mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 10:23:37 +00:00
Unification GA
This commit is contained in:
tiaraquan
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Changes made at tenant enrollment
|
||||
description: This reference article details the changes made to your tenant when enrolling into Windows Autopatch
|
||||
ms.date: 12/13/2023
|
||||
title: Changes made at feature activation
|
||||
description: This reference article details the changes made to your tenant when you activate Windows Autopatch
|
||||
ms.date: 09/16/2024
|
||||
ms.service: windows-client
|
||||
ms.subservice: autopatch
|
||||
ms.topic: concept-article
|
||||
@ -15,9 +15,11 @@ ms.collection:
|
||||
- tier1
|
||||
---
|
||||
|
||||
# Changes made at tenant enrollment
|
||||
# Changes made at feature activation
|
||||
|
||||
The following configuration details explain the changes made to your tenant when enrolling into the Windows Autopatch service.
|
||||
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
|
||||
|
||||
The following configuration details explain the changes made to your tenant when consenting to Windows Autopatch feature activation with the Windows Autopatch service.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> The service manages and maintains the following configuration items. Don't change, edit, add to, or remove any of the configurations. Doing so might cause unintended configuration conflicts and impact the Windows Autopatch service.
|
||||
@ -40,60 +42,34 @@ The following groups target Windows Autopatch configurations to devices and mana
|
||||
|
||||
| Group name | Description |
|
||||
| ----- | ----- |
|
||||
| Modern Workplace-All | All Modern Workplace users |
|
||||
| Modern Workplace - Windows 11 Pre-Release Test Devices | Device group for Windows 11 Pre-Release testing. |
|
||||
| Modern Workplace Devices-All | All Autopatch devices |
|
||||
| Modern Workplace Devices-Virtual Machine | All Autopatch virtual devices |
|
||||
| Windows Autopatch-Devices all | All Autopatch devices |
|
||||
| Modern Workplace Devices-Windows Autopatch-Test | Deployment ring for testing update deployments prior production rollout |
|
||||
| Modern Workplace Devices-Windows Autopatch-First | First production deployment ring for early adopters |
|
||||
| Modern Workplace Devices-Windows Autopatch-Fast | Fast deployment ring for quick rollout and adoption |
|
||||
| Modern Workplace Devices-Windows Autopatch-Broad | Final deployment ring for broad rollout into the organization |
|
||||
| Modern Workplace Roles - Service Administrator | All users granted access to Modern Workplace Service Administrator Role |
|
||||
| Modern Workplace Roles - Service Reader | All users granted access to Modern Workplace Service Reader Role |
|
||||
| Windows Autopatch Device Registration | Group for automatic device registration for Windows Autopatch |
|
||||
| Modern Workplace Devices-WindowsAutopatch-Broad | Final deployment ring for broad rollout into the organization |
|
||||
|
||||
## Device configuration policies
|
||||
|
||||
- Windows Autopatch - Set MDM to Win Over GPO (Group Policy Objects)
|
||||
- Windows Autopatch - Data Collection
|
||||
|
||||
| Policy name | Policy description | Properties | Value |
|
||||
| ----- | ----- | ----- | ----- |
|
||||
| Windows Autopatch - Set MDM to Win Over GPO | Sets mobile device management (MDM) to win over GPO<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [MDM Wins Over GP](/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-MDMWinsOverGP) | <ul><li>MDM policy is used</li><li>GP policy is blocked</li></ul> |
|
||||
| Windows Autopatch - Data Collection | Windows Autopatch and Telemetry settings processes diagnostic data from the Windows device.<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ol><li>[Allow Telemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[Limit Enhanced Diagnostic Data Windows Analytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[Limit Dump Collection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[Limit Diagnostic Log Collection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ol>|<ol><li>Full</li><li>Enabled</li><li>Enabled</li><li>Enabled</li></ol> |
|
||||
|
||||
## Deployment rings for Windows 10 and later
|
||||
|
||||
- Modern Workplace Update Policy [Test]-[Windows Autopatch]
|
||||
- Modern Workplace Update Policy [First]-[Windows Autopatch]
|
||||
- Modern Workplace Update Policy [Fast]-[Windows Autopatch]
|
||||
- Modern Workplace Update Policy [Broad]-[Windows Autopatch]
|
||||
|
||||
| Policy name | Policy description | OMA | Value |
|
||||
| ----- | ----- | ----- | ----- |
|
||||
| Modern Workplace Update Policy [Test]-[Windows Autopatch | Windows Update for Business Configuration for the Test Ring<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li></ul>|<ul><li>MicrosoftProductUpdates</li><li>EnablePrereleasebuilds</li><li>UpgradetoLatestWin11</li><li>QualityUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesRollbackWindowInDays</li><li>BusinessReadyUpdatesOnly</li><li>AutomaticUpdateMode</li><li>InstallTime</li><li>DeadlineForFeatureUpdatesInDays</li><li>DeadlineForQualityUpdatesInDays</li><li>DeadlineGracePeriodInDays</li><li>PostponeRebootUntilAfterDeadline</li><li>DriversExcluded</li><li>RestartChecks</li><li>SetDisablePauseUXAccess</li><li>SetUXtoCheckforUpdates</li></ul>|<ul><li>Allow</li><li>Not Configured</li><li>No</li><li>0</li><li>0</li><li>30</li><li>All</li><li>WindowsDefault</li><li>3</li><li>5</li><li>0</li><li>0</li><li>False</li><li>False</li><li>Allow</li><li>Disable</li><li>Enable</li>|
|
||||
| Modern Workplace Update Policy [First]-[Windows Autopatch] | Windows Update for Business Configuration for the First Ring <p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-First</li></ul>|<ul><li>MicrosoftProductUpdates</li><li>EnablePrereleasebuilds</li><li>UpgradetoLatestWin11</li><li>QualityUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesRollbackWindowInDays</li><li>BusinessReadyUpdatesOnly</li><li>AutomaticUpdateMode</li><li>InstallTime</li><li>DeadlineForFeatureUpdatesInDays</li><li>DeadlineForQualityUpdatesInDays</li><li>DeadlineGracePeriodInDays</li><li>PostponeRebootUntilAfterDeadline</li><li>DriversExcluded</li><li>RestartChecks</li><li>SetDisablePauseUXAccess</li><li>SetUXtoCheckforUpdates</li></ul>|<ul><li>Allow</li><li>Not Configured</li><li>No</li><li>1</li><li>0</li><li>30</li><li>All</li><li>WindowsDefault</li><li>3</li><li>5</li><li>2</li><li>2</li><li>False</li><li>False</li><li>Allow</li><li>Disable</li><li>Enable</li>|
|
||||
| Modern Workplace Update Policy [Fast]-[Windows Autopatch] | Windows Update for Business Configuration for the Fast Ring<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ul>|<ul><li>MicrosoftProductUpdates</li><li>EnablePrereleasebuilds</li><li>UpgradetoLatestWin11</li><li>QualityUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesRollbackWindowInDays</li><li>BusinessReadyUpdatesOnly</li><li>AutomaticUpdateMode</li><li>InstallTime</li><li>DeadlineForFeatureUpdatesInDays</li><li>DeadlineForQualityUpdatesInDays</li><li>DeadlineGracePeriodInDays</li><li>PostponeRebootUntilAfterDeadline</li><li>DriversExcluded</li><li>RestartChecks</li><li>SetDisablePauseUXAccess</li><li>SetUXtoCheckforUpdates</li></ul>|<ul><li>Allow</li><li>Not Configured</li><li>No</li><li>6</li><li>0</li><li>30</li><li>All</li><li>WindowsDefault</li><li>3</li><li>5</li><li>2</li><li>2</li><li>False</li><li>False</li><li>Allow</li><li>Disable</li><li>Enable</li>|
|
||||
| Modern Workplace Update Policy [Broad]-[Windows Autopatch] | Windows Update for Business Configuration for the Broad Ring<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ul><li>MicrosoftProductUpdates</li><li>EnablePrereleasebuilds</li><li>UpgradetoLatestWin11</li><li>QualityUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesRollbackWindowInDays</li><li>BusinessReadyUpdatesOnly</li><li>AutomaticUpdateMode</li><li>InstallTime</li><li>DeadlineForFeatureUpdatesInDays</li><li>DeadlineForQualityUpdatesInDays</li><li>DeadlineGracePeriodInDays</li><li>PostponeRebootUntilAfterDeadline</li><li>DriversExcluded</li><li>RestartChecks</li><li>SetDisablePauseUXAccess</li><li>SetUXtoCheckforUpdates</li></ul>|<ul><li>Allow</li><li>Not Configured</li><li>No</li><li>9</li><li>0</li><li>30</li><li>All</li><li>WindowsDefault</li><li>3</li><li>5</li><li>5</li><li>2</li><li>False</li><li>False</li><li>Allow</li><li>Disable</li><li>Enable</li>|
|
||||
| Windows Autopatch - Data Collection | Windows Autopatch and Telemetry settings processes diagnostic data from the Windows device.<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ol><li>[Allow Telemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[Limit Enhanced Diagnostic Data Windows Analytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[Limit Dump Collection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[Limit Diagnostic Log Collection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ol>|<ol><li>Full</li><li>Enabled</li><li>Enabled</li><li>Enabled</li></ol> |
|
||||
|
||||
## Windows feature update policies
|
||||
|
||||
- Windows Autopatch - DSS Policy [Test]
|
||||
- Windows Autopatch - DSS Policy [First]
|
||||
- Windows Autopatch - DSS Policy [Fast]
|
||||
- Windows Autopatch - DSS Policy [Broad]
|
||||
- Modern Workplace DSS Policy [Windows 11]
|
||||
- Windows Autopatch - Global DSS Policy
|
||||
|
||||
| Policy name | Policy description | Value |
|
||||
| ----- | ----- | ----- |
|
||||
| Windows Autopatch - DSS Policy [Test] | DSS policy for Test device group | Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li></ul><br>Exclude from:<ul><li>Modern Workplace - Windows 11 Pre-Release Test Devices</li></ul>|
|
||||
| Windows Autopatch - DSS Policy [First] | DSS policy for First device group | Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace - Windows 11 Pre-Release Test Devices</li> |
|
||||
| Windows Autopatch - DSS Policy [Fast] | DSS policy for Fast device group | Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ul><br>Exclude from:<ul><li>Modern Workplace - Windows 11 Pre-Release Test Devices</li></ul> |
|
||||
| Windows Autopatch - Policy [Broad] | DSS policy for Broad device group | Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul><br>Exclude from:<ul><li>Modern Workplace - Windows 11 Pre-Release Test Devices</li></ul>|
|
||||
| Modern Workplace DSS Policy [Windows 11] | Windows 11 DSS policy | Assigned to:<ul><li>Modern Workplace - Windows 11 Pre-Release Test Devices</li></ul>|
|
||||
| Windows Autopatch - Global DSS Policy | Global DSS policy for Test device group with the required minimum OS version | Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li></ul><br>Exclude from:<ul><li>Modern Workplace - Windows 11 Pre-Release Test Devices</li></ul>|
|
||||
|
||||
## Microsoft Office update policies
|
||||
|
||||
> [!IMPORTANT]
|
||||
> By default, these policies are not deployed. You can opt-in to deploy these policies when you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md).<p>To update Microsoft Office, you must [create at least one Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md) and the toggle the must be set to [**Allow**](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates).</p>
|
||||
|
||||
- Windows Autopatch - Office Configuration
|
||||
- Windows Autopatch - Office Update Configuration [Test]
|
||||
- Windows Autopatch - Office Update Configuration [First]
|
||||
@ -102,21 +78,34 @@ The following groups target Windows Autopatch configurations to devices and mana
|
||||
|
||||
| Policy name | Policy description | Properties | Value |
|
||||
| ----- | ----- | ----- | ----- |
|
||||
| Windows Autopatch - Office Configuration | Sets Office Update Channel to the Monthly Enterprise servicing branch.<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>|<ol><li>Enable Automatic Updates</li><li>Hide option to enable or disable updates</li><li>Update Channel</li><li>Channel Name (Device)</li><li>Hide Update Notifications</li><li>Update Path</li><li>Location for updates (Device)</li></ol> |<ol><li>Enabled</li><li>Enabled</li><li>Enabled</li><li>Monthly Enterprise Channel</li><li>Disabled</li><li>Enabled</li><li>`http://officecdn.microsoft.com/pr/55336b82-a18d-4dd6-b5f6-9e5095c314a6`</li></ol> |
|
||||
| Windows Autopatch - Office Update Configuration [Test] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>|<ol><li>Enabled; `Days(Device) == 0 days`</li></li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
|
||||
| Windows Autopatch - Office Update Configuration [First] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-First</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol> | <ol><li>Enabled; `Days(Device) == 0 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
|
||||
| Windows Autopatch - Office Update Configuration [Fast] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ol>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <ol><li>Enabled; `Days(Device) == 3 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
|
||||
| Windows Autopatch - Office Update Configuration [Broad] | Sets the Office update deadline<br>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Broad</li>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <ol><li>Enabled; `Days(Device) == 7 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol> |
|
||||
| Windows Autopatch - Office Configuration | Sets Office Update Channel to the Monthly Enterprise servicing branch.<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>|<ol><li>Enable Automatic Updates</li><li>Hide option to enable or disable updates</li><li>Update Channel</li><li>Channel Name (Device)</li><li>Hide Update Notifications</li><li>Update Path</li><li>Location for updates (Device)</li></ol> |<ol><li>Enabled</li><li>Enabled</li><li>Enabled</li><li>Monthly Enterprise Channel</li><li>Disabled</li><li>Enabled</li><li>`http://officecdn.microsoft.com/pr/55336b82-a18d-4dd6-b5f6-9e5095c314a6`</li></ol> |
|
||||
| Windows Autopatch - Office Update Configuration [Test] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>|<ol><li>Enabled; `Days(Device) == 0 days`</li></li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
|
||||
| Windows Autopatch - Office Update Configuration [First] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-First</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol> | <ol><li>Enabled; `Days(Device) == 0 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
|
||||
| Windows Autopatch - Office Update Configuration [Fast] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ol>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <ol><li>Enabled; `Days(Device) == 3 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
|
||||
| Windows Autopatch - Office Update Configuration [Broad] | Sets the Office update deadline<br>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Broad</li>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <ol><li>Enabled; `Days(Device) == 7 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol> |
|
||||
|
||||
## Microsoft Edge update policies
|
||||
|
||||
> [!IMPORTANT]
|
||||
> By default, these policies are not deployed. You can opt-in to deploy these policies when you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md).<p>To update Microsoft Office, you must [create at least one Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md) and the toggle the must be set to [**Allow**](../manage/windows-autopatch-edge.md#allow-or-block-edge-updates).</p>
|
||||
|
||||
- Windows Autopatch - Edge Update Channel Stable
|
||||
- Windows Autopatch - Edge Update Channel Beta
|
||||
|
||||
| Policy name | Policy description | Properties | Value |
|
||||
| ----- | ----- | ----- | ----- |
|
||||
| Windows Autopatch - Edge Update Channel Stable | Deploys updates via the Edge Stable Channel<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><ol><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>| <ol><li>Target Channel Override </li><li>Target Channel (Device) </li></ol> | <ol><li>Enabled</li><li>Stable</li></ol>|
|
||||
| Windows Autopatch - Edge Update Channel Beta | Deploys updates via the Edge Beta Channel<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test </li></ol>| <ol><li>Target Channel Override</li><li>Target Channel (Device)</li></ol> | <ol><li>Enabled</li><li>Beta</li></ol>|
|
||||
| Windows Autopatch - Edge Update Channel Stable | Deploys updates via the Edge Stable Channel<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><ol><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>| <ol><li>Target Channel Override </li><li>Target Channel (Device) </li></ol> | <ol><li>Enabled</li><li>Stable</li></ol>|
|
||||
| Windows Autopatch - Edge Update Channel Beta | Deploys updates via the Edge Beta Channel<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test </li></ol>| <ol><li>Target Channel Override</li><li>Target Channel (Device)</li></ol> | <ol><li>Enabled</li><li>Beta</li></ol>|
|
||||
|
||||
## Driver updates for Windows 10 and later
|
||||
|
||||
> [!IMPORTANT]
|
||||
> By default, these policies are not deployed. You can opt-in to deploy these policies when you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md).<p>To update Microsoft Office, you must [create at least one Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md) and the toggle the must be set to [**Allow**](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group).</p>
|
||||
|
||||
- Windows Autopatch - Driver Update Policy [Test]
|
||||
- Windows Autopatch - Driver Update Policy [First]
|
||||
- Windows Autopatch - Driver Update Policy [Fast]
|
||||
- Windows Autopatch - Driver Update Policy [Broad]
|
||||
|
||||
## PowerShell scripts
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Conflicting configurations
|
||||
description: This article explains how to remediate conflicting configurations affecting the Windows Autopatch service.
|
||||
ms.date: 07/08/2024
|
||||
ms.date: 09/16/2024
|
||||
ms.service: windows-client
|
||||
ms.subservice: autopatch
|
||||
ms.topic: concept-article
|
||||
@ -15,12 +15,11 @@ ms.collection:
|
||||
- tier1
|
||||
---
|
||||
|
||||
# Conflicting configurations (public preview)
|
||||
# Conflicting configurations
|
||||
|
||||
> [!IMPORTANT]
|
||||
> This feature is in **public preview**. The feature is being actively developed and might not be complete.
|
||||
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
|
||||
|
||||
During Readiness checks, if there are devices with conflicting registry configurations, notifications are listed in the **Not ready** tab. The notifications include a list of alerts that explain why the device isn't ready for updates. Instructions are provided on how to resolve the issue(s). You can review any device marked as **Not ready** and remediate them to a **Ready** state.
|
||||
During Readiness checks, if there are devices with conflicting registry configurations, notifications are listed in the **Not ready** tab. The notifications include a list of alerts that explain why the device isn't ready for updates. Instructions are provided on how to resolve the issues. You can review any device marked as **Not ready** and remediate them to a **Ready** state.
|
||||
|
||||
Windows Autopatch monitors conflicting configurations. You're notified of the specific registry values that prevent Windows from updating properly. These registry keys should be removed to resolve the conflict. However, it's possible that other services write back the registry keys. It's recommended that you review common sources for conflicting configurations to ensure your devices continue to receive Windows Updates.
|
||||
|
||||
@ -28,7 +27,6 @@ The most common sources of conflicting configurations include:
|
||||
|
||||
- Active Directory Group Policy (GPO)
|
||||
- Configuration Manager Device client settings
|
||||
- Windows Update for Business (WUfB) policies
|
||||
- Manual registry updates
|
||||
- Local Group Policy settings applied during imaging (LGPO)
|
||||
|
||||
@ -42,7 +40,7 @@ Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate
|
||||
|
||||
## Resolving conflicts
|
||||
|
||||
Windows Autopatch recommends removing the conflicting configurations. The following remediation examples can be used to remove conflicting settings and registry keys when targeted at Autopatch-managed clients.
|
||||
Windows Autopatch recommends removing the conflicting configurations. The following remediation examples can be used to remove conflicting settings and registry keys when targeted at Autopatch-managed devices.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> **It's recommended to only target devices with conflicting configuration alerts**. The following remediation examples can affect devices that aren't managed by Windows Autopatch, be sure to target accordingly.
|
||||
@ -93,7 +91,7 @@ Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpda
|
||||
|
||||
### Batch file
|
||||
|
||||
Copy and paste the following code into a text editor, and save it with a `.cmd` extension, and execute against affected devices. This command removes registry keys that affect the Windows Autopatch service.
|
||||
Copy and paste the following code into a text editor, and save it with a `.cmd` extension, and execute against affected devices. This command removes registry keys that affect the Windows Autopatch service. For more information, see [Using batch files: Scripting: Management services](/previous-versions/windows/it-pro/windows-server-2003/cc758944(v=ws.10)?redirectedfrom=MSDN).
|
||||
|
||||
```cmd
|
||||
@echo off
|
||||
@ -120,7 +118,7 @@ Windows Registry Editor Version 5.00
|
||||
|
||||
## Common sources of conflicting configurations
|
||||
|
||||
The following examples can be used to validate if the configuration is persistent from one of the following services. The list isn't an exhaustive, and Admins should be aware that changes can affect devices not managed by Windows Autopatch and should plan accordingly.
|
||||
The following examples can be used to validate if the configuration is persistent from one of the following services. The list isn't an exhaustive, and Admins should plan for changes can affect devices not managed by Windows Autopatch.
|
||||
|
||||
### Group Policy management
|
||||
|
||||
@ -130,7 +128,7 @@ Group Policy management is the most popular client configuration tool in most or
|
||||
1. Navigate to **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **Windows Update**
|
||||
1. If a Policy **doesn't exist** in Windows Update, then it appears to not be Group Policy.
|
||||
1. If a Policy **exists** in Windows Update is present, modify or limit the target of the conflicting policy to resolve the Alert.
|
||||
1. If the **Policy name** is labeled **Local Group Policy**, these settings could have been applied during imaging or by Configuration Manager.
|
||||
1. If the **Policy name** is labeled **Local Group Policy**, these settings are applied during imaging or by Configuration Manager.
|
||||
|
||||
### Configuration Manager
|
||||
|
||||
@ -142,4 +140,4 @@ Configuration Manager is a common enterprise management tool that, among many th
|
||||
|
||||
## Third-party solutions
|
||||
|
||||
Third-party solutions can include any other product that may write configurations for the devices in question, such as MDMs (Mobile Device Managers) or Policy Managers.
|
||||
Third-party solutions can include any other product that might write configurations for the devices in question, such as MDMs (Mobile Device Managers) or Policy Managers.
|
||||
|
||||
Reference in New Issue
Block a user