Merge pull request #6650 from andredm7/andredm053120223

More updates to device registration; reviewed for grammar and broken links.

windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md

@@ -18,16 +18,21 @@ Before Microsoft can manage your devices in Windows Autopatch, you must have dev
 
 ## Before you begin
 
-Windows Autopatch to take over software updates management of supported devices as soon as an IT admin decides to have their tenant managed by Windows Autopatch. Windows Autopatch update management scope includes:
+Windows Autopatch can take over software update management of supported devices as soon as an IT admin decides to have their tenant managed by the service. The Windows Autopatch software update management scope includes:
 
 - [Windows quality updates](../operate/windows-autopatch-wqu-overview.md)
 - [Microsoft 365 Apps for enterprise updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md)
 - [Microsoft Edge updates](../operate/windows-autopatch-edge.md)
 - [Microsoft Teams updates](../operate/windows-autopatch-teams.md)
 
-You must choose what devices to manage with Windows Autopatch by adding either devices through direct membership or by nesting other Azure Active Directory (Azure AD) dynamic/assigned groups into the Azure Active Directory assigned **Windows Autopatch Device Registration** group. Windows Autopatch runs every hour to discover new devices added to this group. Once new devices are discovered, Windows Autopatch attempts to register these devices into its service.
+### About the use of an Azure AD group to register devices
 
-### Other nested Azure AD group supported scenarios
+You must choose what devices to manage with Windows Autopatch by either adding them through direct membership or by nesting other Azure AD dynamic/assigned groups into the **Windows Autopatch Device Registration** Azure AD assigned group. Windows Autopatch automatically runs every hour to discover new devices added to this group. Once new devices are discovered, Windows Autopatch attempts to register these devices into its service.
+
+> [!NOTE]
+> All devices that are intended to be managed by the Windows Autopatch service **must** be added into the **Windows Autopatch Device Registration** Azure AD assigned group. Devices can only be added to this group if they have an Azure AD device ID. Windows Autopatch scans the Azure AD group hourly to discover newly added devices to be registered.
+
+#### Supported scenarios when nesting other Azure AD groups
 
 Windows Autopatch also supports the following Azure AD nested group scenarios:
 
@@ -41,10 +46,10 @@ Windows Autopatch also supports the following Azure AD nested group scenarios:
 > [!TIP]
 > You can also use the **Discover Devices** button in either the Ready or Not ready tabs to discover devices from the Windows Autopatch Device Registration Azure AD group on demand.
 
-To be eligible for Windows Autopatch management, devices must meet a minimum set of required software-based prerequisites:
-
 ## Prerequisites
 
+To be eligible for Windows Autopatch management, devices must meet a minimum set of required software-based prerequisites:
+
 - Windows 10/11 64-bit Enterprise edition 1809+.
 - Either hybrid or Azure AD joined (personal devices aren't supported).
 - Managed by Microsoft Endpoint Manager
@@ -55,7 +60,7 @@ To be eligible for Windows Autopatch management, devices must meet a minimum set
 			- Office Click-to-run
 - Last Intune device check-in completed within the last 28 days.  
 
-For more information about each prerequisite check, see the [Prerequisites](../prepare/windows-autopatch-prerequisites.md) article.
+For more details on each prerequisite check, see the [Prerequisites](../prepare/windows-autopatch-prerequisites.md) article.
 
 ## About Devices Ready and Not ready tabs
 
@@ -66,19 +71,29 @@ Windows Autopatch introduces a new user interface to help IT admins manage devic
 
 | Tab | Purpose |
 | ----- | ----- |
-| Ready tab | The purpose of the Ready tab is to show devices that were successfully registered to the Windows Autopatch service and that have met on-going device health requirements. |
+| Ready tab | The purpose of the Ready tab is to show devices that were successfully registered to the Windows Autopatch service and that have met post-registration device health requirements. |
-| Not ready tab | The purpose of the Not ready tab is to show devices that didn't successfully register into the Windows Autopatch service, or didn't pass one of the device readiness checks. This tab is intended to help customers identify and remediate devices that don't meet device readiness checks.<p><p>Devices successfully registered and healthy don't show up in the Not ready tab. |
+| Not ready tab | The purpose of the Not ready tab is to show devices that didn't successfully register into the Windows Autopatch service, or didn't pass one of the post-registration health requirements. This tab is intended to help customers identify and remediate devices that don't meet either pre or post-registration device readiness checks.<p><p>Devices successfully registered and healthy don't appear in the Not ready tab. |
 
 ## Built-in roles required for device registration
 
 A role defines the set of permissions granted to users assigned to that role. You can use one of the following built-in roles in Windows Autopatch to register devices:
 
 - Azure AD Global Administrator
+- Service Support Administrator
 - Intune Service Administrator
 - Modern Workplace Intune Administrator
 
+For more information, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference) and  [Role-based access control (RBAC) with Microsoft Intune](/mem/intune/fundamentals/role-based-access-control).
+
 > [!NOTE]
-> The Modern Workplace Intune Admin role is a custom created role in Windows Autopatch. This role can assign administrators to Endpoint Manager roles, and allows you to create and configure custom Endpoint Manager roles.
+> The Modern Workplace Intune Admin role is a custom created role during the Windows Autopatch tenant enrollment process. This role can assign administrators to Endpoint Manager roles, and allows you to create and configure custom Endpoint Manager roles.
+
+## Details about the device registration process
+
+Registering your devices in Windows Autopatch does the following:
+
+1. Makes a record of devices in the service.
+2. Assign devices into the ring groups and other groups required for software updates management.
 
 ## Steps to register devices
 
@@ -93,7 +108,7 @@ A role defines the set of permissions granted to users assigned to that role. Yo
 Once devices or Azure AD groups containing devices are added to the **Windows Autopatch Device Registration** group, Windows Autopatch discovers these devices and runs device-level prerequisite checks to try to register them.
 
 > [!IMPORTANT]
-> It might take up to an hour for a device to change its statuses from **Ready for User** to **Active** in the Ready tab during the public preview.
+> It might take up to an hour for a device to change its status from **Ready for User** to **Active** in the Ready tab during the public preview.
 
 ## Other device lifecycle management scenarios
 
@@ -115,4 +130,5 @@ If you need to repair a device that was previously registered into the Windows A
 
 When one of these hardware changes occurs, Azure AD creates a new device ID record for that device, even if it's technically the same device.
 
-Any device that needs to be registered into the Windows Autopatch service must be added into the **Windows Autopatch Device Registration** Azure AD assigned group. Devices can only be added to this group if they have an Azure AD device record ID. Windows Autopatch scans the Azure AD group to discover the new device and brings it in to be registered.
+> [!IMPORTANT]
+> If a new Azure AD device ID is generated for a device that was previously registered into Windows Autopatch, even if it's the same device, the new Azure AD device ID must be added either through device direct membership or through nested Azure AD dynamic/assigned group into the **Windows Autopatch Device Registration** group. This process guarantees the newly generated Azure AD device ID is registered with Windows Autopatch and that the device continues to have its software updates managed by the service.