deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Unification GA

Browse Source
This commit is contained in:
tiaraquan
2024-08-29 20:59:11 -07:00
parent f062c407d7
commit 0b7abd9bc5
75 changed files with 1789 additions and 2067 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
View File

@ -4,7 +4,7 @@ metadata:
description: Answers to frequently asked questions about Windows Autopatch.
ms.service: windows-client
ms.topic: faq
ms.date: 07/08/2024
ms.date: 09/16/2024
audience: itpro
ms.localizationpriority: medium
manager: aaroncz
@ -16,72 +16,73 @@ title: Frequently Asked Questions about Windows Autopatch
summary: This article answers frequently asked questions about Windows Autopatch.
sections:
- name: General
questions:
- question: What Windows versions are supported?
answer: |
Windows Autopatch works with all [supported versions of Windows 10 and Windows 11](/windows/release-health/supported-versions-windows-client) Enterprise and Professional editions.
questions:
- question: What is the difference between Windows Update for Business and Windows Autopatch?
answer: |
Windows Autopatch is a service that removes the need for organizations to plan and operate the update process. Windows Autopatch moves the burden from your IT to Microsoft. Windows Autopatch uses [Windows Update for Business](/windows/deployment/update/deployment-service-overview) and other service components to update devices. Both are part of Windows Enterprise E3.
Windows Autopatch is a service that removes the need for organizations to plan and operate the update process. Windows Autopatch moves the burden from your IT to Microsoft. Windows Autopatch uses [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb) and other service components to update devices. Both are part of [Windows Enterprise E3+ and F3](../prepare/windows-autopatch-prerequisites.md#more-about-licenses).
- question: Is Windows 365 for Enterprise supported with Windows Autopatch?
answer: |
Windows Autopatch supports Windows 365 for Enterprise. Windows 365 for Business isn't supported.
- question: Does Windows Autopatch support Windows Education (A3/A5) or Windows Front Line Worker (F3) licensing?
answer: |
Autopatch isn't available for 'A'. Windows Autopatch supports some 'F' series licensing. For more information, see [More about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses).
- question: Will Windows Autopatch support local domain join Windows 10?
answer: |
Windows Autopatch doesn't support local (on-premises) domain join. Windows Autopatch supports [Hybrid AD join](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or pure [Microsoft Entra join](/azure/active-directory/devices/concept-azure-ad-join-hybrid).
Windows Autopatch doesn't support local (on-premises) domain join. Windows Autopatch supports [Microsoft Hybrid Entra join](/entra/identity/devices/concept-hybrid-join) or [Microsoft Entra join](/entra/identity/devices/concept-directory-join).
- question: Will Windows Autopatch be available for state and local government customers?
answer: |
Windows Autopatch is available for all Windows E3 customers using Azure commercial cloud. However, Autopatch isn't currently supported for government cloud (GCC) customers. Although Windows 365 Enterprise is in the Azure Commercial cloud, when Windows 365 Enterprise is used with a GCC customer tenant, Autopatch is not supported.
- question: What if I enrolled into Windows Autopatch using the promo code? Will I still have access to the service?
answer: |
Yes. For those who used the promo code to access Windows Autopatch during public preview, you'll continue to have access to Windows Autopatch even when the promo code expires. There's no additional action you have to take to continue using Windows Autopatch.
- name: Requirements
questions:
- question: What are the licensing requirements for Windows Autopatch?
answer: |
Business Premium and A3+ licenses include:
- Microsoft 365 Business Premium (for more information on available licenses, see Microsoft 365 licensing)
- Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
- Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
- Windows 10/11 Enterprise E3 or E5 VDA
To [activate all Windows Autopatch features](../overview/windows-autopatch-overview.md#features-and-capabilities), you must have Windows 10/11 Enterprise E3+ or F3 (included in Microsoft 365 F3, E3, or E5) licenses. [Feature activation](../prepare/windows-autopatch-feature-activation.md) is optional and at no additional cost to you when you have Windows 10/11 Enterprise E3+ or F3 licenses. For more information, see [Licenses and entitlements](../prepare/windows-autopatch-prerequisites.md#licenses-and-entitlements). The following licenses provide access to the Windows Autopatch features included in Business premium and A3+ licenses and its additional features after you activate Windows Autopatch features:
- Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
- Windows 10/11 Enterprise E3 or E5 VDA
- question: What are the prerequisites for Windows Autopatch?
answer: |
- [Supported Windows 10/11 Enterprise and Professional edition versions](/windows/release-health/supported-versions-windows-client)
- [Azure Active Directory (Azure AD) Premium](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses)
- [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid)
- [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune)
- [Microsoft Entra ID](/mem/configmgr/comanage/overview#microsoft-entra-id)(for co-management)
- [Microsoft Entra hybrid joined devices](/entra/identity/devices/concept-hybrid-join) or [Microsoft Entra joined devices](/entra/identity/devices/concept-directory-join)
- Microsoft Intune (include Configuration Manager 2010 or greater via co-management)
Additional prerequisites for devices managed by Configuration Manager:
- [Configuration Manager Co-management requirements](../prepare/windows-autopatch-prerequisites.md#configuration-manager-co-management-requirements)
- [A supported version of Configuration Manager](/mem/configmgr/core/servers/manage/updates#supported-versions)
- [Switch workloads for device configuration, Windows Update and Microsoft 365 Apps from Configuration Manager to Intune](/mem/configmgr/comanage/how-to-switch-workloads) (minimum Pilot Intune. Pilot collection must contain the devices you want to register into Autopatch.)
- question: What are the licensing requirements for Windows Autopatch?
- question: What are the Intune permissions needed to operate Windows Autopatch?
answer: |
- Windows Autopatch is included with Window 10/11 Enterprise E3 or higher (user-based only) or F3. For more information, see [More about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses).
- [Azure AD Premium](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses) (for co-management)
- [Microsoft Intune](/mem/intune/fundamentals/licenses) (includes Configuration Manager 2010 or greater via co-management)
You must use the Microsoft Entra Global Administrator role to activate Windows Autopatch features. For registering devices, managing update deployment and reporting tasks, use the Intune Service Administrator role. For more information, see [Built-in roles for device registration](../deploy/windows-autopatch-register-devices.md#built-in-roles-required-for-device-registration).
- question: Are there hardware requirements for Windows Autopatch?
answer: |
No, Windows Autopatch doesn't require any specific hardware. However, general hardware requirements for updates are still applicable. For example, to deliver Windows 11 to your Autopatch devices they must meet [specific hardware requirements](/windows/whats-new/windows-11-requirements). Windows devices must be supported by your hardware OEM.
- name: Device registration
questions:
- question: Can Autopatch customers individually approve or deny devices?
questions:
- question: Who can register devices into Windows Autopatch?
answer: |
No you can't individually approve or deny devices. Once a device is registered with Windows Autopatch, updates are rolled out to the devices according to its ring assignment. Individual device level control isn't supported.
You can only register devices into Windows Autopatch if you have E3+ or F3 licenses and have [activated Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md). For more information, see [Features and capabilities](../overview/windows-autopatch-overview.md#features-and-capabilities).
- question: Does Autopatch on Windows 365 Cloud PCs have any feature difference from a physical device?
answer: |
No, Windows 365 Enterprise Cloud PC's support all features of Windows Autopatch. For more information, see [Virtual devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#virtual-devices).
No, Windows 365 Enterprise Cloud PC's support all features of Windows Autopatch. For more information, see [Virtual devices](../deploy/windows-autopatch-register-devices.md#windows-autopatch-on-azure-virtual-desktop-workloads).
- question: Do my Cloud PCs appear any differently in the Windows Autopatch admin center?
answer: |
Cloud PC displays the model as the license type you've provisioned. For more information, see [Windows Autopatch on Windows 365 Enterprise Workloads](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#windows-autopatch-on-windows-365-enterprise-workloads).
Cloud PC displays the model as the license type you've provisioned. For more information, see [Windows Autopatch on Windows 365 Enterprise Workloads](../deploy/windows-autopatch-register-devices.md#windows-autopatch-on-windows-365-enterprise-workloads).
- question: Can I run Autopatch on my Windows 365 Business Workloads?
answer: |
No. Autopatch is only available on enterprise workloads. For more information, see [Windows Autopatch on Windows 365 Enterprise Workloads](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#windows-autopatch-on-windows-365-enterprise-workloads).
No. Autopatch is only available on enterprise workloads. For more information, see [Windows Autopatch on Windows 365 Enterprise Workloads](../deploy/windows-autopatch-register-devices.md#windows-autopatch-on-windows-365-enterprise-workloads).
- question: Can you change the policies and configurations created by Windows Autopatch?
answer: |
No. Don't change, edit, add to, or remove any of the configurations. Doing so might cause unintended configuration conflicts and impact the Windows Autopatch service. For more information about policies and configurations, see [Changes made at tenant enrollment](/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant).
No. Don't change, edit, add to, or remove any of the configurations. Doing so might cause unintended configuration conflicts and impact the Windows Autopatch service. For more information about policies and configurations, see [Changes made at feature activation](../references/windows-autopatch-changes-made-at-feature-activation.md).
- question: How can I represent our organizational structure with our own deployment cadence?
answer: |
[Windows Autopatch groups](../deploy/windows-autopatch-groups-overview.md) helps you manage updates in a way that makes sense for your businesses. For more information, see [Windows Autopatch groups overview](../deploy/windows-autopatch-groups-overview.md) and [Manage Windows Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md).
- name: Update management
- name: Manage updates
questions:
- question: Who can manage updates with activated Windows Autopatch features?
answer: |
This only applies if you have E3+ or F3 licenses and have activated Windows Autopatch features. For more information, see [Features and capabilities](../overview/windows-autopatch-overview.md#features-and-capabilities).
- question: What systems does Windows Autopatch update?
answer: |
- Windows 10/11 quality updates: Windows Autopatch manages all aspects of deployment rings.
@ -91,35 +92,32 @@ sections:
- Microsoft Teams: Windows Autopatch allows eligible devices to benefit from the standard automatic update channels and will provide support for issues with Teams updates.
- question: What does Windows Autopatch do to ensure updates are done successfully?
answer: |
For Windows quality and feature updates, updates are applied to devices in the Test ring first. The devices are evaluated, and then rolled out to the First, Fast then Broad rings. There's an evaluation period at each progression. This process is dependent on customer testing and verification of all updates during these rollout stages. The outcome is to ensure that registered devices are always up to date and disruption to business operations is minimized to free up your IT department from that ongoing task.
For Windows quality and feature updates, updates are applied to devices in a gradual manner. There's an evaluation period at each progression. This process is dependent on customer testing and verification of all updates during these rollout stages. The outcome is to ensure that registered devices are always up to date and disruption to business operations is minimized to free up your IT department from that ongoing task.
- question: What happens if there's an issue with an update?
answer: |
Autopatch relies on the following capabilities to help resolve update issues:
- Pausing and resuming: For more information about pausing and resuming updates, see [pausing and resuming Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md#pause-and-resume-a-release).
- Rollback: For more information about Microsoft 365 Apps for enterprise, see [Update controls for Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#microsoft-365-apps-for-enterprise-update-controls).
- Pausing and resuming: For more information about pausing and resuming updates, see [pausing and resuming Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md#pause-and-resume-a-release).
- Rollback: For more information about Microsoft 365 Apps for enterprise, see [Update controls for Microsoft 365 Apps for enterprise](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#microsoft-365-apps-for-enterprise-update-controls).
- question: Can I permanently pause a Windows feature update deployment?
answer: |
Yes. Windows Autopatch provides a [permanent pause of a feature update deployment](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md#pause-and-resume-a-release).
Yes. Windows Autopatch provides a [permanent pause of a feature update deployment](../manage/windows-autopatch-windows-feature-update-overview.md#pause-and-resume-a-release).
- question: Will Windows quality updates be released more quickly after vulnerabilities are identified, or what is the regular cadence of updates?
answer: |
For zero-day threats, Autopatch will have an [expedited release cadence](../operate/windows-autopatch-windows-quality-update-overview.md#expedited-releases). For normal updates Autopatch, uses a [regular release cadence](../operate/windows-autopatch-wqu-overview.md#windows-quality-update-releases) starting with devices in the Test ring and completing with general rollout to the Broad ring.
For zero-day threats, Autopatch will have an [Out of Band release](../manage/windows-autopatch-windows-quality-update-overview.md#out-of-band-releases). For normal updates Autopatch, uses a [regular release cadence](../manage/windows-autopatch-windows-quality-update-overview.md) starting with devices in the Test ring and completing with general rollout to the Broad ring.
- question: Can customers configure when to move to the next ring or is it controlled by Windows Autopatch?
answer: |
The decision of when to move to the next ring is handled by Windows Autopatch; it isn't customer configurable.
- question: Can you customize the scheduling of an update rollout to only install on certain days and times?
answer: |
No, you can't customize update scheduling. However, you can specify [active hours](../manage/windows-autopatch-windows-quality-update-end-user-exp.md) to prevent users from updating during business hours.
- question: Does Autopatch support include and exclude groups, or dynamic groups to define deployment ring membership?
answer: |
Windows Autopatch doesn't support managing update deployment ring membership using your Microsoft Entra groups. For more information, see [Moving devices in between deployment rings](../operate/windows-autopatch-update-management.md#moving-devices-in-between-deployment-rings).
Windows Autopatch doesn't support managing update deployment ring membership using your Microsoft Entra groups. For more information, see [Move devices in between deployment rings](../deploy/windows-autopatch-register-devices.md#move-devices-between-deployment-rings).
- question: Does Autopatch have two release cadences per update or are there two release cadences per-ring?
answer: |
The release cadences are defined based on the update type. For example, a [regular cadence](../operate/windows-autopatch-windows-quality-update-overview.md) (for a Windows quality update would be a gradual rollout from the Test ring to the Broad ring over 14 days whereas an [expedited release](../operate/windows-autopatch-windows-quality-update-overview.md#expedited-releases) would roll out more rapidly.
The release cadences are defined based on the update type. For example, a [regular cadence](../manage/windows-autopatch-windows-quality-update-overview.md) (for a Windows quality update would be a gradual rollout from the Test ring to the Broad ring over 14 days whereas an [Out of Band release](../manage/windows-autopatch-windows-quality-update-overview.md#out-of-band-releases) would roll out more rapidly.
- name: Support
questions:
- question: What support is available for customers who need help with onboarding to Windows Autopatch?
answer: |
The FastTrack Center is the primary mode of support for customers who need assistance from Microsoft to meet the pre-requisites (such as Intune and Azure or Hybrid AD) for onboarding to Windows Autopatch. For more information, see [Microsoft FastTrack for Windows Autopatch](../operate/windows-autopatch-support-request.md#microsoft-fasttrack). When you've onboarded with Windows Autopatch, you can [submit a support request](../operate/windows-autopatch-support-request.md) with the Windows Autopatch Service Engineering Team.
The FastTrack Center is the primary mode of support for customers who need assistance from Microsoft to meet the pre-requisites (such as Intune and Azure or Hybrid AD) for onboarding to Windows Autopatch. For more information, see [Microsoft FastTrack for Windows Autopatch](../manage/windows-autopatch-support-request.md#microsoft-fasttrack). If you have [Windows Enterprise E3+ or E5 licenses](../overview/windows-autopatch-overview.md#windows-enterprise-e3-and-f3-licenses) and you've [activated Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md), you can [submit a support request](../manage/windows-autopatch-support-request.md) with the Windows Autopatch Service Engineering Team.
- question: Does Windows Autopatch Support Dual Scan for Windows Update?
answer: |
Dual Scan for Windows has been deprecated and replaced with the [scan source policy](/windows/deployment/update/wufb-wsus). Windows Autopatch supports the scan source policy if the Feature updates, and Windows quality updates workloads are configured for Windows update. If Feature and Windows updates are configured for WSUS, it could cause disruptions to the service and your release schedules.
@ -130,4 +128,4 @@ sections:
Programmatic access to Autopatch isn't currently available.
additionalContent: |
## Additional Content
[Provide feedback](https://go.microsoft.com/fwlink/?linkid=2195593) or start a discussion in our [Windows Autopatch Tech Community](https://aka.ms/Community/WindowsAutopatch)
[Provide feedback](https://go.microsoft.com/fwlink/?linkid=2195593) or start a discussion in our [Windows Autopatch Tech Community](https://aka.ms/Community/WindowsAutopatch)

68
windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md
View File

@ -1,7 +1,7 @@
---
title: What is Windows Autopatch?
description: Details what the service is and shortcuts to articles.
ms.date: 07/08/2024
ms.date: 09/16/2024
ms.service: windows-client
ms.subservice: autopatch
ms.topic: overview
@ -30,43 +30,59 @@ Rather than maintaining complex digital infrastructure, businesses want to focus
- **Onboard new services**: Windows Autopatch makes it easy to enroll and minimizes the time required from your IT Admins to get started.
- **Minimize end user disruption**: Windows Autopatch releases updates in sequential deployment rings, and responding to reliability and compatibility signals, user disruptions due to updates are minimized.
Windows Autopatch helps you minimize the involvement of your scarce IT resources in the planning and deployment of updates for Windows, Microsoft 365 Apps, Microsoft Edge or Teams. Windows Autopatch uses careful rollout sequences and communicates with you throughout the release, allowing your IT Admins can focus on other activities and tasks.
Windows Autopatch helps you minimize the involvement of your scarce IT resources in the planning and deployment of updates for Windows, Microsoft 365 Apps, Microsoft Edge, or Teams. Windows Autopatch uses careful rollout sequences and communicates with you throughout the release, allowing your IT Admins can focus on other activities and tasks.
## Update management
## Features and capabilities
The goal of Windows Autopatch is to deliver software updates to registered devices; the service frees up IT and minimizes disruptions to your end users. Once a device is registered with the service, Windows Autopatch takes on several areas of management:
### Business Premium and A3+ licenses
| Management area | Service level objective |
| ----- | ----- |
| [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) | Windows Autopatch aims to keep at least 95% of eligible devices on the latest Windows quality update 21 days after release. |
| [Windows feature updates](../operate/windows-autopatch-windows-feature-update-overview.md) | Windows Autopatch aims to keep at least 99% of eligible devices on a supported version of Windows so that they can continue receiving Windows feature updates. |
| [Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md) | Windows Autopatch aims to keep at least 90% of eligible devices on a supported version of the Monthly Enterprise Channel (MEC). |
| [Microsoft Edge](../operate/windows-autopatch-edge.md) | Windows Autopatch configures eligible devices to benefit from Microsoft Edge's progressive rollouts on the Stable channel. |
| [Microsoft Teams](../operate/windows-autopatch-teams.md) | Windows Autopatch allows eligible devices to benefit from the standard automatic update channel. |
[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
For each management area, there's a set of eligibility requirements that determine if the device receives that specific update. An example of an eligibility criteria is that the device must have access to the required network endpoints for the Windows update. It's your responsibility to ensure that devices are meeting eligibility requirements for each management area.
The goal of Windows Autopatch is to deliver software updates to registered devices; the service frees up IT and minimizes disruptions to your end users. Once a device is registered with the service, features include:
To determine if we're meeting our service level objectives, all eligible devices are labeled as either "Healthy" or "Unhealthy". Healthy devices are meeting the eligibility requirements for that management area and unhealthy devices aren't. If Windows Autopatch falls below any service level objective for a management area, an incident is raised. Then, we bring the service back into compliance.
| Features included with Business Premium and A3+ licenses | Description |
| --- | --- |
| [Update rings](../manage/windows-autopatch-update-rings.md) | You can manage Update rings for Windows 10 and later devices with Windows Autopatch. For more information, see [Manage Update rings](../manage/windows-autopatch-update-rings.md). |
| [Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md) | With Windows Autopatch, you can manage Windows quality update profiles for Windows 10 and later devices. You can expedite a specific Windows quality update using targeted policies. |
| [Windows feature updates](../manage/windows-autopatch-windows-feature-update-overview.md) | Windows Autopatch provides tools to assist with the controlled roll out of annual Windows feature updates. |
| [Driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md) | You can manage and control your driver and firmware updates with Windows Autopatch.|
| [Intune reports](/mem/intune/fundamentals/reports) | Use Intune reports to monitor the health and activity of endpoints in your organization.|
Windows Autopatch monitors in-progress updates. Depending on the criticality of the update, the service may decide to expedite the update. If we detect an issue during release, we may pause or roll back the update. Since each management area has a different monitoring and update control capabilities, you review the documentation for each area to familiarize yourself with the service.
### Windows Enterprise E3+ and F3 licenses
## Messages
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
To stay informed of upcoming changes, including new and changed features, planned maintenance, or other important announcements, navigate to [Microsoft 365 admin center > Message center](https://admin.microsoft.com/adminportal/home#/MessageCenter).
In addition to the features included in [Business Premium and A3+ licenses](#business-premium-and-a3-licenses), if you have Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5), you have access to all of Windows Autopatch features in your tenant when you [activate Windows Autopatch](../prepare/windows-autopatch-feature-activation.md). Windows Autopatch features include:
| Features included in Windows Enterprise E3+ and F3 licenses | Description |
| --- | --- |
| [Autopatch groups](../deploy/windows-autopatch-groups-overview.md) | You can manage update deployment based on your audience.<p>An Autopatch group is a logical container or unit that groups several [Microsoft Entra groups](/entra/fundamentals/groups-view-azure-portal), and software update policies, such as [Update rings policy for Windows 10 and later](/mem/intune/protect/windows-10-update-rings) and [feature updates policy for Windows 10 and later policies](/mem/intune/protect/windows-10-feature-updates).</p><p>For more information about workloads supported by Autopatch groups, see [Software update workloads](../deploy/windows-autopatch-groups-overview.md#software-update-workloads).</p> |
| [Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md) | In addition to the [Business Premium and A3+ capabilities](#business-premium-and-a3-licenses), Windows Autopatch:<ul><li>Aims to keep at least 95% of [Up to Date devices](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) on the latest quality update. For more information, see [Windows quality update Service Level Objective](../manage/windows-autopatch-windows-quality-update-overview.md#service-level-objective).</li></ul> |
| [Multi-phase release policies with feature updates](../manage/windows-autopatch-windows-feature-update-overview.md#multi-phase-feature-update) | In addition to the [Business Premium and A3+ capabilities](#business-premium-and-a3-licenses), with Windows Autopatch, you can create customizable feature update deployments using multiple phases for your existing Autopatch groups. These phased releases can be tailored to meet your organizational unique needs.|
| [Driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md) | In addition to the [Business Premium and A3+ capabilities](#business-premium-and-a3-licenses), with Windows Autopatch, you can:<ul><li>Choose to receive driver and firmware updates automatically, or self-manage the deployment</li><li>Control the flow of all drivers to an Autopatch group or rings within an Autopatch group</li><li>Control the flow of a specific driver or firmware across your entire tenant via approvals</li><li>Approve and deploy [other drivers and firmware](../manage/windows-autopatch-manage-driver-and-firmware-updates.md#other-drivers-and-firmware) that previously couldnt be centrally managed</li></ul> |
| [Microsoft 365 Apps for enterprise updates](../manage/windows-autopatch-microsoft-365-apps-enterprise.md) | Windows Autopatch aims to keep at least 90% of eligible devices on a supported version of the Monthly Enterprise Channel (MEC). |
| [Microsoft Edge updates](../manage/windows-autopatch-edge.md) | Windows Autopatch configures eligible devices to benefit from Microsoft Edge's progressive rollouts on the Stable channel. |
| [Microsoft Teams updates](../manage/windows-autopatch-teams.md) | Windows Autopatch allows eligible devices to benefit from the standard automatic update channel. |
| Policy health |<ul><li>[Policy health and remediation](../monitor/windows-autopatch-policy-health-and-remediation.md)</li><ul><li>When Windows Autopatch detects policies in the tenant are either missing or modified that affects the service, Windows Autopatch raises alerts and detailed recommended actions to ensure healthy operation of the service.</li></ul></ul><ul><li>[Resolve policy conflicts](../monitor/windows-autopatch-resolve-policy-conflicts.md)</li><ul><li>o When the Windows Autopatch service detects policies in the tenant that conflict with a setting in another Intune device policy, this conflict is displayed. With the Resolve policy conflicts feature, you can review the policies and their settings and manually resolve these conflicts.</li></ul><ul> |
| Enhanced [Windows quality and feature update reports](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md) and [device alerts](../monitor/windows-autopatch-device-alerts.md) | Using Windows quality and feature update reports, you can monitor and remediate Windows Autopatch managed devices that are Not up to Date and resolve any device alerts to bring Windows Autopatch managed devices back into compliance. |
| [Submit support requests](../manage/windows-autopatch-support-request.md) with the Windows Autopatch Service Engineering Team | When you activate additional Autopatch features, you can submit, manage, and edit support requests. |
## Communications
### [Business Premium and A3+](#tab/business-premium-a3-communications)
To stay informed of new and changed features and other announcements, navigate to [Microsoft 365 admin center > Message center](https://admin.microsoft.com/adminportal/home#/MessageCenter).
### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-communications)
To stay informed of upcoming changes, including new and changed features, planned maintenance, release and status communications, or other important announcements, navigate to [Microsoft 365 admin center > Message center](https://admin.microsoft.com/adminportal/home#/MessageCenter).
---
## Accessibility
Microsoft remains committed to the security of your data and the [accessibility](https://www.microsoft.com/trust-center/compliance/accessibility) of our services. For more information, see the [Microsoft Trust Center](https://www.microsoft.com/trust-center) and the [Office Accessibility Center](https://support.office.com/article/ecab0fcf-d143-4fe8-a2ff-6cd596bddc6d).
## Need more details?
| Area | Description |
| ----- | ----- |
| Prepare | The following articles describe the mandatory steps to prepare and enroll your tenant into Windows Autopatch:<ul><li>[Prerequisites](../prepare/windows-autopatch-prerequisites.md)</li><li>[Configure your network](../prepare/windows-autopatch-configure-network.md)</li><li>[Enroll your tenant](../prepare/windows-autopatch-enroll-tenant.md)</li><li>[Fix issues found by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md)</li><li>[Roles and responsibilities](../overview/windows-autopatch-roles-responsibilities.md)</ul> |
| Deploy | Once you've enrolled your tenant, this section instructs you to:<ul><li>[Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><li>[Register your devices](../deploy/windows-autopatch-register-devices.md)</li><li>[Manage Windows Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md)</li></ul> |
| Operate | This section includes the following information about your day-to-day life with the service:<ul><li>[Update management](../operate/windows-autopatch-groups-update-management.md)</li><li>[Windows quality and feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md)</li><li>[Maintain your Windows Autopatch environment](../operate/windows-autopatch-maintain-environment.md)</li><li>[Submit a support request](../operate/windows-autopatch-support-request.md)</li><li>[Exclude a device](../operate/windows-autopatch-exclude-device.md)</li></ul>
| References | This section includes the following articles:<ul><li>[Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md)<li>[Windows update policies](../references/windows-autopatch-windows-update-unsupported-policies.md)</li><li>[Microsoft 365 Apps for enterprise update policies](../references/windows-autopatch-microsoft-365-policies.md)</li></ul> |
### Have feedback or would like to start a discussion?
## Have feedback or would like to start a discussion?
You can [provide feedback](https://go.microsoft.com/fwlink/?linkid=2195593) or start a discussion in our [Windows Autopatch Tech Community](https://aka.ms/Community/WindowsAutopatch).

138
windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md
View File

@ -1,7 +1,7 @@
---
title: Privacy
description: This article provides details about the data platform and privacy compliance for Autopatch
ms.date: 07/08/2024
ms.date: 09/16/2024
ms.service: windows-client
ms.subservice: autopatch
ms.topic: concept-article
@ -17,102 +17,152 @@ ms.collection:
# Privacy
Windows Autopatch is a cloud service for enterprise customers designed to keep employees' Windows devices updated. This article provides details about data platform and privacy compliance for Windows Autopatch.
Windows Autopatch is a cloud service for enterprise customers designed to keep Windows devices updated. This article provides details about data platform and privacy compliance for Windows Autopatch.
## Windows Autopatch data sources and purpose
Windows Autopatch provides its service to enterprise customers, and properly administers customers' enrolled devices by using data from various sources.
Autopatch collects and stores data according to the [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?LinkId=521839).
### [Business Premium and A3+](#tab/data-sources-forbusiness-premium-a3-data-sources)
Data provided by the customer or generated by the service during normal operation is stored. For example, when a device is targeted with a policy, information is stored enabling the service to deliver content to targeted devices.
Business Premium and A3+ licenses require the use of Windows Diagnostic data. For more information, see [Diagnostic data in Windows Autopatch](#microsoft-windows-1011-diagnostic-data).
### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-data-sources)
When you've [activated Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md), data from various sources is used to properly administer enrolled devices and monitor that the service is working properly.
The sources include Microsoft Entra ID, Microsoft Intune, and Microsoft Windows 10/11. The sources provide a comprehensive view of the devices that Windows Autopatch manages.
| Data source | Purpose |
| ------ | ------ |
| ---- | ---- |
| [Microsoft Windows 10/11 Enterprise](/windows/windows-10/) | Management of device setup experience, managing connections to other services, and operational support for IT pros. |
| [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb) | Uses Windows 10/11 Enterprise diagnostic data to provide additional information on Windows 10/11 update. |
| [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) | Device management and to keep your data secure. The following endpoint management data sources are used:<br><ul><li>[Microsoft Entra ID](/azure/active-directory/): Authentication and identification of all user accounts.</li><li>[Microsoft Intune](/mem/intune/): Distributing device configurations, device management and application management.</li></ul>
| [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) | Device management and to keep your data secure. The following endpoint management data sources are used:<br><ul><li>[Microsoft Entra ID](/entra/identity/): Authentication and identification of all user accounts.</li><li>[Microsoft Intune](/mem/intune/): Distributing device configurations, device management and application management.</li></ul> |
| [Windows Autopatch](https://go.microsoft.com/fwlink/?linkid=2109431) | Data provided by the customer or generated by the service during running of the service. |
| [Microsoft 365 Apps for enterprise](https://www.microsoft.com/microsoft-365/enterprise/compare-office-365-plans)| Management of Microsoft 365 Apps. |
---
## Windows Autopatch data process and storage
Windows Autopatch relies on data from multiple Microsoft products and services to provide its service to enterprise customers.
[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
Windows Autopatch relies on data from multiple Microsoft products and services to provide its service to enterprise customers.
To protect and maintain enrolled devices, we process and copy data from these services to Windows Autopatch. When we process data, we follow the documented directions you provide as referenced in the [Online Services Terms](https://www.microsoft.com/licensing/product-licensing/products) and [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement).
Processor duties of Windows Autopatch include ensuring appropriate confidentiality, security, and resilience. Windows Autopatch employs additional privacy and security measures to ensure proper handling of personal identifiable data.
## Windows Autopatch data storage and staff location
Windows Autopatch stores its data in the Azure data centers based on your data residency. For more information, see [Microsoft 365 data center locations](/microsoft-365/enterprise/o365-data-locations).
> [!IMPORTANT]
> <ul><li>As of November 8, 2022, only <b>new</b> Windows Autopatch customers (EU, UK, Africa, Middle East) will have their data live in the European data centers.</li><li>Existing European Union (EU) Windows Autopatch customers will move from the North American data centers to the European data centers by the end of 2022.</li><li>If you're an existing Windows Autopatch customer, but <b>not</b> part of the European Union, data migration from North America to your respective data residency will occur next year.</li></ul>
Data obtained by Windows Autopatch and other services are required to keep the service operational. If a device is removed from Windows Autopatch, we keep data for a maximum of 30 days. For more information on data retention, see [Data retention, deletion, and destruction in Microsoft 365](/compliance/assurance/assurance-data-retention-deletion-and-destruction-overview).
Windows Autopatch Service Engineering Team is in the United States, India and Romania.
### [Business Premium and A3+](#tab/business-premium-a3-data-storage)
Data stored in this part of the service is stored only in two regions, either Azures north American data centers or its European ones.
### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-data-storage)
Windows Autopatch stores its data in the Azure data centers based on your data residency. For more information, see [Microsoft 365 data center locations](/microsoft-365/enterprise/o365-data-locations).
The Windows Autopatch Service Engineering Team is in the United States, India, and Romania.
---
## Microsoft Windows 10/11 diagnostic data
Windows Autopatch uses [Windows 10/11 Enhanced diagnostic data](/windows/privacy/windows-diagnostic-data) to keep Windows secure, up to date, fix problems, and make product improvements.
Windows Autopatch uses Windows diagnostic data to keep Windows secure, up to date, fix problems, and make product improvements. Learn more about configuring diagnostic data for your organization in Intune.
The enhanced diagnostic data setting includes more detailed information about the devices enrolled in Windows Autopatch and their settings, capabilities, and device health. When enhanced diagnostic data is selected, data, including required diagnostic data, are collected. For more information, see [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection) about the Windows 10/11 diagnostic data setting and data collection.
### [Business Premium and A3+](#tab/business-premium-a3-diagnostic-data)
The diagnostic data terminology will change in future versions of Windows. Windows Autopatch is committed to processing only the data that the service needs. The diagnostic level will change to **Optional**, but Windows Autopatch will implement the limited diagnostic policies to fine-tune diagnostic data collection required for the service. For more information, see [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection).
To take advantage of the unique deployment scheduling controls and protections tailored to your population and to [deploy driver updates](/windows/deployment/update/deployment-service-drivers), devices must share diagnostic data with Microsoft. For these features, at minimum, the deployment service requires devices to send [diagnostic data](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-settings) at the *Required* level for these features.
### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-diagnostic-data)
When you've [activated Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md), Windows Autopatch creates the “Windows Autopatch Data Collection Policy” and assigns it to enrolled devices. This policy configures the following settings:
| Setting | Value | Description |
| --- | --- | --- |
| Allow telemetry | Optional. This value was previously named “**Full**” for Windows 10 devices. For more information, see [Changes to Windows diagnostic data collection](/previous-versions/windows/it-pro/privacy/changes-to-windows-diagnostic-data-collection). | Allow the device to send diagnostic and usage telemetry data, such as Watson. For more information about diagnostic data, including what is and what isn't collected by Windows, see [diagnostic data settings](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-settings). |
| Limit Diagnostic Log Collection | Enabled | This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem. |
| Limit Dump Collection | Enabled | This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. These dumps aren't sent unless we have permission to collect optional diagnostic data. By enabling this policy setting, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps only. |
| Limit Enhanced Diagnostic Data Windows Analytics | Enabled | This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. |
| Allow Windows Autopatch Processing | Allowed | Allows diagnostic data from this device to be processed by Windows Autopatch. |
Windows Autopatch only processes and stores system-level data from Windows 10/11 optional diagnostic data that originates from enrolled devices such as application and device reliability, and performance information. Windows Autopatch doesn't process and store customers' data such as chat and browser history, voice, text, or speech data.
For more information about the diagnostic data collection of Microsoft Windows 10/11, see the [Where we store and process data](https://privacy.microsoft.com/privacystatement#mainwherewestoreandprocessdatamodule) section of the Microsoft Privacy Statement.
For more information about the diagnostic data collection of Microsoft Windows 10/11, see the [Where we store and process data section](https://privacy.microsoft.com/en-US/privacystatement#mainwherewestoreandprocessdatamodule) of the Microsoft Privacy Statement.
For more information about how Windows diagnostic data is used, see:
- [Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#enable-windows-diagnostic-data-processor-configuration)
- [Features that require Windows diagnostic data](/mem/intune/protect/data-enable-windows-data)
---
## Tenant access
For more information about tenant access and changes made to your tenant upon enrolling into Windows Autopatch, see [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md).
### [Business Premium and A3+](#tab/business-premium-a3-tenant-access)
### Service accounts
[!INCLUDE [windows-autopatch-business-premium-a3-licenses](../includes/windows-autopatch-business-premium-a3-licenses.md)]
> [!IMPORTANT]
> Starting October 12, 2022, Windows Autopatch will manage your tenant with our [enterprise application](../references/windows-autopatch-changes-to-tenant.md#windows-autopatch-enterprise-applications). If your tenant is still using the [Windows Autopatch service accounts](windows-autopatch-privacy.md#service-accounts), you must take action. To take action or see if you need to take action, visit the [Tenant management blade](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions) in the Windows Autopatch portal.
### [Windows Enterprise E3+ and F3 licenses](#tab/windows-enterprise-e3-f3-tenant-access)
Windows Autopatch creates and uses guest accounts using just-in-time access functionality when signing into a customer tenant to manage the Windows Autopatch service. To provide additional locked down control, Windows Autopatch maintains a separate conditional access policy to restrict access to these accounts.
For more information about tenant access and changes made to your tenant upon activating Windows Autopatch features, see [Changes made at feature activation](../references/windows-autopatch-changes-made-at-feature-activation.md).
| Account name | Usage | Mitigating controls |
| ----- | ----- | -----|
| MsAdmin@tenantDomain.onmicrosoft.com | <ul><li>This account is a limited-service account with administrator privileges. This account is used as an Intune and User administrator to define and configure the tenant for Windows Autopatch devices.</li><li>This account doesn't have interactive sign-in permissions.The account performs operations only through the service.</li></ul> | Audited sign-ins |
| MsAdminInt@tenantDomain.onmicrosoft.com |<ul><li>This account is an Intune and User administrator account used to define and configure the tenant for Windows Autopatch devices.</li><li>This account is used for interactive login to the customer's tenant.</li><li>The use of this account is limited as most operations are exclusively through MsAdmin (non-interactive) account.</li></ul> | <ul><li>Restricted to be accessed only from defined secure access workstations (SAWs) through a conditional access policy</li><li>Audited sign-ins</li></ul> |
| MsTest@tenantDomain.onmicrosoft.com | This account is a standard account used as a validation account for initial configuration and roll out of policy, application, and device compliance settings. | Audited sign-ins |
---
## Microsoft Windows Update for Business
## Microsoft Windows Update for Business Reports
Microsoft Windows Update for Business uses data from Windows diagnostics to analyze update status and failures. Windows Autopatch uses this data and uses it to mitigate, and resolve problems to ensure that all registered devices are up to date based on a predefined update cadence.
### [Business Premium and A3+](#tab/business-premium-a3-wufb-reports)
<a name='microsoft-azure-active-directory'></a>
If you have Business Premium and A3+ licenses, when you use [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview), using diagnostic data at the following levels allows device names to appear in reporting:
- *Optional* level (previously Full) for Windows 11 devices
- *Enhanced* level for Windows 10 devices
### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-wufb-reports)
Windows Update for Business uses data from Windows diagnostics to analyze update status and failures. When you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md), this data is used to deliver reports and confirm that registered devices are up to date.
---
## Microsoft Entra ID
[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
Identifying data used by Windows Autopatch is stored by Microsoft Entra ID in a geographical location. The geographical location is based on the location provided by the organization upon subscribing to Microsoft online services, such as Microsoft Apps for Enterprise and Azure. For more information on where your Microsoft Entra data is located, see [Microsoft Entra ID - Where is your data located?](https://msit.powerbi.com/view?r=eyJrIjoiODdjOWViZDctMWRhZS00ODUzLWI4MmQtNWM5NjBkZTBkNjFlIiwidCI6IjcyZjk4OGJmLTg2ZjEtNDFhZi05MWFiLTJkN2NkMDExZGI0NyIsImMiOjV9)
## Microsoft Intune
Microsoft Intune collects, processes, and shares data to Windows Autopatch to support business operations and services. For more information about the data collected in Intune, see [Data collection in Intune](/mem/intune/protect/privacy-data-collect)
[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
Microsoft Intune collects, processes, and shares data to Windows Autopatch to support business operations and services. For more information about the data collected in Intune, see [Data collection in Intune](/mem/intune/protect/privacy-data-collect).
For more information on Microsoft Intune data locations, see [Where your Microsoft 365 customer data is stored](/microsoft-365/enterprise/o365-data-locations). Intune respects the storage location selections made by the administrator for customer data.
## Microsoft 365 Apps for enterprise
Microsoft 365 Apps for enterprise collects and shares data with Windows Autopatch to ensure those apps are up to date with the latest version. These updates are based on predefined update channels managed by Windows Autopatch. For more information on Microsoft 365 Apps's data collection and storage locations, see [Microsoft Defender for Endpoint data storage and privacy](/microsoft-365/security/defender-endpoint/data-storage-privacy#what-data-does-microsoft-defender-atp-collect).
### [Business Premium and A3+](#tab/business-premium-a3-microsoft-365)
Microsoft 365 Apps for enterprise only collects and shares data with Windows Autopatch when you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md). Windows Autopatch ensure those apps are up to date with the latest version.
To use Windows Autopatch features, you must have the correct Enterprise license(s) and [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md). For more information about Enterprise licenses and the prerequisites, see [Windows Autopatch prerequisites](../prepare/windows-autopatch-prerequisites.md). For more information about features and capabilities, see [Features and capabilities](../overview/windows-autopatch-overview.md#features-and-capabilities).
### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-microsoft-365)
Microsoft 365 Apps for enterprise collects and shares data with Windows Autopatch to ensure those apps are up to date with the latest version. These updates are based on predefined update channels managed by Windows Autopatch. For more information on Microsoft 365 Apps's data collection and storage locations, see [Microsoft Defender for Endpoint data storage and privacy](/microsoft-365/enterprise/o365-data-locations).
---
## Major data change notification
Windows Autopatch follows a change control process as outlined in our service communication framework.
[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
We notify customers through the Microsoft 365 message center, and the Windows Autopatch admin center about security incidents and major changes to the service.
Changes to the types of data gathered and where it's stored are considered a material change. We'll provide a minimum of 30 days advanced notice of this change as it's standard practice for Microsoft 365 products and services.
Changes to the types of data gathered and storage are considered a material change. We provide a minimum of 30 days advanced notice of this change as it's standard practice for Microsoft 365 products and services.
## Data subject requests
@ -128,23 +178,31 @@ These rights include:
For more general information about Data Subject Requests (DSRs), see [Data Subject Requests and the GDPR and CCPA](/compliance/regulatory/gdpr-data-subject-requests).
To exercise data subject requests on data collected by the Windows Autopatch case management system, see the following data subject requests:
### [Business Premium and A3+](#tab/business-premium-a3-data-subjects)
| Data subject requests | Description |
| ------ | ------ |
| Data from Windows Autopatch support requests | Your IT administrator can request deletion, or extraction of data related support requests by submitting a report request at the [admin center](https://aka.ms/memadmin). <br><br> Provide the following information: <ul><li>Request type: Change request</li><li>Category: Security</li><li>Subcategory: Other</li><li>Description: Provide the relevant device names or user names.</li></ul> |
For DSRs from other products related to the service, see the following articles:
For Data Subject Requests from other products related to the service, see the following articles:
- [Windows diagnostic data](/compliance/regulatory/gdpr-dsr-windows)
- [Microsoft Intune data](/compliance/regulatory/gdpr-dsr-intune)
- [Microsoft Entra data](/compliance/regulatory/gdpr-dsr-azure)
### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-data-subjects)
To exercise data subject requests on data collected by the Windows Autopatch case management system, see the following data subject requests:
| Data subject requests | Description |
| --- | --- |
| Data from Windows Autopatch support requests | Your IT administrator can request deletion, or extraction of data related support requests by submitting a report request in the [admin center](https://go.microsoft.com/fwlink/?linkid=2109431). Provide the following information:<ul><li>Request type: Change request</li><li>Category: Security</li><li>Subcategory: Other</li><li>Description: Provide the relevant device names or usernames</li></ul> |
---
## Legal
[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
The following is Microsoft's privacy notice to end users of products provided by organizational customers.
The [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) notifies end users that when they sign into Microsoft products with a work account:
1. Their organization can control and administer their account (including controlling privacy-related settings), and access and process their data.
2. Microsoft may collect and process the data to provide the service to the organization and end users.
2. Microsoft might collect and process the data to provide the service to the organization and end users.