/client-management/mdm/policy-csp-start#AlwaysShowNotificationIcon) |
+| **GPO** |- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
+
+
\ No newline at end of file
+|Home|❌|
diff --git a/windows/configuration/shell-launcher/wedl-assignedaccess.md b/windows/configuration/shell-launcher/wedl-assignedaccess.md
index 6203943578..dca3e6af7b 100644
--- a/windows/configuration/shell-launcher/wedl-assignedaccess.md
+++ b/windows/configuration/shell-launcher/wedl-assignedaccess.md
@@ -1,14 +1,16 @@
---
-title: WEDL\_AssignedAccess
-description: WEDL\_AssignedAccess
-ms.date: 05/20/2024
+title: WEDL_AssignedAccess
+description: WEDL_AssignedAccess
+ms.date: 02/25/2025
ms.topic: reference
---
-# WEDL\_AssignedAccess
+# WEDL_AssignedAccess
This Windows Management Instrumentation (WMI) provider class configures settings for assigned access.
+[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
+
## Syntax
```powershell
@@ -129,13 +131,3 @@ if ($AssignedAccessConfig) {
"Could not set up assigned access account."
}
```
-
-## Requirements
-
-| Windows Edition | Supported |
-|:-----------------------|:---------:|
-| Windows Home | No |
-| Windows Pro | No |
-| Windows Enterprise | Yes |
-| Windows Education | Yes |
-| Windows IoT Enterprise | Yes |
diff --git a/windows/configuration/shell-launcher/wesl-usersetting.md b/windows/configuration/shell-launcher/wesl-usersetting.md
index 3d7851941e..ce3019dbf0 100644
--- a/windows/configuration/shell-launcher/wesl-usersetting.md
+++ b/windows/configuration/shell-launcher/wesl-usersetting.md
@@ -1,7 +1,7 @@
---
title: WESL_UserSetting
description: WESL_UserSetting
-ms.date: 05/02/2017
+ms.date: 02/25/2025
ms.topic: reference
---
@@ -9,6 +9,8 @@ ms.topic: reference
This class configures which application Shell Launcher starts based on the security identifier (SID) of the signed in user, and also configures the set of return codes and return actions that Shell Launcher performs when the application exits.
+[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
+
## Syntax
```powershell
@@ -158,17 +160,3 @@ $ShellLauncherClass.RemoveCustomShell($Admins_SID)
$ShellLauncherClass.RemoveCustomShell($Cashier_SID)
```
-
-## Requirements
-
-| Windows Edition | Supported |
-|:-----------------------|:---------:|
-| Windows Home | No |
-| Windows Pro | No |
-| Windows Enterprise | Yes |
-| Windows Education | Yes |
-| Windows IoT Enterprise | Yes |
-
-## Related topics
-
-- [Shell Launcher](index.md)
diff --git a/windows/configuration/shell-launcher/wesl-usersettinggetcustomshell.md b/windows/configuration/shell-launcher/wesl-usersettinggetcustomshell.md
index 5633e7df6e..6be4813c8c 100644
--- a/windows/configuration/shell-launcher/wesl-usersettinggetcustomshell.md
+++ b/windows/configuration/shell-launcher/wesl-usersettinggetcustomshell.md
@@ -1,7 +1,7 @@
---
title: WESL_UserSetting.GetCustomShell
description: WESL_UserSetting.GetCustomShell
-ms.date: 05/20/2024
+ms.date: 02/25/2025
ms.topic: reference
---
@@ -9,6 +9,8 @@ ms.topic: reference
This method retrieves the Shell Launcher configuration for a specific user or group, based on the security identifier (SID).
+[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
+
## Syntax
```powershell
@@ -60,18 +62,3 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n
Shell Launcher uses the *CustomReturnCodes* and *CustomReturnCodesAction* arrays to determine the system behavior when the shell application exits, based on the return value of the application.
If the return value does not exist in *CustomReturnCodes*, or if the corresponding action defined in *CustomReturnCodesAction* is not a valid value, Shell Launcher uses *DefaultAction* to determine system behavior. If *DefaultAction* is not defined, or is not a valid value, Shell Launcher restarts the shell application.
-
-## Requirements
-
-| Windows Edition | Supported |
-|:-----------------------|:---------:|
-| Windows Home | No |
-| Windows Pro | No |
-| Windows Enterprise | Yes |
-| Windows Education | Yes |
-| Windows IoT Enterprise | Yes |
-
-## Related topics
-
-- [WESL_UserSetting](wesl-usersetting.md)
-- [Shell Launcher](index.md)
diff --git a/windows/configuration/shell-launcher/wesl-usersettinggetdefaultshell.md b/windows/configuration/shell-launcher/wesl-usersettinggetdefaultshell.md
index 9cabb200ab..c32948ad15 100644
--- a/windows/configuration/shell-launcher/wesl-usersettinggetdefaultshell.md
+++ b/windows/configuration/shell-launcher/wesl-usersettinggetdefaultshell.md
@@ -1,7 +1,7 @@
---
title: WESL_UserSetting.GetDefaultShell
description: WESL_UserSetting.GetDefaultShell
-ms.date: 05/20/2024
+ms.date: 02/25/2025
ms.topic: reference
---
@@ -9,6 +9,8 @@ ms.topic: reference
This method retrieves the default Shell Launcher configuration.
+[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
+
## Syntax
```powershell
@@ -40,18 +42,3 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n
## Remarks
Shell Launcher uses the default configuration when the security identifier (SID) of the user who is currently signed in does not match any custom defined Shell Launcher configurations.
-
-## Requirements
-
-| Windows Edition | Supported |
-|:-----------------------|:---------:|
-| Windows Home | No |
-| Windows Pro | No |
-| Windows Enterprise | Yes |
-| Windows Education | Yes |
-| Windows IoT Enterprise | Yes |
-
-## Related topics
-
-- [WESL_UserSetting](wesl-usersetting.md)
-- [Shell Launcher](index.md)
diff --git a/windows/configuration/shell-launcher/wesl-usersettingisenabled.md b/windows/configuration/shell-launcher/wesl-usersettingisenabled.md
index fb4739ce37..1125bb1d92 100644
--- a/windows/configuration/shell-launcher/wesl-usersettingisenabled.md
+++ b/windows/configuration/shell-launcher/wesl-usersettingisenabled.md
@@ -1,7 +1,7 @@
---
title: WESL_UserSetting.IsEnabled
description: WESL_UserSetting.IsEnabled
-ms.date: 05/20/2024
+ms.date: 02/25/2025
ms.topic: reference
---
@@ -9,6 +9,8 @@ ms.topic: reference
This method retrieves a value that indicates if Shell Launcher is enabled or disabled.
+[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
+
## Syntax
```powershell
@@ -24,18 +26,3 @@ This method retrieves a value that indicates if Shell Launcher is enabled or dis
## Return Value
Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants).
-
-## Requirements
-
-| Windows Edition | Supported |
-|:-----------------------|:---------:|
-| Windows Home | No |
-| Windows Pro | No |
-| Windows Enterprise | Yes |
-| Windows Education | Yes |
-| Windows IoT Enterprise | Yes |
-
-## Related topics
-
-- [WESL_UserSetting](wesl-usersetting.md)
-- [Shell Launcher](index.md)
diff --git a/windows/configuration/shell-launcher/wesl-usersettingremovecustomshell.md b/windows/configuration/shell-launcher/wesl-usersettingremovecustomshell.md
index fb1df0e87f..e5058577a9 100644
--- a/windows/configuration/shell-launcher/wesl-usersettingremovecustomshell.md
+++ b/windows/configuration/shell-launcher/wesl-usersettingremovecustomshell.md
@@ -1,7 +1,7 @@
---
title: WESL_UserSetting.RemoveCustomShell
description: WESL_UserSetting.RemoveCustomShell
-ms.date: 05/20/2024
+ms.date: 02/25/2025
ms.topic: reference
---
@@ -9,6 +9,8 @@ ms.topic: reference
This method removes a Shell Launcher configuration for a specific user or group, based on the security identifier (SID).
+[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
+
## Syntax
```powershell
@@ -28,18 +30,3 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n
## Remarks
You must restart your device for the changes to take effect.
-
-## Requirements
-
-| Windows Edition | Supported |
-|:-----------------------|:---------:|
-| Windows Home | No |
-| Windows Pro | No |
-| Windows Enterprise | Yes |
-| Windows Education | Yes |
-| Windows IoT Enterprise | Yes |
-
-## Related topics
-
-- [WESL_UserSetting](wesl-usersetting.md)
-- [Shell Launcher](index.md)
diff --git a/windows/configuration/shell-launcher/wesl-usersettingsetcustomshell.md b/windows/configuration/shell-launcher/wesl-usersettingsetcustomshell.md
index a90450063c..5b788c9295 100644
--- a/windows/configuration/shell-launcher/wesl-usersettingsetcustomshell.md
+++ b/windows/configuration/shell-launcher/wesl-usersettingsetcustomshell.md
@@ -1,7 +1,7 @@
---
title: WESL_UserSetting.SetCustomShell
description: WESL_UserSetting.SetCustomShell
-ms.date: 05/20/2024
+ms.date: 02/25/2025
ms.topic: reference
---
@@ -9,6 +9,8 @@ ms.topic: reference
This method configures Shell Launcher for a specific user or group, based on the security identifier (SID).
+[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
+
## Syntax
```powershell
@@ -60,18 +62,3 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n
Shell Launcher uses the *CustomReturnCodes* and *CustomReturnCodesAction* arrays to determine the system behavior when the shell application exits, based on the return value of the shell application.
If the return value does not exist in *CustomReturnCodes*, or if the corresponding action defined in *CustomReturnCodesAction* is not a valid value, Shell Launcher uses *DefaultAction* to determine system behavior. If *DefaultAction* is not defined, or is not a valid value, Shell Launcher restarts the shell application.
-
-## Requirements
-
-| Windows Edition | Supported |
-|:-----------------------|:---------:|
-| Windows Home | No |
-| Windows Pro | No |
-| Windows Enterprise | Yes |
-| Windows Education | Yes |
-| Windows IoT Enterprise | Yes |
-
-## Related topics
-
-- [WESL_UserSetting](wesl-usersetting.md)
-- [Shell Launcher](index.md)
diff --git a/windows/configuration/shell-launcher/wesl-usersettingsetdefaultshell.md b/windows/configuration/shell-launcher/wesl-usersettingsetdefaultshell.md
index ec89600f38..d829d7d717 100644
--- a/windows/configuration/shell-launcher/wesl-usersettingsetdefaultshell.md
+++ b/windows/configuration/shell-launcher/wesl-usersettingsetdefaultshell.md
@@ -1,7 +1,7 @@
---
title: WESL_UserSetting.SetDefaultShell
description: WESL_UserSetting.SetDefaultShell
-ms.date: 05/20/2024
+ms.date: 02/25/2025
ms.topic: reference
---
@@ -9,6 +9,8 @@ ms.topic: reference
This method sets the default Shell Launcher configuration.
+[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
+
## Syntax
```powershell
@@ -40,18 +42,3 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n
## Remarks
Shell Launcher uses the default configuration when the security identifier (SID) of the user who is currently signed in does not match any custom defined Shell Launcher configurations.
-
-## Requirements
-
-| Windows Edition | Supported |
-|:-----------------------|:---------:|
-| Windows Home | No |
-| Windows Pro | No |
-| Windows Enterprise | Yes |
-| Windows Education | Yes |
-| Windows IoT Enterprise | Yes |
-
-## Related topics
-
-- [WESL_UserSetting](wesl-usersetting.md)
-- [Shell Launcher](index.md)
diff --git a/windows/configuration/shell-launcher/wesl-usersettingsetenabled.md b/windows/configuration/shell-launcher/wesl-usersettingsetenabled.md
index 43aff8b5a7..64d952bf88 100644
--- a/windows/configuration/shell-launcher/wesl-usersettingsetenabled.md
+++ b/windows/configuration/shell-launcher/wesl-usersettingsetenabled.md
@@ -1,7 +1,7 @@
---
title: WESL_UserSetting.SetEnabled
description: WESL_UserSetting.SetEnabled
-ms.date: 05/20/2024
+ms.date: 02/25/2025
ms.topic: reference
---
@@ -9,6 +9,8 @@ ms.topic: reference
This method enables or disables Shell Launcher.
+[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
+
## Syntax
```powershell
@@ -30,18 +32,3 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n
This method enables or disables Shell Launcher by modifying the **Shell** value in the registry key `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon`. If Unified Write Filter (UWF) is enabled, you may need to disable UWF or commit this registry key by using [UWF_RegistryFilter.CommitRegistry](../unified-write-filter/uwf-registryfiltercommitregistry.md) in order to enable or disable Shell Launcher.
Enabling or disabling Shell Launcher does not take effect until a user signs in.
-
-## Requirements
-
-| Windows Edition | Supported |
-|:-----------------------|:---------:|
-| Windows Home | No |
-| Windows Pro | No |
-| Windows Enterprise | Yes |
-| Windows Education | Yes |
-| Windows IoT Enterprise | Yes |
-
-## Related topics
-
-- [WESL_UserSetting](wesl-usersetting.md)
-- [Shell Launcher](index.md)
From 0bd73e9a9cff142f211e04eb14fe0d8eddcae786 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 25 Feb 2025 12:11:36 -0500
Subject: [PATCH 5/6] updat
---
includes/licensing/assigned-access.md | 10 ----------
.../shell-launcher/wedl-assignedaccess.md | 2 +-
2 files changed, 1 insertion(+), 11 deletions(-)
diff --git a/includes/licensing/assigned-access.md b/includes/licensing/assigned-access.md
index 3a980896b0..30348f5e9d 100644
--- a/includes/licensing/assigned-access.md
+++ b/includes/licensing/assigned-access.md
@@ -20,13 +20,3 @@ The following table lists the Windows editions that support Assigned Access:
|IoT Enterprise LTSC|✅|
|Pro Education|✅|
|Pro|✅|
-
-
\ No newline at end of file
diff --git a/windows/configuration/shell-launcher/wedl-assignedaccess.md b/windows/configuration/shell-launcher/wedl-assignedaccess.md
index dca3e6af7b..acdd00a9df 100644
--- a/windows/configuration/shell-launcher/wedl-assignedaccess.md
+++ b/windows/configuration/shell-launcher/wedl-assignedaccess.md
@@ -9,7 +9,7 @@ ms.topic: reference
This Windows Management Instrumentation (WMI) provider class configures settings for assigned access.
-[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
+[!INCLUDE [shell-launcher](../../../includes/licensing/assigned-access.md)]
## Syntax
From 01a3289ecb8af1e11b82c44d70642ca920107bdd Mon Sep 17 00:00:00 2001
From: Paul Reed <61042820+vpaulreed@users.noreply.github.com>
Date: Tue, 25 Feb 2025 16:44:00 -0800
Subject: [PATCH 6/6] Update windows-autopatch-prerequisites.md
As part of unification, the groups Modern Workplace Roles - Service Administrator and Modern Workplace Roles - Service Reader are no longer created. This document update removes this under the Windows Enterprise E3 and F3 tab.
---
.../prepare/windows-autopatch-prerequisites.md | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
index 5e7b3411e6..e66fe153ac 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
@@ -174,15 +174,18 @@ You can add the *Device configurations* permission with one or more rights to yo
### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-intune-permissions)
+Your account must be assigned an [Intune role-based access control](/mem/intune/fundamentals/role-based-access-control) (RBAC) role that includes the following permissions:
+
+- **Device configurations**:
+ - Assign
+ - Create
+ - Delete
+ - View Reports
+ - Update
+- Read
+
After you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md#activate-windows-autopatch-features), use the Intune Service Administrator role to register devices, manage your update deployments, and reporting tasks.
-If you want to assign less-privileged user accounts to perform specific tasks in the Windows Autopatch portal, such as register devices with the service, you can add these user accounts into one of the two Microsoft Entra groups created during the [Start using Windows Autopatch](../prepare/windows-autopatch-feature-activation.md) process:
-
-| Microsoft Entra group name | Discover devices | Modify columns | Refresh device list | Export to .CSV | Device actions |
-| --- | --- | --- | --- | --- | --- |
-| Modern Workplace Roles - Service Administrator | Yes | Yes | Yes | Yes | Yes |
-| Modern Workplace Roles - Service Reader | No | Yes | Yes | Yes | Yes |
-
For more information, see [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference) and [Role-based access control (RBAC) with Microsoft Intune](/mem/intune/fundamentals/role-based-access-control).
> [!TIP]