deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Autopatch NFA release

Browse Source
This commit is contained in:
tiaraquan
2025-03-26 15:13:51 -07:00
parent d926a66eb3
commit 2d10e02480
46 changed files with 468 additions and 848 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/deployment/windows-autopatch/manage/windows-autopatch-driver-and-firmware-update-programmatic-controls.md
View File

@ -14,7 +14,7 @@ ms.localizationpriority: medium
appliesto:
-<a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-<a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
ms.date: 09/24/2024
ms.date: 03/31/2025
---
# Programmatic controls for drivers and firmware updates

76
windows/deployment/windows-autopatch/manage/windows-autopatch-edge.md
View File

@ -1,7 +1,7 @@
---
title: Microsoft Edge
description: This article explains how Microsoft Edge updates are managed in Windows Autopatch
ms.date: 09/16/2024
ms.date: 03/31/2025
ms.service: windows-client
ms.subservice: autopatch
ms.topic: how-to
@ -17,13 +17,8 @@ ms.collection:
# Microsoft Edge
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
Windows Autopatch uses the [Stable Channel](/deployedge/microsoft-edge-channels#stable-channel) of Microsoft Edge.
> [!IMPORTANT]
> To update Microsoft 365 Apps for enterprise, you must [create at least one Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group) first and **Microsoft Edge update setting** must be set to [**Allow**](#allow-or-block-microsoft-edge-updates). For more information on workloads supported by Windows Autopatch groups, see [Software update workloads](../deploy/windows-autopatch-groups-overview.md#software-update-workloads).
## Device eligibility
For a device to be eligible for Microsoft Edge updates as a part of Windows Autopatch, they must meet the following criteria:
@ -33,44 +28,65 @@ For a device to be eligible for Microsoft Edge updates as a part of Windows Auto
- The device must be able to access the required network endpoints to reach the Microsoft Edge update service.
- If Microsoft Edge is open, it must restart for the update process to complete.
## Allow or block Microsoft Edge updates
## Microsoft Edge update controls
> [!IMPORTANT]
> You must be an Intune Administrator to make changes to the setting.
With the expanded Autopatch group capabilities, you can choose to enable Microsoft Edge updates on a per Autopatch group level. Depending on your tenant settings, one of the following scenarios occurs:
For organizations seeking greater control, you can allow or block Microsoft Edge updates for Windows Autopatch-enrolled devices.
- Tenants that previously turned on Autopatch Microsoft Edge updates, has the Microsoft Edge updates Update Type checkbox selected, and the updated policies applied to each Autopatch group.
- Tenants that previously turned off Autopatch Microsoft Edge updates, or are new to Windows Autopatch, Autopatch Microsoft Edge updates remain turned off.
| Microsoft Edge setting | Description |
| ----- | ----- |
| **Allow** | When set to **Allow**, Windows Autopatch assigns devices to Microsoft Edge's [Stable Channel](/deployedge/microsoft-edge-channels#stable-channel). To manage updates manually, set the Microsoft Edge setting to **Block**. |
| **Block** | When set to **Block**, Windows Autopatch doesn't assign devices to Microsoft Edge's [Stable Channel](/deployedge/microsoft-edge-channels#stable-channel) updates on your behalf, and your organizations have full control over these updates. You can continue to receive updates from [channels](/deployoffice/overview-update-channels) other than the default [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview). |
If you [created an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group) and selected Microsoft Edge updates as a content type, the **Update Type** checkbox is **selected**, with new policies created and any available old policies are removed. If you didnt select Microsoft Edge updates as a content type upon creating an Autopatch group, the **Update Type** checkbox is **unselected**. Any available customized policies are retained and appear in the **Policies** tab.
**To allow or block Edge updates:**
### Turn on Microsoft Edge updates
**To turn on Microsoft Edge updates:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Navigate to **Tenant administration** > **Windows Autopatch** > **Autopatch groups** > **Update settings**.
1. Go to the **Edge updates** section. By default, the Allow/Block toggle is set to **Block**.
1. Turn off the **Allow** toggle (set to Block) to opt out of Microsoft Edge update policies. You see the notification: *Update in process. This setting will be unavailable until the update is complete.*
1. Once the update is complete, you receive the notification: *This setting is updated*.
1. Navigate to**Tenant Administration** >**Windows Autopatch** > **Autopatch groups**.
1. Select an Autopatch group to modify (repeat these steps for each group).
1. Next to **Update types**, select**Edit**.
1. Select**Microsoft Edge updates**.
1. Select**Next: Deployment settings** > **Next: Release schedules** > **Next: Review + save** > **Save** to save these changes.
1. We recommend deleting old Autopatch default policies to avoid policy conflict. Navigate to**Devices** > **Manage devices** > **Configuration** > **Policies** tab.
1. Manually remove the following profiles related to Microsoft Edge
1. Windows Autopatch - Microsoft Edge Update Channel Beta
1. Windows Autopatch - Microsoft Edge Update Channel Stable
> [!NOTE]
> If the notification: *This setting couldn't be updated. Please try again or submit a support request.* appears, use the following steps:<ol><li>Refresh your page.</li><li>Please repeat the same steps in To allow or block Edge updates.</li><li>If the issue persists, [submit a support request](../manage/windows-autopatch-support-request.md).</li>
> If you previously selected **Microsoft Edge updates** when [creating an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group), but your tenant isn't showing the new updates, theres a possibility that you previously modified the policy. To ensure there are no disruptions, the Autopatch Service retains that policy.
**To verify if the Edge update setting is set to Allow:**
### Turn off Microsoft Edge updates
**To turn off Microsoft Edge updates:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Navigate to **Devices** > **Configuration profiles** > **Profiles**.
3. The following profiles should be discoverable from the list of profiles:
1. Windows Autopatch - Microsoft Edge Update Channel Stable
2. Windows Autopatch - Microsoft Edge Update Channel Beta
1. Navigate to**Tenant Administration** >**Windows Autopatch** > **Autopatch groups**.
1. Select an Autopatch group to modify (repeat these steps for each group).
1. Next to **Update types**, select**Edit**.
1. Unselect**Microsoft Edge updates**.
1. Select**Next: Deployment settings** > **Next: Release schedules** > **Next: Review + save** > **Save** to save these changes.
**To verify if the Edge update setting is set to Block:**
### Verify Microsoft Edge updates policies
**To verify Microsoft Edge updates policies:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Navigate to **Devices** > **Configuration profiles** > **Profiles**.
3. The following **five** profiles should be removed from your list of profiles and no longer visible/active. Use the Search with the keywords "Microsoft Edge Configuration". The result should return *0 profiles filtered*.
1. Navigate to**Tenant Administration** >**Windows Autopatch** > **Autopatch groups**.
1. Verify each Autopatch group has the **Microsoft Edge Update Type** checkbox **selected**.
1. Navigate to**Devices** > **Manage devices** > **Configuration** > **Policies** tab.
1. The following new policies should be discoverable from the list of profiles:
1. `"Windows Autopatch Microsoft Edge Update Policy - <group name> - <ring name>"`
1. The following profiles should be removed from your list of profiles and no longer visible/active. Use the Search with the keywords "Microsoft Edge Update Channel". The result should return *0 profiles filtered*.
1. Windows Autopatch - Microsoft Edge Update Channel Beta
1. Windows Autopatch - Microsoft Edge Update Channel Stable
2. Windows Autopatch - Microsoft Edge Update Channel Beta
### Verify Microsoft Edge updates policies are created
**To verify Microsoft Edge updates policies are created:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Navigate to**Devices** >**Manage devices** > **Configuration** > **Policies**.
1. Confirm the new policies are named:`"Windows Autopatch Microsoft Edge Update Policy - <group name> - <ring name>"`
## Update release schedule
@ -86,4 +102,4 @@ Currently, Windows Autopatch can't pause or resume Microsoft Edge updates.
## Incidents and outages
If you're experiencing issues related to Microsoft Edge updates, [submit a support request](../operate/windows-autopatch-support-request.md).
If you're experiencing issues related to Microsoft Edge updates, [submit a support request](../operate/windows-autopatch-support-request.md). You can only submit a support request if you have E3+ or F licenses. For more information, see [Features and capabilities](../overview/windows-autopatch-overview.md#features-and-capabilities)

8
windows/deployment/windows-autopatch/manage/windows-autopatch-exclude-device.md
View File

@ -1,7 +1,7 @@
---
title: Exclude a device
description: This article explains how to exclude a device from the Windows Autopatch service
ms.date: 09/16/2024
ms.date: 03/31/2025
ms.service: windows-client
ms.subservice: autopatch
ms.topic: how-to
@ -16,8 +16,6 @@ ms.collection:
# Exclude a device
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
To avoid end-user disruption, excluding a device in Windows Autopatch only deletes the Windows Autopatch device record itself. Excluding a device can't delete the Microsoft Intune and/or the Microsoft Entra device records. Microsoft assumes you manage those devices yourself in some capacity.
When you exclude a device from the Windows Autopatch service, the device is flagged as **Excluded** so Windows Autopatch doesn't try to restore the device into the service again. The exclusion command doesn't trigger device membership removal from any other Microsoft Entra group, used with Autopatch groups.
@ -34,11 +32,11 @@ When you exclude a device from the Windows Autopatch service, the device is flag
1. Once a device or multiple devices are selected, select **Device actions**. Then, select **Exclude device**.
> [!WARNING]
> Excluding devices from the Windows Autopatch Device Registration group, or any other Microsoft Entra group, used with Autopatch groups doesn't exclude devices from the Windows Autopatch service.
> When you exclude devices from the Windows Autopatch Device Registration group, or any other Microsoft Entra group, used with Autopatch groups doesn't exclude devices from the Windows Autopatch service.
## Only view excluded devices
You can view the excluded devices in the [**Devices report**](../deploy/windows-autopatch-register-devices.md#devices-report) to make it easier for you to bulk restore devices that were previously excluded from the Windows Autopatch service.
You can view the excluded devices in the [**Autopatch groups membership report**](../deploy/windows-autopatch-register-devices.md#autopatch-groups-membership-report) to make it easier for you to bulk restore devices that were previously excluded from the Windows Autopatch service.
**To view only excluded devices:**

22
windows/deployment/windows-autopatch/manage/windows-autopatch-groups-policies.md
View File

@ -1,7 +1,7 @@
---
title: Autopatch group policies
description: This article describes Autopatch group policies
ms.date: 09/16/2024
ms.date: 03/31/2025
ms.service: windows-client
ms.subservice: autopatch
ms.topic: how-to
@ -17,26 +17,32 @@ ms.collection:
# Autopatch group policies
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
The following Autopatch group policies are only created when you create an Autopatch group.
## Update rings policy for Windows 10 and later
Update rings policy for Windows 10 and later
Autopatch groups set up the [Update rings policy for Windows 10 and later](/mem/intune/protect/windows-10-update-rings) for each of its deployment rings in the Default Autopatch group. See the following default policy values:
Autopatch groups create one Windows 10 Update Ring policy for each deployment ring you specify. These rings configure important update settings like automatic update behavior, deferrals, deadlines, and grace periods. See the following preset default policy values for restart-sensitive devices where the deadline and grace period aren't configured.
| Policy name | Quality updates deferral in days | Feature updates deferral in days | Feature updates uninstall window in days | Deadline for quality updates in days | Deadline for feature updates in days | Grace period | Auto restart before deadline |
| ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
| Test | 0 | 0 | 30 | 0 | 5 | 0 | Yes |
| Ring 1 | 1 | 0 | 30 | 2 | 5 |2 | Yes |
| Ring 2 | 6 | 0 | 30 | 2 | 5 | 2 | Yes |
| Ring 2 | 5 | 0 | 30 | 2 | 5 | 2 | Yes |
| Ring 3 | 9 | 0 | 30 | 5 | 5 | 2 | Yes |
| Last | 11 | 0 | 30 | 3 | 5 | 2 | Yes |
| Last | 10 | 0 | 30 | 3 | 5 | 2 | Yes |
## Feature update policy for Windows 10 and later
If features updates are [selected as a content type for an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group), a feature update policy is created with the Microsoft Entra groups for each update ring assigned to it. This policy does the following:
- Ensures existing devices on the target version dont update beyond that version.
- If new devices are added to the Autopatch group and are below your target version, the devices are updated to the target version.
To achieve this outcome, the feature update policy is configured for immediate start as required.
> [!IMPORTANT]
> To safely deploy a new feature update, Autopatch recommends using a custom Windows feature update release. The custom release allows you to choose how and when different deployment rings receive the update. Autopatch doesn't recommend updating the minimum version within an Autopatch group until your rollout is complete. Doing so initiates a rollout which starts immediately for all members of that group.<p>Once you create a custom Windows feature update release, the Autopatch group's deployment rings are unassigned from that groups feature update policy.</p>
Autopatch groups set up the [feature updates for Windows 10 and later policies](/mem/intune/protect/windows-10-feature-updates) for each of its deployment rings in the Default Autopatch group, see the following default policy values:
| Policy name |Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |

4
windows/deployment/windows-autopatch/manage/windows-autopatch-hotpatch-updates.md
View File

@ -1,7 +1,7 @@
---
title: Hotpatch updates
description: Use Hotpatch updates to receive security updates without restarting your device
ms.date: 02/03/2025
ms.date: 03/31/2025
ms.service: windows-client
ms.subservice: autopatch
ms.topic: how-to
@ -17,8 +17,6 @@ ms.collection:
# Hotpatch updates (public preview)
[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
> [!IMPORTANT]
> This feature is in public preview. It's being actively developed and might not be complete. They're made available on a "Preview" basis. You can test and use these features in production environments and scenarios and provide feedback.

61
windows/deployment/windows-autopatch/manage/windows-autopatch-manage-autopatch-groups.md
View File

@ -1,7 +1,7 @@
---
title: Manage Windows Autopatch groups
description: This article explains how to manage Autopatch groups
ms.date: 09/16/2024
ms.date: 03/31/2025
ms.service: windows-client
ms.subservice: autopatch
ms.topic: how-to
@ -17,21 +17,22 @@ ms.collection:
# Manage Windows Autopatch groups
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
Autopatch groups help Microsoft Cloud-Managed services meet organizations where they are in their update management journey.
An Autopatch group is a logical container or unit that groups several [Microsoft Entra groups](/azure/active-directory/fundamentals/active-directory-groups-view-azure-portal), and software update policies, such as [Update rings policy for Windows 10 and later](/mem/intune/protect/windows-10-update-rings) and [feature updates policy for Windows 10 and later policies](/mem/intune/protect/windows-10-feature-updates).
An Autopatch group is a logical container or unit that groups several [Microsoft Entra groups](/entra/fundamentals/groups-view-azure-portal), and software update policies, such as [Update rings policy for Windows 10 and later](/mem/intune/protect/windows-10-update-rings), [feature updates for Windows 10 and later policies](/mem/intune/protect/windows-10-feature-updates), [driver update policies](../manage/windows-autopatch-manage-driver-and-firmware-updates.md), [Microsoft 365 App update policies](../manage/windows-autopatch-microsoft-365-policies.md), and [Microsoft Edge update policies](../manage/windows-autopatch-edge.md).
Before you start managing Autopatch groups, ensure you meet the [Windows Autopatch groups prerequisites](../deploy/windows-autopatch-groups-overview.md#prerequisites).
> [!NOTE]
> If you reach the maximum number of Autopatch groups supported (300), and try to create more Autopatch groups, the "Create" option in the Autopatch groups blade is greyed out.
## Create an Autopatch group
> [!IMPORTANT]
> Windows Autopatch creates the device-based Microsoft Entra ID assigned groups based on the choices made in the deployment ring composition page. Additionally, the service assigns the update ring policies for each deployment ring created in the Autopatch group based on the choices made in the Windows Update settings page as part of the Autopatch group guided end-user experience.
> [!TIP]
> For more information on workloads supported by Windows Autopatch groups, see [Supported software workloads](../deploy/windows-autopatch-groups-overview.md#software-update-workloads).<ul><li>To manage Microsoft 365 Apps for enterprise, you must create an Autopatch group first and [set the Microsoft 365 app update setting to Allow](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates).</li><li>To manage Microsoft Edge updates, you must create an Autopatch group first and [set the Edge update setting to Allow](../manage/windows-autopatch-edge.md#allow-or-block-microsoft-edge-updates).</li></ul>
> For more information on workloads supported by Windows Autopatch groups, see [Supported software workloads](../deploy/windows-autopatch-groups-overview.md#software-update-workloads).
**To create an Autopatch group:**
@ -41,37 +42,55 @@ Before you start managing Autopatch groups, ensure you meet the [Windows Autopat
1. In the **Autopatch groups** blade, select **Create**.
1. In the **Basics** page, enter a **name** and a **description** then select **Next: Deployment rings**.
1. Enter up to 64 characters for the Autopatch group name and 150 characters maximum for the description. The Autopatch group name is appended to both the update rings and the DSS policy names that get created once the Autopatch group is created.
1. In the **Deployment rings** page, select **Add deployment ring** to add the number of deployment rings to the Autopatch group.
1. In the **Deployment rings** page, select **Add deployment ring** to add the number of deployment rings to the Autopatch group. Autopatch assigns a default rollout schedule to ensure gradual deployment with deferral and deadline periods ranging from one to 20 days. When a new ring is added, its default deferral and deadline are spaced with existing rings to maintain deferral and deadline period compliance. Therefore, the deferral and deadline period of the new ring might be before or after the previous ring. Adding a new ring doesnt modify the deferral or deadline of already existing rings. Autopatch doesnt set deadlines on Sundays. The deadline is scheduled for the following Monday.
1. Each new deployment ring added must have either a Microsoft Entra device group assigned to it, or a Microsoft Entra group that is dynamically distributed across your deployments rings using defined percentages.
1. In the **Dynamic groups** area, select **Add groups** to select one or more existing device-based Microsoft Entra groups to be used for Dynamic group distribution.
1. In the **Dynamic group distribution** column, select the desired deployment ring checkbox. Then, either:
1. Enter the percentage of devices that should be added from the Microsoft Entra groups selected in step 9. The percentage calculation for devices must equal to 100%, or
1. Select **Apply default dynamic group distribution** to use the default values.
1. In the **Assigned group** column, select **Add group to ring** to add an existing Microsoft Entra group to any of the defined deployment rings. The **Test** and **Last** deployment rings only support Assigned group distribution. These deployment rings don't support Dynamic distribution.
1. Select **Next: Windows Update settings**.
1. Select the **horizontal ellipses (…)** > **Manage deployment cadence** to [customize your gradual rollout of Windows quality and feature updates](../manage/windows-autopatch-customize-windows-update-settings.md). Select **Save**.
1. Select the **horizontal ellipses (…)** > **Manage notifications** to customize the end-user experience when receiving Windows updates. Select **Save**.
1. Select **Next: Update types**. Select the types of updates you want Windows Autopatch to create policies for. You can select:
1. Quality updates
1. Feature updates
1. Driver updates
1. Microsoft 365 apps updates
1. Microsoft Edge updates
1. Select **Next: Deployment settings**. If you selected quality updates and Microsoft 365 apps updates in Step 9, these updates are deployed automatically.Use the dropdown menu to select:
1. The target version for feature updates
1. The approval method for driver updates
1. The channel for Microsoft Edge updates
1. Select **Next: Release schedules**. In this page, select one of the following release schedule presets from the **Select a release schedule preset** dropdown menu:
1. Information worker: Single-user devices that are used in most workplaces
1. Shared device: Devices that are used by multiple users over a period of time
1. Kiosks and billboards: High uptime devices used to accomplish a specific task that hides notifications and restart at specific times
1. Reboot-sensitive devices: Devices that cant be interrupted in the middle of a task and only update at a scheduled time
1. The Windows update installation, reboot, and notification behavior setting is based on the selected release schedule preset (in step 11). The setting determines how the Windows Update client behaves for all update types that you selected in Step 9. You can:
1. Edit the deferrals, deadlines, grace periods as needed
1. Edit the deployment rings as necessary
1. If you made changes, but want to start over, select **Reset to preset values [release schedule preset]**. The reset is dependent on which release schedule preset you selected in step 12.
1. Select **Review + create** to review all changes made.
1. Once the review is done, select **Create** to save your Autopatch group.
> [!CAUTION]
> **Don't** modify the Microsoft Entra group membership types (Assigned and Dynamic). Otherwise, the Windows Autopatch service won't be able to read the device group membership from these groups, and causes the Autopatch groups feature and other service-related operations to not work properly.<p>Additionally, it's not supported to have Configuration Manager collections directly synced to any Microsoft Entra group created by Autopatch groups.</p>
> **Don't** modify the Microsoft Entra group membership types (Assigned and Dynamic). Otherwise, the Windows Autopatch service isn't able to read the device group membership from these groups, and causes the Autopatch groups feature and other service-related operations to not work properly.<p>Additionally, it's not supported to have Configuration Manager collections directly synced to any Microsoft Entra group created by Autopatch groups.</p>
> [!CAUTION]
> A device-based Microsoft Entra group can only be used with one deployment ring in an Autopatch group at a time. This applies to deployment rings within the same Autopatch group and across different deployment rings across different Autopatch groups. If you try to create or edit an Autopatch group to use a device-based Microsoft Entra group that's been already used, you'll receive an error that prevents you from creating or editing the Autopatch group.
> A device-based Microsoft Entra group can only be used with one deployment ring in an Autopatch group at a time. This applies to deployment rings within the same Autopatch group and across different deployment rings across different Autopatch groups. If you try to create or edit an Autopatch group to use a device-based Microsoft Entra group that is already used, an error occurs that prevents you from creating or editing the Autopatch group.
## Edit an Autopatch group
> [!TIP]
> You can't edit an Autopatch group when there's one or more Windows feature update releases targeted to it. If you try to edit an Autopatch group with one or more ongoing Windows feature update releases targeted to it, you get the following informational banner message: "**Some settings are not allowed to be modified as there's one or more on-going Windows feature update release targeted to this Autopatch group.**"
> You can't edit an Autopatch group when there's one or more Windows feature update releases targeted to it. If you try to edit an Autopatch group with one or more ongoing Windows feature update releases targeted to it, you get the following informational banner message: "**Some settings are not allowed to be modified as there's one or more ongoing Windows feature update release targeted to this Autopatch group.**"
> For more information on release and phase statuses, see [Windows feature update](../manage/windows-autopatch-windows-feature-update-overview.md).
**To edit an Autopatch group:**
1. Select the **horizontal ellipses (…)** > **Edit** for the Autopatch group you want to edit.
1. You can only modify the **description** of an Autopatch group. You **can't** modify the name. Once the description is modified, select **Next: Deployment rings**. To rename an Autopatch group, see [Rename an Autopatch group](#rename-an-autopatch-group).
1. Make the necessary changes in the **Deployment rings** page, then select **Next: Windows Update settings**.
1. Make the necessary changes in the **Windows Update settings** page, then select **Next: Review + save**.
1. In the **Basics** page, you can only modify the **description** of an Autopatch group. You **can't** modify the name. Once the description is modified, or if you don't need to edit the description, select **Next: Deployment rings**. To rename an Autopatch group, see [Rename an Autopatch group](#rename-an-autopatch-group).
1. In the **Deployment rings** page, edit your deployment rings as necessary or select **Next: Update types**.
1. In the **Update types** page, add or remove update types as necessary, or select **Next: Deployment settings**.
1. In the **Deployment settings** page, edit the deployment settings as necessary, or select **Next: Release schedule**.
1. In the **Release schedule** page, edit the deferral and/or deadline day as necessary. If you need to change the release schedule preset, you must create a new Autopatch group.
1. Select **Review + create** to review all changes made.
1. Once the review is done, select **Save** to finish editing the Autopatch group.
@ -79,7 +98,7 @@ Before you start managing Autopatch groups, ensure you meet the [Windows Autopat
> Windows Autopatch creates the device-based Microsoft Entra ID assigned groups based on the choices made in the deployment ring composition page. Additionally, the service assigns the update ring policies for each deployment ring created in the Autopatch group based on the choices made in the Windows Update settings page as part of the Autopatch group guided end-user experience.
> [!CAUTION]
> If a device that was previously added to an Autopatch group uses an Entra group (via Assigned groups or Dynamic distribution method) is removed from the Entra group, the device is removed and de-registered from the Autopatch service. The removed device no longer has any Autopatch service-created policies applied to it and the device won't appear in the Autopatch devices reports.
> If a device that was previously added to an Autopatch group uses a Microsoft Entra group (via Assigned groups or Dynamic distribution method) is removed from the Microsoft Entra group, the device is removed and deregistered from the Autopatch service. The removed device no longer has any Autopatch service-created policies applied to it and the device doesn't appear in the Autopatch groups membership report.
## Rename an Autopatch group
@ -89,7 +108,7 @@ Before you start managing Autopatch groups, ensure you meet the [Windows Autopat
1. In the **New Autopatch group name**, enter the new Autopatch group name of your choice, then select **Rename group**.
> [!IMPORTANT]
> Autopatch supports up to 64 characters for the Autopatch group name. Additionally, when you rename a Autopatch group all [update rings for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-update-rings) and [feature updates for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-feature-updates) associated with the Autopatch group are renamed to include the new Autopatch group name you define in its name string. Also, when renaming an Autopatch group all Microsoft Entra groups representing the Autopatch group's deployment rings are renamed to include the new Autopatch group name you define in its name string.
> Autopatch supports up to 64 characters for the Autopatch group name. Additionally, when you rename an Autopatch group all [update rings for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-update-rings) and [feature updates for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-feature-updates) associated with the Autopatch group are renamed to include the new Autopatch group name you define in its name string. Also, when renaming an Autopatch group all Microsoft Entra groups representing the Autopatch group's deployment rings are renamed to include the new Autopatch group name you define in its name string.
## Delete an Autopatch group
@ -99,7 +118,7 @@ Before you start managing Autopatch groups, ensure you meet the [Windows Autopat
1. Select **Yes** to confirm you want to delete the Autopatch group.
> [!CAUTION]
> You can't delete an Autopatch group when it's being used as part of one or more active or paused feature update releases. However, you can delete an Autopatch group when the release for either Windows quality or feature updates have either the **Scheduled** or **Paused** statuses.
> You can't delete an Autopatch group when it's being used as part of one or more active or paused feature update releases. However, you can delete an Autopatch group when the release for either Windows quality or feature updates has either the **Scheduled** or **Paused** statuses.
## Manage device conflict scenarios when using Autopatch groups
@ -108,7 +127,7 @@ Overlap in device membership is a common scenario when working with device-based
Since Autopatch groups allow you to use your existing Microsoft Entra groups to create your own deployment ring composition, the service takes on the responsibility of monitoring and automatically solving some of the device conflict scenarios that might occur.
> [!CAUTION]
> A device-based Microsoft Entra group can only be used with one deployment ring in an Autopatch group at a time. This applies to deployment rings within the same Autopatch group and across different deployment rings across different Autopatch groups. If you try to create or edit an Autopatch group to use a device-based Microsoft Entra group that's been already used, you'll receive an error that prevents you from creating or editing the Autopatch group.
> A device-based Microsoft Entra group can only be used with one deployment ring in an Autopatch group at a time. This applies to deployment rings within the same Autopatch group and across different deployment rings across different Autopatch groups. If you try to create or edit an Autopatch group to use a device-based Microsoft Entra group that is already used, an error occurs that prevents you from creating or editing the Autopatch group.
### Device conflict in deployment rings within an Autopatch group
@ -120,7 +139,7 @@ Autopatch groups use the following logic to solve device conflicts on your behal
| Step 2: Checks for deployment ring ordering when device belongs to one or more deployment ring with the same distribution type (**Assigned** or **Dynamic**) | For example, if a device is part of one deployment ring with **Assigned** distribution (Test), and in another deployment ring with **Assigned** distribution (Ring3) within the **same** Autopatch group, the deployment ring that comes later (Ring3) takes precedence over the deployment ring that comes earlier (Test) in the deployment ring order. |
> [!IMPORTANT]
> When a device belongs to a deployment ring that has combined distribution types (**Assigned** and **Dynamic**), and a deployment ring that has only the **Dynamic** distribution type, the deployment ring with the combined distribution types takes precedence over the one with only the **Dynamic** distribution. If a device belongs to two deployment rings that have combined distribution types (**Assigned** and **Dynamic**), the deployment ring that comes later takes precedence over the deployment ring that comes earlier in the deployment ring order.
> When a device belongs to a deployment ring that contains combined distribution types (**Assigned** and **Dynamic**), and a deployment ring that has only the **Dynamic** distribution type, the deployment ring with the combined distribution types takes precedence over the one with only the **Dynamic** distribution. If a device belongs to two deployment rings that contains combined distribution types (**Assigned** and **Dynamic**), the deployment ring that comes later takes precedence over the deployment ring that comes earlier in the deployment ring order.
### Device conflict across different Autopatch groups
@ -130,7 +149,7 @@ Device conflict across different deployment rings in different Autopatch groups
| Conflict scenario | Conflict resolution |
| ----- | ----- |
| You, the IT admin at Contoso Ltd., are using several Autopatch groups. While navigating through devices in the Windows Autopatch Devices blade, you notice that the same device is part of different deployment rings across several different Autopatch groups. This device appears as **Not ready**. | You must resolve this conflict.<p>Autopatch groups inform you about the device conflict in the [**Devices report**](../deploy/windows-autopatch-register-devices.md#devices-report). Select the **Not ready** status for the device you want to address. You're required to manually indicate which of the existing Autopatch groups the device should exclusively belong to.</p> |
| You, the IT admin at Contoso Ltd., are using several Autopatch groups. While navigating through devices in the Windows Autopatch Devices blade, you notice that the same device is part of different deployment rings across several different Autopatch groups. This device appears as **Not ready**. | You must resolve this conflict.<p>Autopatch groups inform you about the device conflict in the [**Autopatch groups membership report**](../deploy/windows-autopatch-register-devices.md#autopatch-groups-membership-report). Select the **Not ready** status for the device you want to address. You're required to manually indicate which of the existing Autopatch groups the device should exclusively belong to.</p> |
#### Device conflict before device registration

25
windows/deployment/windows-autopatch/manage/windows-autopatch-manage-driver-and-firmware-updates.md
View File

@ -1,7 +1,7 @@
---
title: Manage driver and firmware updates
description: This article explains how you can manage driver and firmware updates with Windows Autopatch
ms.date: 09/16/2024
ms.date: 03/31/2025
ms.service: windows-client
ms.subservice: autopatch
ms.topic: how-to
@ -21,8 +21,6 @@ You can manage driver and firmware profiles for Windows 10 and later devices. By
## Driver and firmware controls
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
You can manage and control your driver and firmware updates by:
- Controlling the flow of all drivers to an Autopatch group or rings within an Autopatch group
@ -33,9 +31,6 @@ You can manage and control your driver and firmware updates by:
The Autopatch service creates additional driver profiles on a per-deployment ring and per group basis within your tenant.
> [!NOTE]
> For more information about policies created for Driver updates for Windows 10 and later, see [Changes made at feature activation](../references/windows-autopatch-changes-made-at-feature-activation.md#driver-updates-for-windows-10-and-later).
Choosing between Automatic and Manual modes can be done per-deployment ring and/or per Autopatch group. For a single Autopatch group, a mix of both Automatic and Manual policies is allowed. If you were previously in Manual mode, we create Manual policies for all your group rings. If Automatic (the default) was previously used, we create Automatic policies instead.
> [!IMPORTANT]
@ -55,10 +50,16 @@ Choosing between Automatic and Manual modes can be done per-deployment ring and/
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Navigate to **Devices** > **Manage Updates** > **Windows Updates** > **Driver Updates** tab.
1. Select the groups youd like to modify. Find the Driver update settings section, then select Edit.
1. Set the policy to be **Automatic** or **Manual** for each deployment ring within the previously selected group.
1. If you select **Automatic**, you can choose a **Deferral period** in days from the dropdown menu.
2. If you select **Manual**, the deferral day setting cant be set and displays **Not applicable**.
1. Select the groups youd like to modify. Find the Deployment settings section, then select Edit.
1. Select **Next: Deployment settings**.
1. Choose **Use the same approval method for all deployment rings** or **Use different approval methods for each deployment ring**.
1. If you select **Use the same approval method for all deployment rings**, you must choose **Automatically approve** or **Manually review and approve**. All deployment rings use this setting.
1. If you select **Use different approval methods for each deployment ring**, you must choose **Automatically approve** or **Manually review and approve** for each deployment ring.
1. Select **Next: Release schedules**.
1. If you selected **Automatically approve**, under **Quality and driver updates**, you can choose a Driver update deferral for each policy or Driver updates. **Manually review and approve** policies are displayed as *Not applicable*.
1. Select **Edit** to the right of your deployment ring.
1. Find **Driver update deferrals** and select **Deferral period in days** from the dropdown menu.
1. Select **Save**.
1. Select **Review + Save** to review all changes made.
1. Once the review is done, select **Save** to commit your changes.
@ -79,7 +80,7 @@ The deferral period can be set from 0 to 30 days, and it can be different for ea
Recommended drivers are the best match for the 'required' driver updates that Windows Update can identify for a device. To be a recommended update, the OEM or driver publisher must mark the update as required and the update must be the most recent update version marked as required. These updates are the same ones available through Windows Update and are almost always the most current update version for a driver.
When an OEM releases a newer update version that qualifies to be the new recommended driver, it replaces the previous update as the recommended driver update. If the older update version is still applicable to a device in the policy, it's moved to the **Other drivers** tab. If the older version was previously approved, it remains approved.
When an OEM releases a newer update version that qualifies to be the new recommended driver, it replaces the previous update as the recommended driver update. If the older update version is still applicable to a device in the policy, it moves to the **Other drivers** tab. If the older version was previously approved, it remains approved.
##### Approve and deploy recommended drivers
@ -102,7 +103,7 @@ Extensions and Plug and play driver updates might not require admin approval.
| Driver update | Description |
| ----- | ----- |
| Extensions | Windows Autopatch doesn't manage extension drivers. They're easily identified by the term 'extension' in the name. Extensions are typically minor updates to a base driver package that can enhance, modify, or filter the functionality provided by the base driver. They play a crucial role in facilitating effective communication between the operating system and the hardware. If the device hasn't received drivers from Windows Update for some time, the device might have multiple extension drivers offered during the first scan. For more information, see [Why do my devices have driver updates installed that didn't pass through an updates policy?](/mem/intune/protect/windows-driver-updates-overview#why-do-my-devices-have-driver-updates-installed-that-didnt-pass-through-an-updates-policy). |
| Extensions | Windows Autopatch doesn't manage extension drivers. They're easily identified by the term 'extension' in the name. Extensions are typically minor updates to a base driver package that can enhance, modify, or filter the functionality provided by the base driver. They play a crucial role in facilitating effective communication between the operating system and the hardware. If the device doesn't receive drivers from Windows Update for some time, the device might have multiple extension drivers offered during the first scan. For more information, see [Why do my devices have driver updates installed that didn't pass through an updates policy?](/mem/intune/protect/windows-driver-updates-overview#why-do-my-devices-have-driver-updates-installed-that-didnt-pass-through-an-updates-policy). |
| Plug and play | When Windows detects a hardware or software component (such as, but not limited to, a mouse, keyboard, or webcam) without an existing driver, it automatically downloads and installs the latest driver to ensure the component functions properly to keep the end-user productive. After the initial installation, the driver becomes manageable. Any additional updates require approval before being offered to the device. |
### Other drivers and firmware

119
windows/deployment/windows-autopatch/manage/windows-autopatch-microsoft-365-apps-enterprise.md
View File

@ -1,7 +1,7 @@
---
title: Microsoft 365 Apps for enterprise
description: This article explains how Windows Autopatch manages Microsoft 365 Apps for enterprise updates
ms.date: 09/16/2024
ms.date: 03/31/2025
ms.service: windows-client
ms.subservice: autopatch
ms.topic: how-to
@ -17,8 +17,6 @@ ms.collection:
# Microsoft 365 Apps for enterprise
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
## Service level objective
> [!IMPORTANT]
@ -77,58 +75,77 @@ To ensure that users are receiving automatic updates, Windows Autopatch prevents
## Microsoft 365 Apps for enterprise update controls
Windows Autopatch doesn't allow you to pause or roll back an update in the Microsoft Intune admin center.
With the expanded Autopatch group capabilities, you can choose to turn on Microsoft 365 Apps updates on a per Autopatch group level. Depending on your tenant settings, one of the following scenarios occurs:
[Submit a support request](../manage/windows-autopatch-support-request.md) to the Windows Autopatch Service Engineering Team to pause or roll back an update when needed.
- Tenants that previously turned on Autopatch Microsoft 365 Apps update, has the Microsoft 365 Apps updates Update Type checkbox selected and have the updated policies applied to each Autopatch group.
- Tenants that previously turned off Autopatch Microsoft 365 Apps updates, or are new to Windows Autopatch, Autopatch Microsoft 365 Apps updates remain turned off.
If you [created an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group) and selected Microsoft 365 apps updates as a content type, the **Update Type** checkbox is **selected**, with new policies created, and any available old policies are removed. If you didnt select Microsoft 365 apps updates as a content type upon creating an Autopatch group, the **Update Type** checkbox is **unselected**. Any available customized policies are retained and appear in the **Policies** tab.
### Turn on Microsoft 365 Apps updates
**To turn on Microsoft 365 Apps updates:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Navigate to**Tenant Administration** >**Windows Autopatch** > **Autopatch groups**.
1. Select an Autopatch group to modify (repeat these steps for each group).
1. Next to **Update types**, select**Edit**.
1. Select**Microsoft 365 Apps updates**.
1. Select**Next: Deployment settings** > **Next: Release schedules** > **Next: Review + save** > **Save** to save these changes.
1. We recommend deleting old Autopatch default policies to avoid policy conflict. Navigate to**Devices** > **Manage devices** > **Configuration** > **Policies** tab.
1. Manually remove the following profiles related to Microsoft 365 Apps:
1. Windows Autopatch - Office Configuration
2. Windows Autopatch - Office Update Configuration [Test]
3. Windows Autopatch - Office Update Configuration [First]
4. Windows Autopatch - Office Update Configuration [Fast]
5. Windows Autopatch - Office Update Configuration [Broad]
> [!NOTE]
> If you previously selected **Microsoft 365 Apps updates** when [creating an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group), but your tenant isn't showing the new updates, theres a possibility that you previously modified the policy. To ensure there are no disruptions, the Autopatch Service retains that policy.
### Turn off Microsoft 365 Apps updates
**To turn off Microsoft 365 Apps updates:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Navigate to**Tenant Administration** >**Windows Autopatch** > **Autopatch groups**.
1. Select an Autopatch group to modify (repeat these steps for each group).
1. Next to **Update types**, select**Edit**.
1. Unselect**Microsoft 365 Apps updates**.
1. Select**Next: Deployment settings** > **Next: Release schedules** > **Next: Review + save** > **Save** to save these changes.
### Verify Microsoft 365 Apps updates policies
**To verify Microsoft 365 Apps updates policies:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Navigate to**Tenant Administration** >**Windows Autopatch** > **Autopatch groups**.
1. Verify each Autopatch group has the **Microsoft 365 Apps Update Type** checkbox **selected**.
1. Navigate to**Devices** > **Manage devices** > **Configuration** > **Policies** tab.
1. The following new policies should be discoverable from the list of profiles:
1. `"Windows Autopatch Microsoft 365 Update Policy - <group name> - <ring name>"`
1. The following profiles should be removed from your list of profiles and no longer visible/active. Use the Search with the keywords "Office Configuration". The result should return *0 profiles filtered*.
1. Windows Autopatch - Office Configuration
2. Windows Autopatch - Office Update Configuration [Test]
3. Windows Autopatch - Office Update Configuration [First]
4. Windows Autopatch - Office Update Configuration [Fast]
5. Windows Autopatch - Office Update Configuration [Broad]
### Verify Microsoft 365 Apps updates policies are created
**To verify Microsoft 365 Apps updates policies are created:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Navigate to**Devices** >**Manage devices** > **Configuration** > **Policies**.
1. Confirm the new policies are named:`"Windows Autopatch Microsoft 365 Update Policy - <group name> - <ring name>"`
### Roll back a Microsoft 365 App update
Windows Autopatch doesn't allow you to pause or roll back an update in the Microsoft Intune admin center.
> [!NOTE]
> Updates are bundled together into a single release in the [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview). Therefore, we can't roll back only a portion of the update for Microsoft 365 Apps for enterprise.
## Allow or block Microsoft 365 App updates
> [!IMPORTANT]
> You must be an Intune Administrator to make changes to the setting.
For organizations seeking greater control, you can allow or block Microsoft 365 App updates for Windows Autopatch-enrolled devices.
| Microsoft 365 App setting | Description |
| ----- | ----- |
| **Allow** | When set to **Allow**, Windows Autopatch moves all Autopatch managed devices to the [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview) and manages updates automatically. To manage updates manually, set the Microsoft 365 App update setting to **Block**. |
| **Block** | When set to **Block**, Windows Autopatch doesn't provide Microsoft 365 App updates on your behalf, and your organizations have full control over these updates. You can continue to receive updates from [channels](/deployoffice/overview-update-channels) other than the default [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview). |
**To allow or block Microsoft 365 App updates:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Navigate to the **Tenant administration** > **Windows Autopatch** > **Autopatch groups** > **Update settings**.
3. Go to the **Microsoft 365 apps updates** section. By default, the **Allow/Block** toggle is set to **Block**.
4. Turn off the **Allow** toggle to opt out of Microsoft 365 App update policies. You see the notification: *Update in process. This setting will be unavailable until the update is complete.*
5. Once the update is complete, you receive the notification: *This setting is updated.*
> [!NOTE]
> If the notification: *This setting couldn't be updated. Please try again or submit a support request.* appears, use the following steps:<ol><li>Refresh your page.</li><li>Please repeat the same steps in To block Microsoft 365 apps updates.</li><li>If the issue persists, [submit a support request](../manage/windows-autopatch-support-request.md).</li>
**To verify if the Microsoft 365 App update setting is set to Allow:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Navigate to **Devices** > **Configuration profiles** > **Profiles**.
3. The following profiles should be discoverable from the list of profiles:
1. Windows Autopatch - Office Configuration
2. Windows Autopatch - Office Update Configuration [Test]
3. Windows Autopatch - Office Update Configuration [First]
4. Windows Autopatch - Office Update Configuration [Fast]
5. Windows Autopatch - Office Update Configuration [Broad]
**To verify if the Microsoft 365 App update setting is set to Block:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Navigate to **Devices** > **Configuration profiles** > **Profiles**.
3. The following profiles should be removed from your list of profiles and no longer visible/active. Use the Search with the keywords "Office Configuration". The result should return *0 profiles filtered*.
1. Windows Autopatch - Office Configuration
2. Windows Autopatch - Office Update Configuration [Test]
3. Windows Autopatch - Office Update Configuration [First]
4. Windows Autopatch - Office Update Configuration [Fast]
5. Windows Autopatch - Office Update Configuration [Broad]
## Compatibility with Servicing Profiles
[Servicing profiles](/deployoffice/admincenter/servicing-profile) is a feature in the [Microsoft 365 Apps admin center](https://config.office.com/) that provides controlled update management of monthly Office updates, including controls for user and device targeting, scheduling, rollback, and reporting.
@ -137,4 +154,4 @@ A [service profile](/deployoffice/admincenter/servicing-profile#compatibility-wi
## Incidents and outages
If you're experiencing issues related to Microsoft 365 Apps for enterprise updates, [submit a support request](../manage/windows-autopatch-support-request.md).
If you're experiencing issues related to Microsoft 365 Apps for enterprise updates, [submit a support request](../manage/windows-autopatch-support-request.md). You can only submit a support request if you have E3+ or F licenses. For more information, see [Features and capabilities](../overview/windows-autopatch-overview.md#features-and-capabilities)

4
windows/deployment/windows-autopatch/manage/windows-autopatch-microsoft-365-policies.md
View File

@ -1,7 +1,7 @@
---
title: Microsoft 365 Apps for enterprise update policies
description: This article explains the Microsoft 365 Apps for enterprise policies in Windows Autopatch
ms.date: 09/16/2024
ms.date: 03/31/2025
ms.service: windows-client
ms.subservice: autopatch
ms.topic: concept-article
@ -16,8 +16,6 @@ ms.collection:
# Microsoft 365 Apps for enterprise update policies
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
## Conflicting and unsupported policies
Deploying any of the following policies to a managed device makes that device ineligible for management since the device prevents us from delivering the service as designed.

7
windows/deployment/windows-autopatch/manage/windows-autopatch-release-schedule.md
View File

@ -1,7 +1,7 @@
---
title: Manage the release schedule
description: How to manage the release schedule
ms.date: 09/16/2024
ms.date: 03/31/2025
ms.service: windows-client
ms.subservice: autopatch
ms.topic: how-to
@ -17,8 +17,6 @@ ms.collection:
# Manage the Release schedule
[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
Windows Autopatch provides a unique update experience and a single view for all your current quality, feature, and driver and firmware releases. This view:
- Consolidates all your applicable policies into a view consolidated by releases
@ -30,6 +28,3 @@ When you select a release, Windows Autopatch provides a list view of associated
- percentage complete
These metrics are a summary of the individual workload views that should be used to manage your updates.
> [!NOTE]
> **The device count metric is only available if you have Windows Enterprise E3+ or F3 licenses (included in Microsoft 365 F3, E3, or E5) licenses and have [activated Windows Autopatch features](../overview/windows-autopatch-overview.md#windows-enterprise-e3-and-f3-licenses).**<p>[Feature activation](../prepare/windows-autopatch-feature-activation.md) is optional and at no additional cost to you if you have Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) licenses.</p><p>For more information, see [Licenses and entitlements](../prepare/windows-autopatch-prerequisites.md#licenses-and-entitlements). If you choose not to go through feature activation, you can still use the Windows Autopatch service for the features included in [Business premium and A3+ licenses](../overview/windows-autopatch-overview.md#business-premium-and-a3-licenses).</p>

49
windows/deployment/windows-autopatch/manage/windows-autopatch-support-request.md
View File

@ -1,7 +1,7 @@
---
title: Submit a support request
description: Details how to contact the Windows Autopatch Service Engineering Team and submit support requests
ms.date: 09/16/2024
ms.date: 3/31/2025
ms.service: windows-client
ms.subservice: autopatch
ms.topic: how-to
@ -17,25 +17,20 @@ ms.collection:
# Submit a support request
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
> [!IMPORTANT]
> Make sure you've [added and verified your admin contacts](../deploy/windows-autopatch-admin-contacts.md). The Windows Autopatch Service Engineering Team will contact these individuals for assistance with remediating issues.
## Submit a new support request
Support requests are triaged and responded to as they're received.
**To submit a new support request:**
1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to the **Tenant administration** menu.
1. In the **Windows Autopatch** section, select **Support requests**.
1. In the **Support requests** section, select **+ New support request**.
1. Enter your questions and/or a description of the problem.
1. Review all the information you provided for accuracy.
1. When you're ready, select **Create**.
1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to **Troubleshooting + support**.
1. In the **Troubleshooting + support** section, select **Help and support**.
1. In the **Help and support** section, select **Windows Autopatch**.
1. In the **Help** section, enter your questions and/or a description of the issue.
1. Review the links that are provided to try to help with the issue.
1. If the answers that were given don't help you resolve the issue, select **Contact support** at the bottom of the page.
1. Follow the instructions to file a support request with Windows Autopatch. Make sure you provide the correct primary contact information for this specific support ticket.
1. When you're ready, select **Contact me**.
### Premier and Unified support options
## Premier and Unified support options
If you have a **Premier** or **Unified** support contract, when you submit a new request, or edit an active support request, you can:
@ -59,25 +54,11 @@ You can see the summary status of all your support requests. At any time, you ca
**To view all your active support requests:**
1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to the **Tenant Administration** menu.
1. In the **Windows Autopatch** section, select **Support request**.
1. From this view, you can export the summary view or select any case to view the details.
## Edit support request details
You can edit support request details, for example, updating the primary case contact.
**To edit support request details:**
1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to the **Tenant Administration** menu.
1. In the **Windows Autopatch** section, select **Support request**.
1. In the **Support requests** section, use the search bar or filters to find the case you want to edit.
1. Select the case to open the request's details.
1. Scroll to the bottom of the request details and select **Edit**.
1. Update the editable information, add attachments to the case, or add a note for the Windows Autopatch Service Engineering Team.
1. Select **Save**.
Once a support request is mitigated, it can no longer be edited. If a request was mitigated in less than 24 hours, you can reactivate instead of edit. Once reactivated, you can again edit the request.
1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to **Troubleshooting + support**.
1. In the **Troubleshooting + support** section, select **Help and support**.
1. In the **Help and support** section, select **Windows Autopatch**.
1. Under **Windows Autopatch**, select **Support History** to view all filed support requests.
1. Once a support request is mitigated, a survey appears. Using the survey, the primary contact can rate their experience.
## Microsoft FastTrack

4
windows/deployment/windows-autopatch/manage/windows-autopatch-teams.md
View File

@ -1,7 +1,7 @@
---
title: Microsoft Teams
description: This article explains how Microsoft Teams updates are managed in Windows Autopatch
ms.date: 09/16/2024
ms.date: 03/31/2025
ms.service: windows-client
ms.subservice: autopatch
ms.topic: how-to
@ -17,8 +17,6 @@ ms.collection:
# Microsoft Teams
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
Windows Autopatch uses the [standard automatic update channel](/microsoftteams/teams-client-update#can-admins-deploy-updates-instead-of-teams-auto-updating) for Microsoft Teams.
## Device eligibility

2
windows/deployment/windows-autopatch/manage/windows-autopatch-troubleshoot-programmatic-controls.md
View File

@ -14,7 +14,7 @@ ms.localizationpriority: medium
appliesto:
-<a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-<a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
ms.date: 09/16/2024
ms.date: 03/31/2025
---
# Troubleshoot programmatic controls

50
windows/deployment/windows-autopatch/manage/windows-autopatch-update-rings.md
View File

@ -1,7 +1,7 @@
---
title: Manage Update rings
description: How to manage update rings
ms.date: 12/10/2024
ms.date: 03/31/2025
ms.service: windows-client
ms.subservice: autopatch
ms.topic: how-to
@ -17,52 +17,4 @@ ms.collection:
# Manage Update rings
[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
You can manage Update rings for Windows 10 and later devices with Windows Autopatch. Using Update rings, you can control when and how updates are installed on your devices. For more information, see [Configure Update rings for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-update-rings).
## Import Update rings for Windows 10 and later
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
You can import your organizations existing Intune Update rings for Windows 10 and later into Windows Autopatch. Importing your organizations Update rings provides the benefits of the Windows Autopatch's reporting and device readiness without the need to redeploy, or change your organizations existing update rings.
Imported rings automatically register all targeted devices into Windows Autopatch. For more information about device registration, see the [device registration workflow diagram](../deploy/windows-autopatch-register-devices.md#detailed-device-registration-workflow-diagram).
> [!NOTE]
> Devices which are registered as part of an imported ring, might take up to 72 hours after the devices have received the latest version of the policy, to be reflected in Windows Autopatch devices blade and reporting. For more information about reporting, see [Windows quality and feature update reports overview](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md).
> [!NOTE]
> Device registration failures don't affect your existing update schedule or targeting. However, devices that fail to register might affect Windows Autopatch's ability to provide reporting and insights. Any conflicts should be resolved as needed. For additional assistance, [submit a support request](../manage/windows-autopatch-support-request.md).
### To import Update rings for Windows 10 and later
**To import Update rings for Windows 10 and later:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Select **Devices** from the left navigation menu.
3. Under the **Manage updates** section, select **Windows updates**.
4. In the **Windows updates** blade, go to the **Update rings** tab.
5. Select **Enroll policies**. **This step only applies if you've gone through [feature activation](../prepare/windows-autopatch-feature-activation.md)**.
6. Select the existing rings you would like to import.
7. Select **Import**.
### Remove an imported Update ring for Windows 10 and later
**To remove an Imported Update rings for Windows 10 and later:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Select **Devices** from the left navigation menu.
3. Under the **Manage updates** section, select **Windows updates**.
4. In the **Windows updates** blade, go to the **Update rings**.
5. Select the Update rings for Windows 10 and later you would like to remove.
6. Select the **horizontal ellipses (...)** and select **Remove**.
### Known limitations
The following Windows Autopatch features aren't available with imported Intune Update rings:
- [Autopatch groups](../deploy/windows-autopatch-groups-overview.md) and [features dependent on Autopatch groups](../deploy/windows-autopatch-groups-overview.md#supported-configurations)
- [Moving devices in between deployment ringsin devices](../deploy/windows-autopatch-register-devices.md#move-devices-in-between-deployment-rings)
- [Automated deployment ring remediation functions](../deploy/windows-autopatch-device-registration-overview.md#automated-deployment-ring-remediation-functions)
- [Policy health and remediation](../monitor/windows-autopatch-policy-health-and-remediation.md)

34
windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-overview.md
View File

@ -1,7 +1,7 @@
---
title: Windows feature updates overview
description: This article explains how Windows feature updates are managed
ms.date: 11/20/2024
ms.date: 03/31/2025
ms.service: windows-client
ms.subservice: autopatch
ms.topic: overview
@ -17,8 +17,6 @@ ms.collection:
# Windows feature update
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
Windows Autopatch provides tools to assist with the controlled roll out of annual Windows feature updates. These policies provide tools to allow version targeting, phased releases, and even Windows 10 to Windows 11 update options. For more information about how to configure feature update profiles, see [Feature updates for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-feature-updates).
> [!IMPORTANT]
@ -47,7 +45,7 @@ The release statuses are described in the following table:
A phase is made of one or more [Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#autopatch-group-deployment-rings). Each phase reports its status to its release.
> [!IMPORTANT]
> The determining factor that makes a phase status transition from **Scheduled** to **Active** is when the service automatically creates the Windows feature update policy for each Autopatch group deployment ring. Additionally, the phase status transition from **Active** to **Inactive** occurs when Windows feature update policies are unassigned from the Autopatch groups that belong to a phase. This can happen when an Autopatch group and its deployment rings are re-used as part of a new release.
> The determining factor that makes a phase status transition from **Scheduled** to **Active** is when the service automatically creates the Windows feature update policy for each Autopatch group deployment ring. Additionally, the phase status transition from **Active** to **Inactive** occurs when Windows feature update policies are unassigned from the Autopatch groups that belong to a phase. This can happen when an Autopatch group and its deployment rings are reused as part of a new release.
| Phase status | Definition |
| ----- | ----- |
@ -59,7 +57,21 @@ A phase is made of one or more [Autopatch group deployment rings](../deploy/wind
#### Phase policy configuration
For more information about Windows feature update policies that are created for phases within a release, see [Windows feature update policies](../manage/windows-autopatch-windows-feature-update-policies.md).
Windows Autopatch creates one Windows feature update policy per phase using the following naming convention:
**`Windows Autopatch - DSS policy - <Release Name> - Phase <Phase Number>`**
These policies can be viewed in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
The following table is an example of the Windows feature update policies that were created for phases within a release:
| Policy name | Feature update version | Rollout options| Day between groups | Support end date |
| ----- | ----- | ----- | ----- | ----- |
| Windows Autopatch - DSS Policy - My feature update release - Phase 1 | Windows 10 22H2 | Make update available as soon as possible| N/A | October 14, 2025 |
| Windows Autopatch - DSS Policy - My feature update release - Phase 2 | Windows 10 22H2 | Make update available as soon as possible | 7 | October 14, 2025 |
| Windows Autopatch - DSS Policy - My feature update release - Phase 3 | Windows 10 22H2 | Make update available as soon as possible | 7 | October 14, 2025 |
| Windows Autopatch - DSS Policy - My feature update release - Phase 4 | Windows 10 22H2 | Make update available as soon as possible | 7 | October 14, 2025 |
| Windows Autopatch - DSS Policy - My feature update release - Phase 5 | Windows 10 22H2 | Make update available as soon as possible | 7 | October 14, 2025 |
## Create a custom release
@ -105,7 +117,7 @@ For more information about Windows feature update policies that are created for
## Cancel a release
> [!IMPORTANT]
> You can only cancel a release under the **Scheduled** status. You cannot cancel a release under the **Active**, **Inactive, or **Paused** statuses.
> You can only cancel a release under the **Scheduled** status. You can't cancel a release under the **Active**, **Inactive, or **Paused** statuses.
**To cancel a release:**
@ -121,18 +133,12 @@ For more information about Windows feature update policies that are created for
## Pause and resume a release
> [!IMPORTANT]
> **Due to a recent change, we have identified an issue that prevents the Paused and Pause status columns from being displayed** in reporting. Until a fix is deployed, **you must keep track of your paused releases so you can resume them at a later date**. The team is actively working on resolving this issue and we'll provide an update when a fix is deployed.
> [!IMPORTANT]
> **Pausing or resuming an update can take up to eight hours to be applied to devices**. Windows Autopatch uses Microsoft Intune as its device management solution and that's the average frequency Windows devices take to communicate back to Microsoft Intune with new instructions to pause, resume or rollback updates. For more information, see[how long does it take for devices to get a policy, profile, or app after they are assigned from Microsoft Intune](/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).
> **Pausing or resuming an update can take up to eight hours to be applied to devices**. Windows Autopatch uses Microsoft Intune as its device management solution and that's the average frequency Windows devices take to communicate back to Microsoft Intune with new instructions to pause, resume, or rollback updates. For more information, see[how long does it take for devices to get a policy, profile, or app after they're assigned from Microsoft Intune](/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).
**To pause and resume a release:**
> [!IMPORTANT]
> **You can only pause an Autopatch group if you have Windows Enterprise E3+ or F3 licenses (included in Microsoft 365 F3, E3, or E5) licenses and have [activated Windows Autopatch features](../overview/windows-autopatch-overview.md#windows-enterprise-e3-and-f3-licenses).**<p>[Feature activation](../prepare/windows-autopatch-feature-activation.md) is optional and at no additional cost to you if you have Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) licenses.</p><p>For more information, see [Licenses and entitlements](../prepare/windows-autopatch-prerequisites.md#licenses-and-entitlements). If you choose not to go through feature activation, you can still use the Windows Autopatch service for the features included in [Business premium and A3+ licenses](../overview/windows-autopatch-overview.md#business-premium-and-a3-licenses).</p>
> [!NOTE]
> If you pause an update, the specified release has the **Paused** status. The Windows Autopatch service can't overwrite IT admin's pause. You must select**Resume**to resume the update. [The **Paused by Service Pause** status **only** applies to Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md#pause-and-resume-a-release). Windows Autopatch doesn't pause Windows feature updates on your behalf.
> If you pause an update, the specified release has the **Paused** status. You must select**Resume**to resume the update.
1. Go to the[Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Select**Devices**from the left navigation menu.

4
windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-programmatic-controls.md
View File

@ -14,13 +14,11 @@ ms.localizationpriority: medium
appliesto:
-<a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-<a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
ms.date: 09/24/2024
ms.date: 03/31/2025
---
# Programmatic controls for Windows feature updates
[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
<!--7512398-->
Windows Autopatch programmatic controls are used to approve and schedule software updates through [Microsoft Graph API](/graph/use-the-api). You can call the API directly, through a [Graph SDK](/graph/sdks/sdks-overview), or integrate them with a management tool such as [Microsoft Intune](/mem/intune).

4
windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-end-user-exp.md
View File

@ -1,7 +1,7 @@
---
title: Windows quality update end user experience
description: This article explains the Windows quality update end user experience
ms.date: 11/04/2024
ms.date: 03/31/2025
ms.service: windows-client
ms.subservice: autopatch
ms.topic: article
@ -17,8 +17,6 @@ ms.collection:
# Windows quality update end user experience
[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
## User notifications
In this section we review what an end user would see in the following three scenarios:

34
windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-overview.md
View File

@ -1,7 +1,7 @@
---
title: Windows quality updates overview
description: This article explains how Windows quality updates are managed
ms.date: 11/20/2024
ms.date: 03/31/2025
ms.service: windows-client
ms.subservice: autopatch
ms.topic: article
@ -23,14 +23,10 @@ For more information about how to expedite quality update for Windows 10 or late
## Service level objective
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
Windows Autopatch aims to keep at least 95% of [Up to Date devices](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) on the latest quality update. Autopatch uses the previously defined release schedule on a per ring basis with a five-day reporting period to calculate and evaluate the service level objective (SLO). The result of the service level objective is the column "% with the latest quality update" displayed in the Windows updates blade and reporting.
## Service level objective calculation
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
There are two states a device can be in when calculating the service level objective (SLO):
- Devices that are active during the release
@ -56,30 +52,15 @@ The service level objective for each of these states is calculated as:
> [!IMPORTANT]
> Windows Autopatch supports registering [Windows 10 and Windows 11 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/overview) devices that are being currently serviced by the [Windows 10 LTSC](/windows/release-health/release-information) or [Windows 11 LTSC](/windows/release-health/windows11-release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use [LTSC media](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) or the [Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager) for Windows devices that are part of the LTSC.
## Out of Band releases
[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
Windows Autopatch schedules and deploys required Out of Band (OOB) updates released outside of the normal schedule.
For the deployment rings that pass quality updates deferral date, the OOB release schedule is expedited and deployed on the same day. For the deployment rings that have deferral upcoming, OOBs are released as per the specified deferral dates.
## Pause and resume a release
> [!IMPORTANT]
> **Due to a recent change, we have identified an issue that prevents the Paused and Pause status columns from being displayed** in reporting. Until a fix is deployed, **you must keep track of your paused releases so you can resume them at a later date**. The team is actively working on resolving this issue and we'll provide an update when a fix is deployed.
The service-level pause is driven by the various software update deployment-related signals. Windows Autopatch receives from Windows Update for Business, and several other product groups within Microsoft.
If Windows Autopatch detects a significant issue with a release, we might decide to pause that release.
> [!IMPORTANT]
> **Pausing or resuming an update can take up to eight hours to be applied to devices**. Windows Autopatch uses Microsoft Intune as its device management solution and that's the average frequency Windows devices take to communicate back to Microsoft Intune with new instructions to pause, resume or rollback updates.<p>For more information, see [how long does it take for devices to get a policy, profile, or app after they are assigned from Microsoft Intune](/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).</p>
**To pause and resume a release:**
> [!IMPORTANT]
> **You can only pause an Autopatch group if you have Windows Enterprise E3+ or F3 licenses (included in Microsoft 365 F3, E3, or E5) licenses and have [activated Windows Autopatch features](../overview/windows-autopatch-overview.md#windows-enterprise-e3-and-f3-licenses).**<p>[Feature activation](../prepare/windows-autopatch-feature-activation.md) is optional and at no additional cost to you if you have Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) licenses.</p><p>For more information, see [Licenses and entitlements](../prepare/windows-autopatch-prerequisites.md#licenses-and-entitlements). If you choose not to go through feature activation, you can still use the Windows Autopatch service for the features included in [Business premium and A3+ licenses](../overview/windows-autopatch-overview.md#business-premium-and-a3-licenses).</p>
> [!NOTE]
> If you pause an update, the specified release has the **Paused** status. You must select**Resume**to resume the update.
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Select **Devices** from the left navigation menu.
@ -89,15 +70,6 @@ If Windows Autopatch detects a significant issue with a release, we might decide
1. If you're resuming an update, you can select one or more Autopatch groups or deployment rings.
1. Select **Pause or Resume deployment**.
The following statuses are associated with paused quality updates:
| Status | Description |
| ----- | ------ |
| Paused by Service | If the Windows Autopatch service paused an update, the release has the **Paused by Service** status. The **Paused by Service** status only applies to rings that aren't Paused by the Tenant. |
| Paused by Tenant | If you paused an update, the release has the **Paused by Tenant** status. The Windows Autopatch service can't overwrite a tenant pause. You must select **Resume** to resume the update. |
## Remediating Not ready and/or Not up to Date devices
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
To ensure your devices receive Windows quality updates, Windows Autopatch provides information on how you can [remediate Windows Autopatch device alerts](../monitor/windows-autopatch-device-alerts.md).

2
windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-programmatic-controls.md
View File

@ -14,7 +14,7 @@ ms.localizationpriority: medium
appliesto:
-<a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-<a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
ms.date: 12/10/2024
ms.date: 03/31/2025
---
# Programmatic controls for expedited Windows quality updates

4
windows/deployment/windows-autopatch/manage/windows-autopatch-windows-update-policies.md
View File

@ -1,7 +1,7 @@
---
title: Windows quality update policies
description: This article explains Windows quality update policies in Windows Autopatch
ms.date: 09/16/2024
ms.date: 03/31/2025
ms.service: windows-client
ms.subservice: autopatch
ms.topic: concept-article
@ -16,8 +16,6 @@ ms.collection:
# Windows quality update policies
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
## Conflicting and unsupported policies
Deploying any of the following policies to a Windows Autopatch device makes that device ineligible for management since the device prevents us from delivering the service as designed.