mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-19 04:13:41 +00:00
Autopatch NFA release
This commit is contained in:
tiaraquan
@ -4,7 +4,7 @@ metadata:
|
||||
description: Answers to frequently asked questions about Windows Autopatch.
|
||||
ms.service: windows-client
|
||||
ms.topic: faq
|
||||
ms.date: 09/16/2024
|
||||
ms.date: 03/31/2025
|
||||
audience: itpro
|
||||
ms.localizationpriority: medium
|
||||
manager: aaroncz
|
||||
@ -17,9 +17,6 @@ summary: This article answers frequently asked questions about Windows Autopatch
|
||||
sections:
|
||||
- name: General
|
||||
questions:
|
||||
- question: What is the difference between Windows Update for Business and Windows Autopatch?
|
||||
answer: |
|
||||
Windows Autopatch is a service that removes the need for organizations to plan and operate the update process. Windows Autopatch moves the burden from your IT to Microsoft. Windows Autopatch uses [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb) and other service components to update devices. Both are part of [Windows Enterprise E3+ and F3](../prepare/windows-autopatch-prerequisites.md#more-about-licenses).
|
||||
- question: Is Windows 365 for Enterprise supported with Windows Autopatch?
|
||||
answer: |
|
||||
Windows Autopatch supports Windows 365 for Enterprise. Windows 365 for Business isn't supported.
|
||||
@ -28,7 +25,7 @@ sections:
|
||||
Windows Autopatch doesn't support local (on-premises) domain join. Windows Autopatch supports [Microsoft Hybrid Entra join](/entra/identity/devices/concept-hybrid-join) or [Microsoft Entra join](/entra/identity/devices/concept-directory-join).
|
||||
- question: Will Windows Autopatch be available for state and local government customers?
|
||||
answer: |
|
||||
Windows Autopatch is available for all Windows E3 customers using Azure commercial cloud. However, Autopatch isn't currently supported for government cloud (GCC) customers. Although Windows 365 Enterprise is in the Azure Commercial cloud, when Windows 365 Enterprise is used with a GCC customer tenant, Autopatch is not supported.
|
||||
Windows Autopatch isn't currently supported for government cloud (GCC) customers. Although Windows 365 Enterprise is in the Azure Commercial cloud, when Windows 365 Enterprise is used with a GCC customer tenant, Autopatch is not supported.
|
||||
- question: How do I access Windows Autopatch?
|
||||
answer: |
|
||||
You can access Windows Autopatch through Intune. For more information, see [Start using Windows Autopatch](../prepare/windows-autopatch-feature-activation.md#use-microsoft-intune-for-windows-autopatch) and [Prerequisites](../prepare/windows-autopatch-prerequisites.md) to ensure you meet the licensing requirements to activate all [Windows Autopatch features](../overview/windows-autopatch-overview.md#windows-enterprise-e3-and-f3-licenses).
|
||||
@ -36,14 +33,10 @@ sections:
|
||||
questions:
|
||||
- question: What are the licensing requirements for Windows Autopatch?
|
||||
answer: |
|
||||
Business Premium and A3+ licenses include:
|
||||
- Microsoft 365 Business Premium (for more information on available licenses, see Microsoft 365 licensing)
|
||||
- Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
|
||||
- Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
|
||||
- Windows 10/11 Enterprise E3 or E5 VDA
|
||||
To [activate all Windows Autopatch features](../overview/windows-autopatch-overview.md#features-and-capabilities), you must have Windows 10/11 Enterprise E3+ or F3 (included in Microsoft 365 F3, E3, or E5) licenses. [Feature activation](../prepare/windows-autopatch-feature-activation.md) is optional and at no additional cost to you when you have Windows 10/11 Enterprise E3+ or F3 licenses. For more information, see [Licenses and entitlements](../prepare/windows-autopatch-prerequisites.md#licenses-and-entitlements). The following licenses provide access to the Windows Autopatch features included in Business premium and A3+ licenses and its additional features after you activate Windows Autopatch features:
|
||||
- Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
|
||||
- Windows 10/11 Enterprise E3 or E5 VDA
|
||||
- question: What are the prerequisites for Windows Autopatch?
|
||||
answer: |
|
||||
- [Microsoft Entra ID](/mem/configmgr/comanage/overview#microsoft-entra-id)(for co-management)
|
||||
@ -57,7 +50,7 @@ sections:
|
||||
- [Switch workloads for device configuration, Windows Update and Microsoft 365 Apps from Configuration Manager to Intune](/mem/configmgr/comanage/how-to-switch-workloads) (minimum Pilot Intune. Pilot collection must contain the devices you want to register into Autopatch.)
|
||||
- question: What are the Intune permissions needed to operate Windows Autopatch?
|
||||
answer: |
|
||||
You must use the Microsoft Entra Global Administrator role to activate Windows Autopatch features. For registering devices, managing update deployment and reporting tasks, use the Intune Service Administrator role. For more information, see [Built-in roles for device registration](../deploy/windows-autopatch-device-registration-overview.md#built-in-roles-required-for-device-registration).
|
||||
For registering devices, managing update deployment and reporting tasks, use the Intune Service Administrator role. For more information, see [Built-in roles for device registration](../deploy/windows-autopatch-device-registration-overview.md#built-in-roles-required-for-device-registration).
|
||||
- question: Are there hardware requirements for Windows Autopatch?
|
||||
answer: |
|
||||
No, Windows Autopatch doesn't require any specific hardware. However, general hardware requirements for updates are still applicable. For example, to deliver Windows 11 to your Autopatch devices they must meet [specific hardware requirements](/windows/whats-new/windows-11-requirements). Windows devices must be supported by your hardware OEM.
|
||||
@ -65,7 +58,7 @@ sections:
|
||||
questions:
|
||||
- question: Who can register devices into Windows Autopatch?
|
||||
answer: |
|
||||
You can only register devices into Windows Autopatch if you have E3+ or F3 licenses and have [activated Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md). For more information, see [Features and capabilities](../overview/windows-autopatch-overview.md#features-and-capabilities).
|
||||
If you have Business Premium, A3+, E3+ and F3 licenses, you can register devices into Windows Autopatch. For more information, see [Features and capabilities](../overview/windows-autopatch-overview.md#features-and-capabilities).
|
||||
- question: Does Autopatch on Windows 365 Cloud PCs have any feature difference from a physical device?
|
||||
answer: |
|
||||
No, Windows 365 Enterprise Cloud PC's support all features of Windows Autopatch. For more information, see [Virtual devices](../deploy/windows-autopatch-register-devices.md#windows-autopatch-on-azure-virtual-desktop-workloads).
|
||||
@ -77,15 +70,15 @@ sections:
|
||||
No. Autopatch is only available on enterprise workloads. For more information, see [Windows Autopatch on Windows 365 Enterprise Workloads](../deploy/windows-autopatch-register-devices.md#windows-autopatch-on-windows-365-enterprise-workloads).
|
||||
- question: Can you change the policies and configurations created by Windows Autopatch?
|
||||
answer: |
|
||||
No. Don't change, edit, add to, or remove any of the configurations. Doing so might cause unintended configuration conflicts and impact the Windows Autopatch service. For more information about policies and configurations, see [Changes made at feature activation](../references/windows-autopatch-changes-made-at-feature-activation.md).
|
||||
No. Don't change, edit, add to, or remove any of the configurations. Doing so might cause unintended configuration conflicts and impact the Windows Autopatch service.
|
||||
- question: How can I represent our organizational structure with our own deployment cadence?
|
||||
answer: |
|
||||
[Windows Autopatch groups](../deploy/windows-autopatch-groups-overview.md) helps you manage updates in a way that makes sense for your businesses. For more information, see [Windows Autopatch groups overview](../deploy/windows-autopatch-groups-overview.md) and [Manage Windows Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md).
|
||||
- name: Manage updates
|
||||
questions:
|
||||
- question: Who can manage updates with activated Windows Autopatch features?
|
||||
- question: Who can manage updates with Windows Autopatch?
|
||||
answer: |
|
||||
This only applies if you have E3+ or F3 licenses and have activated Windows Autopatch features. For more information, see [Features and capabilities](../overview/windows-autopatch-overview.md#features-and-capabilities).
|
||||
Business Premium, A3+, E3+ and F3 licenses can manage updates with Windows Autopatch. For more information, see [Features and capabilities](../overview/windows-autopatch-overview.md#features-and-capabilities).
|
||||
- question: What systems does Windows Autopatch update?
|
||||
answer: |
|
||||
- Windows 10/11 quality updates: Windows Autopatch manages all aspects of deployment rings.
|
||||
@ -101,26 +94,11 @@ sections:
|
||||
Autopatch relies on the following capabilities to help resolve update issues:
|
||||
- Pausing and resuming: For more information about pausing and resuming updates, see [pausing and resuming Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md#pause-and-resume-a-release).
|
||||
- Rollback: For more information about Microsoft 365 Apps for enterprise, see [Update controls for Microsoft 365 Apps for enterprise](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#microsoft-365-apps-for-enterprise-update-controls).
|
||||
- question: Can I permanently pause a Windows feature update deployment?
|
||||
- question: Can I configure when to move to the next ring or is it controlled by Windows Autopatch?
|
||||
answer: |
|
||||
Yes. Windows Autopatch provides a [permanent pause of a feature update deployment](../manage/windows-autopatch-windows-feature-update-overview.md#pause-and-resume-a-release).
|
||||
- question: Will Windows quality updates be released more quickly after vulnerabilities are identified, or what is the regular cadence of updates?
|
||||
answer: |
|
||||
For zero-day threats, Autopatch will have an [Out of Band release](../manage/windows-autopatch-windows-quality-update-overview.md#out-of-band-releases). For normal updates Autopatch, uses a [regular release cadence](../manage/windows-autopatch-windows-quality-update-overview.md) starting with devices in the Test ring and completing with general rollout to the Broad ring.
|
||||
- question: Can customers configure when to move to the next ring or is it controlled by Windows Autopatch?
|
||||
answer: |
|
||||
The decision of when to move to the next ring is handled by Windows Autopatch; it isn't customer configurable.
|
||||
- question: Does Autopatch support include and exclude groups, or dynamic groups to define deployment ring membership?
|
||||
answer: |
|
||||
Windows Autopatch doesn't support managing update deployment ring membership using your Microsoft Entra groups. For more information, see [Move devices in between deployment rings](../deploy/windows-autopatch-register-devices.md#move-devices-in-between-deployment-rings).
|
||||
- question: Does Autopatch have two release cadences per update or are there two release cadences per-ring?
|
||||
answer: |
|
||||
The release cadences are defined based on the update type. For example, a [regular cadence](../manage/windows-autopatch-windows-quality-update-overview.md) (for a Windows quality update would be a gradual rollout from the Test ring to the Broad ring over 14 days whereas an [Out of Band release](../manage/windows-autopatch-windows-quality-update-overview.md#out-of-band-releases) would roll out more rapidly.
|
||||
You're in full control over when updates are deployed to their devices. Autopatch groups will recommend a set of intelligent defaults but those are fully customizable so that you can achieve your desired rollout.
|
||||
- name: Support
|
||||
questions:
|
||||
- question: What support is available for customers who need help with onboarding to Windows Autopatch?
|
||||
answer: |
|
||||
The FastTrack Center is the primary mode of support for customers who need assistance from Microsoft to meet the pre-requisites (such as Intune and Azure or Hybrid AD) for onboarding to Windows Autopatch. For more information, see [Microsoft FastTrack for Windows Autopatch](../manage/windows-autopatch-support-request.md#microsoft-fasttrack). If you have [Windows Enterprise E3+ or E5 licenses](../overview/windows-autopatch-overview.md#windows-enterprise-e3-and-f3-licenses) and you've [activated Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md), you can [submit a support request](../manage/windows-autopatch-support-request.md) with the Windows Autopatch Service Engineering Team.
|
||||
- question: Does Windows Autopatch Support Dual Scan for Windows Update?
|
||||
answer: |
|
||||
Dual Scan for Windows has been deprecated and replaced with the [scan source policy](/windows/deployment/update/wufb-wsus). Windows Autopatch supports the scan source policy if the Feature updates, and Windows quality updates workloads are configured for Windows update. If Feature and Windows updates are configured for WSUS, it could cause disruptions to the service and your release schedules.
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: What is Windows Autopatch?
|
||||
description: Details what the service is and shortcuts to articles.
|
||||
ms.date: 11/20/2024
|
||||
ms.date: 03/31/2025
|
||||
ms.service: windows-client
|
||||
ms.subservice: autopatch
|
||||
ms.topic: overview
|
||||
@ -18,7 +18,7 @@ ms.reviewer: hathind
|
||||
# What is Windows Autopatch?
|
||||
|
||||
> [!IMPORTANT]
|
||||
> In September 2024, Windows Update for Business deployment service unified under Windows Autopatch. Unification is going through a gradual rollout over the next several weeks. If your experience looks different from the documentation, you didn't receive the unified experience yet. Review [Prerequisites](../prepare/windows-autopatch-prerequisites.md) and [Features and capabilities](#features-and-capabilities) to understand licensing and feature entitlement.
|
||||
> In April 2025, Windows Autopatch removed feature activation and made Windows Autopatch features available support to Business Premium and A3+ licenses. These changes are rolling out over the next several weeks. If your experience looks different from the documentation, you didn’t receive the changes yet. Review [Prerequisites](../prepare/windows-autopatch-prerequisites.md) and [Features and capabilities](#features-and-capabilities) to understand licensing and feature entitlement.
|
||||
|
||||
Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization.
|
||||
|
||||
@ -26,67 +26,49 @@ Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps
|
||||
|
||||
Rather than maintaining complex digital infrastructure, businesses want to focus on what makes them unique and successful. Windows Autopatch offers a solution to some of the challenges facing businesses and their people today:
|
||||
|
||||
- **Close the security gap**: Windows Autopatch keeps software current, there are fewer vulnerabilities and threats to your devices.
|
||||
- **Close the security gap**: Windows Autopatch keeps Microsoft Windows current, there are fewer vulnerabilities and threats to your devices.
|
||||
- **Close the productivity gap**: Windows Autopatch adopts features as they're made available. End users get the latest tools to amplify their collaboration and work.
|
||||
- **Optimize your IT admin resources**: Windows Autopatch automates routine endpoint updates. IT pros have more time to create value.
|
||||
- **On-premises infrastructure**: Transitioning to the world of software as a service (SaaS) allows you to minimize your investment in on-premises hardware since updates are delivered from the cloud.
|
||||
- **Onboard new services**: Windows Autopatch makes it easy to enroll and minimizes the time required from your IT Admins to get started.
|
||||
- **Minimize end user disruption**: Windows Autopatch releases updates in sequential deployment rings, and responding to reliability and compatibility signals, user disruptions due to updates are minimized.
|
||||
|
||||
Windows Autopatch helps you minimize the involvement of your scarce IT resources in the planning and deployment of updates for Windows, Microsoft 365 Apps, Microsoft Edge, or Teams. Windows Autopatch uses careful rollout sequences and communicates with you throughout the release, allowing your IT Admins can focus on other activities and tasks.
|
||||
Windows Autopatch helps you minimize the involvement of your scarce IT resources in the planning and deployment of updates for Windows, Microsoft 365 Apps, Microsoft Edge, or Teams. Windows Autopatch uses careful rollout sequences and communicates with you throughout the release so that IT Admins can focus on other activities and tasks.
|
||||
|
||||
## Features and capabilities
|
||||
|
||||
### Business Premium and A3+ licenses
|
||||
|
||||
[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
|
||||
|
||||
The goal of Windows Autopatch is to deliver software updates to registered devices; the service frees up IT and minimizes disruptions to your end users. Once a device is registered with the service, you have access to the following features through the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431):
|
||||
|
||||
| Features included with Business Premium and A3+ licenses | Description |
|
||||
### Features included with Business Premium, A3+, E3+ and F3 licenses
|
||||
|
||||
| Features included with Business Premium, A3+, E3+ and F3 licenses | Description |
|
||||
| --- | --- |
|
||||
| [Update rings](../manage/windows-autopatch-update-rings.md) | You can manage Update rings for Windows 10 and later devices with Windows Autopatch. For more information, see [Manage Update rings](../manage/windows-autopatch-update-rings.md). |
|
||||
| [Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md) | With Windows Autopatch, you can manage Windows quality update profiles for Windows 10 and later devices. You can expedite a specific Windows quality update using targeted policies. |
|
||||
| [Windows feature updates](../manage/windows-autopatch-windows-feature-update-overview.md) | Windows Autopatch provides tools to assist with the controlled roll out of annual Windows feature updates. |
|
||||
| [Driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md) | You can manage and control your driver and firmware updates with Windows Autopatch.|
|
||||
| [Hotpatch updates](../manage/windows-autopatch-hotpatch-updates.md) | Install [Monthly B release security updates](/windows/deployment/update/release-cycle#monthly-security-update-release) without requiring you to restart the device. |
|
||||
| [Intune reports](/mem/intune/fundamentals/reports) | Use Intune reports to monitor the health and activity of endpoints in your organization.|
|
||||
| [Hotpatch quality update report](../monitor/windows-autopatch-hotpatch-quality-update-report.md) | Hotpatch quality update report provides a per policy level view of the current update statuses for all devices that receive Hotpatch updates. |
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Microsoft 365 Business Premium and Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5) do **not** have access to all Windows Autopatch features. For more information, see [Features and capabilities](../overview/windows-autopatch-overview.md#features-and-capabilities).
|
||||
|
||||
### Windows Enterprise E3+ and F3 licenses
|
||||
|
||||
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
|
||||
|
||||
In addition to the features included in [Business Premium and A3+ licenses](#business-premium-and-a3-licenses), if you have Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5), you have access to all of Windows Autopatch features in your tenant. When you [activate Windows Autopatch](../prepare/windows-autopatch-feature-activation.md), you have access to the following features through the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431):
|
||||
|
||||
| Features included in Windows Enterprise E3+ and F3 licenses | Description |
|
||||
| --- | --- |
|
||||
| [Autopatch groups](../deploy/windows-autopatch-groups-overview.md) | You can manage update deployment based on your audience.<p>An Autopatch group is a logical container or unit that groups several [Microsoft Entra groups](/entra/fundamentals/groups-view-azure-portal), and software update policies, such as [Update rings policy for Windows 10 and later](/mem/intune/protect/windows-10-update-rings) and [feature updates policy for Windows 10 and later policies](/mem/intune/protect/windows-10-feature-updates).</p><p>For more information about workloads supported by Autopatch groups, see [Software update workloads](../deploy/windows-autopatch-groups-overview.md#software-update-workloads).</p> |
|
||||
| [Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md) | In addition to the [Business Premium and A3+ capabilities](#business-premium-and-a3-licenses), Windows Autopatch:<ul><li>Aims to keep at least 95% of [Up to Date devices](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) on the latest quality update. For more information, see [Windows quality update Service Level Objective](../manage/windows-autopatch-windows-quality-update-overview.md#service-level-objective).</li></ul> |
|
||||
| [Multi-phase release policies with feature updates](../manage/windows-autopatch-windows-feature-update-overview.md#multi-phase-feature-update) | In addition to the [Business Premium and A3+ capabilities](#business-premium-and-a3-licenses), with Windows Autopatch, you can create customizable feature update deployments using multiple phases for your existing Autopatch groups. These phased releases can be tailored to meet your organizational unique needs.|
|
||||
| [Driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md) | In addition to the [Business Premium and A3+ capabilities](#business-premium-and-a3-licenses), with Windows Autopatch, you can:<ul><li>Choose to receive driver and firmware updates automatically, or self-manage the deployment</li><li>Control the flow of all drivers to an Autopatch group or rings within an Autopatch group</li><li>Control the flow of a specific driver or firmware across your entire tenant via approvals</li><li>Approve and deploy [other drivers and firmware](../manage/windows-autopatch-manage-driver-and-firmware-updates.md#other-drivers-and-firmware) that previously couldn’t be centrally managed</li></ul> |
|
||||
| [Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md) | With Windows Autopatch, you can manage Windows quality update profiles for Windows 10 and later devices. You can expedite a specific Windows quality update using targeted policies. Windows Autopatch:<ul><li>Aims to keep at least 95% of [Up to Date devices](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) on the latest quality update. For more information, see [Windows quality update Service Level Objective](../manage/windows-autopatch-windows-quality-update-overview.md#service-level-objective).</li></ul> |
|
||||
| [Hotpatch updates](../manage/windows-autopatch-hotpatch-updates.md) | Install [Monthly B release security updates](/windows/deployment/update/release-cycle#monthly-security-update-release) without requiring you to restart the device. |
|
||||
| [Windows feature updates](../manage/windows-autopatch-windows-feature-update-overview.md) and [Multi-phase release policies with feature updates](../manage/windows-autopatch-windows-feature-update-overview.md#multi-phase-feature-update) | Windows Autopatch provides tools to assist with the controlled roll out of annual Windows feature updates. With multi-phase release policies, you can create customizable feature update deployments using multiple phases for your existing Autopatch groups. These phased releases can be tailored to meet the unique needs of your organization.|
|
||||
| [Driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md) | You can manage and control your driver and firmware updates with Windows Autopatch. You can:<ul><li>Choose to receive driver and firmware updates automatically, or self-manage the deployment</li><li>Control the flow of all drivers to an Autopatch group or rings within an Autopatch group</li><li>Control the flow of a specific driver or firmware across your entire tenant via approvals</li><li>Approve and deploy [other drivers and firmware](../manage/windows-autopatch-manage-driver-and-firmware-updates.md#other-drivers-and-firmware) that previously couldn’t be centrally managed</li></ul> |
|
||||
| [Microsoft 365 Apps for enterprise updates](../manage/windows-autopatch-microsoft-365-apps-enterprise.md) | Windows Autopatch aims to keep at least 90% of eligible devices on a supported version of the Monthly Enterprise Channel (MEC). |
|
||||
| [Microsoft Edge updates](../manage/windows-autopatch-edge.md) | Windows Autopatch configures eligible devices to benefit from Microsoft Edge's progressive rollouts on the Stable channel. |
|
||||
| [Microsoft Teams updates](../manage/windows-autopatch-teams.md) | Windows Autopatch allows eligible devices to benefit from the standard automatic update channel. |
|
||||
| [Intune reports](/mem/intune/fundamentals/reports) | Use Intune reports to monitor the health and activity of endpoints in your organization.|
|
||||
| [Hotpatch quality update report](../monitor/windows-autopatch-hotpatch-quality-update-report.md) | Hotpatch quality update report provides a per policy level view of the current update statuses for all devices that receive Hotpatch updates. |
|
||||
| [Policy health and remediation](../monitor/windows-autopatch-policy-health-and-remediation.md) | When Windows Autopatch detects policies in the tenant are either missing or modified that affects the service, Windows Autopatch raises alerts and detailed recommended actions to ensure healthy operation of the service. |
|
||||
| Enhanced [Windows quality and feature update reports](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md) and [device alerts](../monitor/windows-autopatch-device-alerts.md) | Using Windows quality and feature update reports, you can monitor and remediate managed devices that are Not up to Date and resolve any device alerts to bring managed devices back into compliance. |
|
||||
| [Submit support requests](../manage/windows-autopatch-support-request.md) with the Windows Autopatch Service Engineering Team | When you activate additional Autopatch features, you can submit, manage, and edit support requests. |
|
||||
|
||||
### Features included with E3+ and F3 licenses only
|
||||
|
||||
In addition to the features listed in the previous table, if you have Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5), you have access to the following through the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431):
|
||||
|
||||
| Feature included with E3+ and F3 licenses only | Description |
|
||||
| --- | ---- |
|
||||
| [Submit support requests](../manage/windows-autopatch-support-request.md) with the Windows Autopatch Service Engineering Team | You can submit, manage, and edit support requests. |
|
||||
|
||||
## Communications
|
||||
|
||||
### [Business Premium and A3+](#tab/business-premium-a3-communications)
|
||||
|
||||
To stay informed of new and changed features and other announcements, navigate to [Microsoft 365 admin center > Message center](https://admin.microsoft.com/adminportal/home#/MessageCenter).
|
||||
|
||||
### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-communications)
|
||||
|
||||
To stay informed of upcoming changes, including new and changed features, planned maintenance, release and status communications, or other important announcements, navigate to [Microsoft 365 admin center > Message center](https://admin.microsoft.com/adminportal/home#/MessageCenter).
|
||||
|
||||
---
|
||||
|
||||
## Accessibility
|
||||
|
||||
Microsoft remains committed to the security of your data and the [accessibility](https://www.microsoft.com/trust-center/compliance/accessibility) of our services. For more information, see the [Microsoft Trust Center](https://www.microsoft.com/trust-center) and the [Office Accessibility Center](https://support.office.com/article/ecab0fcf-d143-4fe8-a2ff-6cd596bddc6d).
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Privacy
|
||||
description: This article provides details about the data platform and privacy compliance for Autopatch
|
||||
ms.date: 09/16/2024
|
||||
ms.date: 03/31/2025
|
||||
ms.service: windows-client
|
||||
ms.subservice: autopatch
|
||||
ms.topic: concept-article
|
||||
@ -23,74 +23,39 @@ Windows Autopatch is a cloud service for enterprise customers designed to keep W
|
||||
|
||||
Autopatch collects and stores data according to the [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?LinkId=521839).
|
||||
|
||||
### [Business Premium and A3+](#tab/data-sources-forbusiness-premium-a3-data-sources)
|
||||
|
||||
Data provided by the customer or generated by the service during normal operation is stored. For example, when a device is targeted with a policy, information is stored enabling the service to deliver content to targeted devices.
|
||||
|
||||
Business Premium and A3+ licenses require the use of Windows Diagnostic data. For more information, see [Diagnostic data in Windows Autopatch](#microsoft-windows-1011-diagnostic-data).
|
||||
|
||||
### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-data-sources)
|
||||
|
||||
When you've [activated Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md), data from various sources is used to properly administer enrolled devices and monitor that the service is working properly.
|
||||
When you use Windows Autopatch features, data from various sources is used to properly administer enrolled devices and monitor that the service is working properly.
|
||||
|
||||
The sources include Microsoft Entra ID, Microsoft Intune, and Microsoft Windows 10/11. The sources provide a comprehensive view of the devices that Windows Autopatch manages.
|
||||
|
||||
| Data source | Purpose |
|
||||
| ---- | ---- |
|
||||
| [Microsoft Windows 10/11 Enterprise](/windows/windows-10/) | Management of device setup experience, managing connections to other services, and operational support for IT pros. |
|
||||
| [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb) | Uses Windows 10/11 Enterprise diagnostic data to provide additional information on Windows 10/11 update. |
|
||||
| [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) | Device management and to keep your data secure. The following endpoint management data sources are used:<br><ul><li>[Microsoft Entra ID](/entra/identity/): Authentication and identification of all user accounts.</li><li>[Microsoft Intune](/mem/intune/): Distributing device configurations, device management and application management.</li></ul> |
|
||||
| [Windows Autopatch](https://go.microsoft.com/fwlink/?linkid=2109431) | Data provided by the customer or generated by the service during running of the service. |
|
||||
| [Windows Autopatch](https://go.microsoft.com/fwlink/?linkid=2109431) | <ul><li>Uses Windows 10/11 Enterprise diagnostic data to provide additional information on Windows 10/11 update.</li><li>Data provided by the customer or generated by the service during running of the service.</li></ul> |
|
||||
| [Microsoft 365 Apps for enterprise](https://www.microsoft.com/microsoft-365/enterprise/compare-office-365-plans)| Management of Microsoft 365 Apps. |
|
||||
|
||||
---
|
||||
|
||||
## Windows Autopatch data process and storage
|
||||
|
||||
[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
|
||||
## Windows Autopatch data process
|
||||
|
||||
Windows Autopatch relies on data from multiple Microsoft products and services to provide its service to enterprise customers.
|
||||
To protect and maintain enrolled devices, we process and copy data from these services to Windows Autopatch. When we process data, we follow the documented directions you provide as referenced in the [Online Services Terms](https://www.microsoft.com/licensing/product-licensing/products) and [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement).
|
||||
|
||||
Processor duties of Windows Autopatch include ensuring appropriate confidentiality, security, and resilience. Windows Autopatch employs additional privacy and security measures to ensure proper handling of personal identifiable data.
|
||||
|
||||
## Windows Autopatch data storage and staff location
|
||||
## Windows Autopatch data storage
|
||||
|
||||
Data obtained by Windows Autopatch and other services are required to keep the service operational. If a device is removed from Windows Autopatch, we keep data for a maximum of 30 days. For more information on data retention, see [Data retention, deletion, and destruction in Microsoft 365](/compliance/assurance/assurance-data-retention-deletion-and-destruction-overview).
|
||||
|
||||
### [Business Premium and A3+](#tab/business-premium-a3-data-storage)
|
||||
Feature, quality, and driver update policy data is stored in only two regions, either in Azure's North American or European data center.
|
||||
|
||||
Data stored in this part of the service is stored only in two regions, either Azure’s north American data centers or its European ones.
|
||||
|
||||
### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-data-storage)
|
||||
|
||||
Windows Autopatch stores its data in the Azure data centers based on your data residency. For more information, see [Microsoft 365 data center locations](/microsoft-365/enterprise/o365-data-locations).
|
||||
|
||||
The Windows Autopatch Service Engineering Team is in the United States, India, and Romania.
|
||||
|
||||
---
|
||||
Windows Autopatch groups and Windows Autopatch Client Broker stores its data in the Azure data centers based on your data residency. For more information, see [Microsoft 365 data center locations](/microsoft-365/enterprise/o365-data-locations).
|
||||
|
||||
## Microsoft Windows 10/11 diagnostic data
|
||||
|
||||
Windows Autopatch uses Windows diagnostic data to keep Windows secure, up to date, fix problems, and make product improvements. Learn more about configuring diagnostic data for your organization in Intune.
|
||||
Windows Autopatch uses Windows diagnostic data to keep Windows secure, up to date, and fix problems.
|
||||
|
||||
### [Business Premium and A3+](#tab/business-premium-a3-diagnostic-data)
|
||||
To take advantage of the unique deployment scheduling controls and protections tailored to your population, devices must share diagnostic data with Microsoft. For these features, at minimum, the deployment service requires devices to send [diagnostic data](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-settings) at the *Required* level for these features.
|
||||
|
||||
To take advantage of the unique deployment scheduling controls and protections tailored to your population and to [deploy driver updates](/windows/deployment/update/deployment-service-drivers), devices must share diagnostic data with Microsoft. For these features, at minimum, the deployment service requires devices to send [diagnostic data](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-settings) at the *Required* level for these features.
|
||||
|
||||
### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-diagnostic-data)
|
||||
|
||||
When you've [activated Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md), Windows Autopatch creates the “Windows Autopatch – Data Collection Policy” and assigns it to enrolled devices. This policy configures the following settings:
|
||||
|
||||
| Setting | Value | Description |
|
||||
| --- | --- | --- |
|
||||
| Allow telemetry | Optional. This value was previously named “**Full**” for Windows 10 devices. For more information, see [Changes to Windows diagnostic data collection](/previous-versions/windows/it-pro/privacy/changes-to-windows-diagnostic-data-collection). | Allow the device to send diagnostic and usage telemetry data, such as Watson. For more information about diagnostic data, including what is and what isn't collected by Windows, see [diagnostic data settings](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-settings). |
|
||||
| Limit Diagnostic Log Collection | Enabled | This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem. |
|
||||
| Limit Dump Collection | Enabled | This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. These dumps aren't sent unless we have permission to collect optional diagnostic data. By enabling this policy setting, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps only. |
|
||||
| Limit Enhanced Diagnostic Data Windows Analytics | Enabled | This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. |
|
||||
| Allow Windows Autopatch Processing | Allowed | Allows diagnostic data from this device to be processed by Windows Autopatch. |
|
||||
|
||||
Windows Autopatch only processes and stores system-level data from Windows 10/11 optional diagnostic data that originates from enrolled devices such as application and device reliability, and performance information. Windows Autopatch doesn't process and store customers' data such as chat and browser history, voice, text, or speech data.
|
||||
Windows Autopatch only processes and stores system-level data from Windows 10/11 optional diagnostic data that originates from enrolled devices. Windows Autopatch doesn't process and store customers' data such as chat and browser history, voice, text, or speech data.
|
||||
|
||||
For more information about the diagnostic data collection of Microsoft Windows 10/11, see the [Where we store and process data section](https://privacy.microsoft.com/en-US/privacystatement#mainwherewestoreandprocessdatamodule) of the Microsoft Privacy Statement.
|
||||
|
||||
@ -99,67 +64,22 @@ For more information about how Windows diagnostic data is used, see:
|
||||
- [Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#enable-windows-diagnostic-data-processor-configuration)
|
||||
- [Features that require Windows diagnostic data](/mem/intune/protect/data-enable-windows-data)
|
||||
|
||||
---
|
||||
|
||||
## Tenant access
|
||||
|
||||
### [Business Premium and A3+](#tab/business-premium-a3-tenant-access)
|
||||
|
||||
[!INCLUDE [windows-autopatch-business-premium-a3-licenses](../includes/windows-autopatch-business-premium-a3-licenses.md)]
|
||||
|
||||
### [Windows Enterprise E3+ and F3 licenses](#tab/windows-enterprise-e3-f3-tenant-access)
|
||||
|
||||
For more information about tenant access and changes made to your tenant upon activating Windows Autopatch features, see [Changes made at feature activation](../references/windows-autopatch-changes-made-at-feature-activation.md).
|
||||
|
||||
---
|
||||
|
||||
## Microsoft Windows Update for Business Reports
|
||||
|
||||
### [Business Premium and A3+](#tab/business-premium-a3-wufb-reports)
|
||||
|
||||
If you have Business Premium and A3+ licenses, when you use [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview), using diagnostic data at the following levels allows device names to appear in reporting:
|
||||
|
||||
- *Optional* level (previously Full) for Windows 11 devices
|
||||
- *Enhanced* level for Windows 10 devices
|
||||
|
||||
### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-wufb-reports)
|
||||
|
||||
Windows Update for Business uses data from Windows diagnostics to analyze update status and failures. When you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md), this data is used to deliver reports and confirm that registered devices are up to date.
|
||||
|
||||
---
|
||||
|
||||
## Microsoft Entra ID
|
||||
|
||||
[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
|
||||
|
||||
Identifying data used by Windows Autopatch is stored by Microsoft Entra ID in a geographical location. The geographical location is based on the location provided by the organization upon subscribing to Microsoft online services, such as Microsoft Apps for Enterprise and Azure. For more information on where your Microsoft Entra data is located, see [Microsoft Entra ID - Where is your data located?](https://msit.powerbi.com/view?r=eyJrIjoiODdjOWViZDctMWRhZS00ODUzLWI4MmQtNWM5NjBkZTBkNjFlIiwidCI6IjcyZjk4OGJmLTg2ZjEtNDFhZi05MWFiLTJkN2NkMDExZGI0NyIsImMiOjV9)
|
||||
|
||||
## Microsoft Intune
|
||||
|
||||
[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
|
||||
|
||||
Microsoft Intune collects, processes, and shares data to Windows Autopatch to support business operations and services. For more information about the data collected in Intune, see [Data collection in Intune](/mem/intune/protect/privacy-data-collect).
|
||||
|
||||
For more information on Microsoft Intune data locations, see [Where your Microsoft 365 customer data is stored](/microsoft-365/enterprise/o365-data-locations). Intune respects the storage location selections made by the administrator for customer data.
|
||||
|
||||
## Microsoft 365 Apps for enterprise
|
||||
|
||||
### [Business Premium and A3+](#tab/business-premium-a3-microsoft-365)
|
||||
|
||||
Microsoft 365 Apps for enterprise only collects and shares data with Windows Autopatch when you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md). Windows Autopatch ensure those apps are up to date with the latest version.
|
||||
|
||||
To use Windows Autopatch features, you must have the correct Enterprise license(s) and [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md). For more information about Enterprise licenses and the prerequisites, see [Windows Autopatch prerequisites](../prepare/windows-autopatch-prerequisites.md). For more information about features and capabilities, see [Features and capabilities](../overview/windows-autopatch-overview.md#features-and-capabilities).
|
||||
|
||||
### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-microsoft-365)
|
||||
|
||||
Microsoft 365 Apps for enterprise collects and shares data with Windows Autopatch to ensure those apps are up to date with the latest version. These updates are based on predefined update channels managed by Windows Autopatch. For more information on Microsoft 365 Apps's data collection and storage locations, see [Microsoft Defender for Endpoint data storage and privacy](/microsoft-365/enterprise/o365-data-locations).
|
||||
|
||||
---
|
||||
|
||||
## Major data change notification
|
||||
|
||||
[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
|
||||
|
||||
We notify customers through the Microsoft 365 message center, and the Windows Autopatch admin center about security incidents and major changes to the service.
|
||||
|
||||
Changes to the types of data gathered and storage are considered a material change. We provide a minimum of 30 days advanced notice of this change as it's standard practice for Microsoft 365 products and services.
|
||||
@ -178,7 +98,11 @@ These rights include:
|
||||
|
||||
For more general information about Data Subject Requests (DSRs), see [Data Subject Requests and the GDPR and CCPA](/compliance/regulatory/gdpr-data-subject-requests).
|
||||
|
||||
### [Business Premium and A3+](#tab/business-premium-a3-data-subjects)
|
||||
To exercise data subject requests on data collected by the Windows Autopatch case management system, see the following data subject requests:
|
||||
|
||||
| Data subject requests | Description |
|
||||
| ----- | ----- |
|
||||
| Data from Windows Autopatch support requests | Your IT administrator can request deletion, or extraction of data related support requests by submitting a report request in the [admin center](https://go.microsoft.com/fwlink/?linkid=2109431). Provide the following information:<ul><li>Request type: Change request</li><li>Category: Security</li><li>Subcategory: Other</li><li>Description: Provide the relevant device names or usernames</li></ul> |
|
||||
|
||||
For Data Subject Requests from other products related to the service, see the following articles:
|
||||
|
||||
@ -188,18 +112,8 @@ For Data Subject Requests from other products related to the service, see the fo
|
||||
|
||||
### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-data-subjects)
|
||||
|
||||
To exercise data subject requests on data collected by the Windows Autopatch case management system, see the following data subject requests:
|
||||
|
||||
| Data subject requests | Description |
|
||||
| --- | --- |
|
||||
| Data from Windows Autopatch support requests | Your IT administrator can request deletion, or extraction of data related support requests by submitting a report request in the [admin center](https://go.microsoft.com/fwlink/?linkid=2109431). Provide the following information:<ul><li>Request type: Change request</li><li>Category: Security</li><li>Subcategory: Other</li><li>Description: Provide the relevant device names or usernames</li></ul> |
|
||||
|
||||
---
|
||||
|
||||
## Legal
|
||||
|
||||
[!INCLUDE [windows-autopatch-applies-to-all-licenses](../includes/windows-autopatch-applies-to-all-licenses.md)]
|
||||
|
||||
The following is Microsoft's privacy notice to end users of products provided by organizational customers.
|
||||
|
||||
The [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) notifies end users that when they sign into Microsoft products with a work account:
|
||||
|
||||
Reference in New Issue
Block a user