deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 05:13:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' into uc-retire-7748881

Browse Source
This commit is contained in:
Meghan Stewart
2023-07-05 10:25:40 -07:00
committed by GitHub
parent 6d1137eb4e c1145c1714
commit 3fdd9de4c8
68 changed files with 1333 additions and 242 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
windows/deployment/do/waas-delivery-optimization-faq.yml
View File

@ -12,7 +12,7 @@ metadata:
- highpri
- tier3
ms.topic: faq
ms.date: 04/17/2023
ms.date: 06/28/2023
title: Delivery Optimization Frequently Asked Questions
summary: |
**Applies to**
@ -111,7 +111,7 @@ sections:
The recommended configuration for Delivery Optimization Peer-to-Peer to work most efficiently along with cloud proxy solutions (for example, Zscaler) is to allow traffic to the Delivery Optimization services to go directly to the internet and not through the cloud proxy.
At a minimum, the following FQDN that is used for communication between clients and the Delivery Optimization service should be allowed with direct Internet access and bypass the cloud proxy service:
- *.prod.do.dsp.mp.microsoft.com
- `*.prod.do.dsp.mp.microsoft.com`
If allowing direct Internet access isn't an option, try using Group Download Mode '2' to define the peering group. [Learn more](waas-delivery-optimization-reference.md#select-the-source-of-group-ids) about using Group Download mode.
@ -119,7 +119,8 @@ sections:
answer: |
Delivery Optimization is an HTTP downloader used by most content providers from Microsoft. When a device is configured to use Delivery Optimization peering (on by default), it does so with the HTTP downloader capabilities to optimize bandwidth usage.
If you'd like to disable peer-to-peer capabilities of Delivery Optimization, change the Delivery Optimization [Download mode](waas-delivery-optimization-reference.md#download-mode) setting to '0', which will disable peer-to-peer and provide hash checks. [Download mode](waas-delivery-optimization-reference.md#download-mode) set to '99' should only be used when the device is offline and doesn't have internet access.
Don't set **Download mode** to '100' (Bypass), which can cause some content to fail to download. Starting in Windows 11, Download mode '100' is deprecated.
> [!NOTE]
> Disabling Delivery Optimization won't prevent content from downloading to your devices. If you're looking to pause updates, you need to set policies for the relevant components such as Windows Update, Windows Store or Edge browser. If you're looking to reduce the load on your network, look into using Delivery Optimization Peer-to-Peer, Microsoft Connected Cache or apply the [network throttling policies](waas-delivery-optimization-reference.md#maximum-download-bandwidth) available for Delivery Optimization.
@ -129,4 +130,4 @@ sections:
- question: What Delivery Optimization settings are available?
answer: |
There are many different Delivery Optimization [settings](waas-delivery-optimization-reference.md) available. These settings allow you to effectively manage how Delivery Optimization is used within your environment with control s on bandwidth, time of day, etc.
There are many different Delivery Optimization [settings](waas-delivery-optimization-reference.md) available. These settings allow you to effectively manage how Delivery Optimization is used within your environment with control s on bandwidth, time of day, etc.

7
windows/deployment/do/waas-delivery-optimization-reference.md
View File

@ -8,7 +8,7 @@ ms.localizationpriority: medium
ms.author: carmenf
ms.topic: article
ms.technology: itpro-updates
ms.date: 12/31/2017
ms.date: 06/28/2023
ms.collection: tier3
---
@ -128,11 +128,8 @@ Download mode dictates which download sources clients are allowed to use when do
| Group (2) | When group mode is set, the group is automatically selected based on the device's Active Directory Domain Services (AD DS) site (Windows 10, version 1607) or the domain the device is authenticated to (Windows 10, version 1511). In group mode, peering occurs across internal subnets, between devices that belong to the same group, including devices in remote offices. You can use GroupID option to create your own custom group independently of domains and AD DS sites. Starting with Windows 10, version 1803, you can use the GroupIDSource parameter to take advantage of other method to create groups dynamically. Group download mode is the recommended option for most organizations looking to achieve the best bandwidth optimization with Delivery Optimization. |
| Internet (3) | Enable Internet peer sources for Delivery Optimization. |
| Simple (99) | Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable, unreachable, or when the content file size is less than 10 MB. In this mode, Delivery Optimization provides a reliable download experience over HTTP from the download's original source or a Microsoft Connected Cache server, with no peer-to-peer caching. |
| Bypass (100) | This option is deprecated starting in Windows 11. If you want to disable peer-to-peer functionality, it's best to set DownloadMode to (0). If your device doesnt have internet access, set Download Mode to (99). Bypass Delivery Optimization and use BITS, instead. You should only select this mode if you use WSUS and prefer to use BranchCache. You don't need to set this option if you're using Configuration Manager. |
| Bypass (100) | Starting in Windows 11, this option is deprecated. Don't set **Download mode** to '100' (Bypass), which can cause some content to fail to download. If you want to disable peer-to-peer functionality, set DownloadMode to (0). If your device doesn't have internet access, set Download Mode to (99). When you set Bypass (100), the download bypasses Delivery Optimization and uses BITS instead. You don't need to set this option if you're using Configuration Manager. |
> [!NOTE]
> Starting in Windows 11, the Bypass option of Download Mode is deprecated.
>
> [!NOTE]
> When you use Azure Active Directory tenant, AD Site, or AD Domain as the source of group IDs, the association of devices participating in the group should not be relied on for an authentication of identity of those devices.

4
windows/deployment/update/deployment-service-drivers.md
View File

@ -8,7 +8,7 @@ ms.author: mstewart
manager: aaroncz
ms.topic: article
ms.technology: itpro-updates
ms.date: 06/16/2023
ms.date: 06/22/2023
---
# Deploy drivers and firmware updates with Windows Update for Business deployment service
@ -81,7 +81,7 @@ To create a policy without any deployment settings, in the request body specify
{
"audience": {
"@odata.id": "d39ad1ce-0123-4567-89ab-cdef01234567"
"id": "d39ad1ce-0123-4567-89ab-cdef01234567"
}
}
```

BIN
windows/deployment/update/media/33771278-workbook-summary-tab-tiles.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 31 KiB

BIN
windows/deployment/update/media/8037522-workbook-summary-tab-tiles.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

11
windows/deployment/update/wufb-reports-prerequisites.md
View File

@ -6,7 +6,7 @@ ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.topic: article
ms.date: 06/09/2023
ms.date: 06/27/2023
ms.technology: itpro-updates
---
@ -49,12 +49,11 @@ Windows Update for Business reports supports Windows client devices on the follo
## Diagnostic data requirements
At minimum, Windows Update for Business reports requires devices to send diagnostic data at the *Required* level (previously *Basic*). For more information about what's included in different diagnostic levels, see [Diagnostics, feedback, and privacy in Windows](https://support.microsoft.com/windows/diagnostics-feedback-and-privacy-in-windows-28808a2b-a31b-dd73-dcd3-4559a5199319).
At minimum, Windows Update for Business reports requires devices to send diagnostic data at the *Required* level (previously *Basic*). For more information about what's included in different diagnostic levels, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
For some queries, such as Windows 11 eligibility reporting, Windows Update for Business reports requires devices to send diagnostic data at the following levels:
- *Optional* level for Windows 11 devices (previously *Full*)
- *Enhanced* level for Windows 10 devices
The following levels are recommended, but not required:
- The *Enhanced* level for Windows 10 devices
- The *Optional* level for Windows 11 devices (previously *Full*) <!--8027083-->
Device names don't appear in Windows Update for Business reports unless you individually opt-in devices by using a policy. The configuration script does this for you, but when using other client configuration methods, set one of the following to display device names:

33
windows/deployment/update/wufb-reports-workbook.md
View File

@ -6,7 +6,7 @@ ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.topic: article
ms.date: 06/12/2023
ms.date: 06/23/2023
ms.technology: itpro-updates
---
@ -35,6 +35,7 @@ To access the Windows Update for Business reports workbook:
1. When the gallery opens, select the **Windows Update for Business reports** workbook. If needed, you can filter workbooks by name in the gallery.
1. When the workbook opens, you may need to specify which **Subscription** and **Workspace** you used when [enabling Windows Update for Business reports](wufb-reports-enable.md).
## Summary tab
The **Summary** tab gives you a brief high-level overview of the devices that you've enrolled into Windows Update for Business reports. The **Summary** tab contains tiles above the **Overall security update status** chart.
@ -43,13 +44,13 @@ The **Summary** tab gives you a brief high-level overview of the devices that yo
Each of these tiles contains an option to **View details**. When **View details** is selected for a tile, a flyout appears with additional information.
:::image type="content" source="media/33771278-workbook-summary-tab-tiles.png" alt-text="Screenshot of the summary tab tiles in the Windows Update for Business reports workbook":::
:::image type="content" source="media/8037522-workbook-summary-tab-tiles.png" alt-text="Screenshot of the summary tab tiles in the Windows Update for Business reports workbook":::
| Tile name | Description | View details description |
|---|---|------|
| **Enrolled devices** | Total number of devices that are enrolled into Windows Update for Business reports | Displays multiple charts about the operating systems (OS) for enrolled devices: </br> **OS Version** </br> **OS Edition** </br> **OS Servicing Channel** </br> **OS Architecture**|
|**Active alerts** | Total number of active alerts on enrolled devices | Displays the top three active alert subtypes and the count of devices in each. </br> </br> Select the count of **Devices** to display a table of the devices. This table is limited to the first 1000 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). </br> </br> Select an **AlertSubtype** to display a list containing: </br> - Each **Error Code** in the alert subtype </br>- A **Description** of the error code </br> - A **Recommendation** to help you remediate the error code </br> - A count of **Devices** with the specific error code |
| **Windows 11 eligibility** | Percentage of devices that are capable of running Windows 11 | Displays the following items: </br> - **Windows 11 Readiness Status** chart </br> - **Readiness Reason(s) Breakdown** chart that displays Windows 11 requirements that aren't met. </br> - A table for **Readiness reason**. Select a reason to display a list of devices that don't meet a specific requirement for Windows 11. |
| **Windows 11 adoption** | Number of devices that are running Windows 11 | Displays the following items: </br> - **Windows 11 Device Count** chart, broken down by Windows 11 version </br> - **Windows 11 Eligibility Status** contains a **Readiness status** chart that lists the count of devices by OS version that are either capable or not capable of running Windows 11. </br> - The **Device List** allows you to choose a Windows 11 **Ineligibility Reason** to display devices that don't meet the selected requirement. <!--8037522-->|
### Summary tab charts
@ -63,15 +64,14 @@ The charts displayed in the **Summary** tab give you a general idea of the overa
## Quality updates tab
The **Quality updates** tab displays generalized data at the top by using tiles. The quality update data becomes more specific as you navigate lower in this tab. The top of the **Quality updates** tab contains tiles with the following information:
- **Latest security update**: Count of devices that have reported successful installation of the latest security update.
- **Missing one security update**: Count of devices that haven't installed the latest security update.
- **Missing multiple security updates**: Count of devices that are missing two or more security updates.
- **Active alerts**: Count of active update and device alerts for quality updates.
Selecting **View details** on any of the tiles displays a flyout with a chart that displays the first 1000 items. Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
The **Quality updates** tab displays generalized data at the top by using tiles. The quality update data becomes more specific as you navigate lower in this tab. The top of the **Quality updates** tab contains tiles with the following information and drill-down options:
| Tile name | Description | Drill-in description |
|---|---|---|
|**Latest security update**| Count of devices that have reported successful installation of the latest security update. | - Select **View details** to display a flyout with a chart that displays the first 1000 items. </br> - Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). |
| **Missing one security update** | Count of devices that haven't installed the latest security update.| - Select **View details** to display a flyout with a chart that displays the first 1000 items. </br> - Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).|
| **Missing multiple security updates** | Count of devices that are missing two or more security updates. | - Select **View details** to display a flyout with a chart that displays the first 1000 items. </br> - Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). |
| **Expedite performance** | Overview of the progress for the expedited deployments of the latest security update. | - Select **View details** to display a flyout with a chart that displays the total progress of each deployment, number of alerts, and count of devices. </br> - Select the count from the **Alerts** column to display the alerts, by name, for the deployment. Selecting the device count for the alert name displays a list of devices with the alert. </br> - Select the count in the **TotalDevices** column to display a list of clients and their information for the deployment. <!--7626683-->|
Below the tiles, the **Quality updates** tab is subdivided into **Update status** and **Device status** groups. These different chart groups allow you to easily discover trends in compliance data. For instance, you may remember that about third of your devices were in the installing state yesterday, but this number didn't change as much as you were expecting. That unexpected trend may cause you to investigate and resolve a potential issue before end users are impacted.
@ -188,6 +188,17 @@ The Delivery Optimization tab is further divided into the following groups:
:::image type="content" source="media/wufb-do-overview.png" alt-text="Screenshot of the summary tab in the Windows Update for Business reports workbook for Delivery Optimization." lightbox="media/wufb-do-overview.png":::
## Understanding update states
Updates can go though many phases from when they're initially deployed to being installed on the device. Transition from one state to another can be rapid, which makes some states less likely to be displayed in reports. The workbook can report the following high-level states for a device update: <!--8052067-->
- **Offering**: The update is being offered to the device for installation
- **Installing**: The update is in the process of being installed on the device
- **Installed**: The update has been installed on the device
- **Cancelled**: The update was cancelled from the [deployment service](deployment-service-overview.md) before it was installed
- **Uninstalled**: The update was uninstalled from the device by either an admin or a user
- **OnHold**: The update was put on hold from the [deployment service](deployment-service-overview.md) before it was installed
- **Unknown**: This state occurs when there's a record for the device in the [UCClient](wufb-reports-schema-ucclient.md) table, but there isn't a record for the specific update for the specific device in the [UCClientUpdateStatus](wufb-reports-schema-ucclientupdatestatus.md) table. This means that there is no record of the update for the device in question.
## Customize the workbook

2
windows/deployment/volume-activation/activate-windows-10-clients-vamt.md
View File

@ -81,7 +81,7 @@ The KMS uses service (SRV) resource records in DNS to store and communicate the
By default, KMS client computers query DNS for KMS information. The first time a KMS client computer queries DNS for KMS information, it randomly chooses a KMS host from the list of service (SRV) resource records that DNS returns. The address of a DNS server that contains the service (SRV) resource records can be listed as a suffixed entry on KMS client computers, which allows one DNS server to advertise the service (SRV) resource records for KMS, and KMS client computers with other primary DNS servers to find it.
Priority and weight parameters can be added to the DnsDomainPublishList registry value for KMS. Establishing KMS host priority groupings and weighting within each group allows you to specify which KMS host the client computers should try first and balances traffic among multiple KMS hosts. Only Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 provide these priority and weight parameters.
Priority and weight parameters can be added to the DnsDomainPublishList registry value for KMS. Establishing KMS host priority groupings and weighting within each group allows you to specify which KMS host the client computers should try first and balances traffic among multiple KMS hosts. All currently supported versions of Windows and Windows Server provide these priority and weight parameters.
If the KMS host that a client computer selects doesn't respond, the KMS client computer removes that KMS host from its list of service (SRV) resource records and randomly selects another KMS host from the list. When a KMS host responds, the KMS client computer caches the name of the KMS host and uses it for subsequent activation and renewal attempts. If the cached KMS host doesn't respond on a subsequent renewal, the KMS client computer discovers a new KMS host by querying DNS for KMS service (SRV) resource records.

2
windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
View File

@ -44,7 +44,7 @@ To open PowerShell with administrative credentials, select **Start** and enter `
For all supported operating systems, you can use the VAMT PowerShell module included with the Windows ADK. By default, the module is installed with the Windows ADK in the VAMT folder. Change directories to the directory where VAMT is located. For example, if the Windows ADK is installed in the default location of `C:\Program Files(x86)\Windows Kits\10`, enter:
```powershell
cd "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT 3.0"
cd "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT3"
```
### Import the VAMT PowerShell module

4
windows/deployment/windows-autopatch/TOC.yml
View File

@ -146,6 +146,8 @@
href: operate/windows-autopatch-policy-health-and-remediation.md
- name: Maintain the Windows Autopatch environment
href: operate/windows-autopatch-maintain-environment.md
- name: Manage driver and firmware updates
href: operate/windows-autopatch-manage-driver-and-firmware-updates.md
- name: Submit a support request
href: operate/windows-autopatch-support-request.md
- name: Deregister a device
@ -166,6 +168,8 @@
href: references/windows-autopatch-changes-to-tenant.md
- name: Windows Autopatch groups public preview addendum
href: references/windows-autopatch-groups-public-preview-addendum.md
- name: Driver and firmware updates public preview addendum
href: references/windows-autopatch-driver-and-firmware-updates-public-preview-addendum.md
- name: What's new
href:
items:

65
windows/deployment/windows-autopatch/operate/windows-autopatch-manage-driver-and-firmware-updates.md Normal file
View File

@ -0,0 +1,65 @@
---
title: Manage driver and firmware updates
description: This article explains how you can manage driver and firmware updates with Windows Autopatch
ms.date: 07/04/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: how-to
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: andredm7
ms.collection:
- highpri
- tier1
---
# Manage driver and firmware updates (public preview)
> [!IMPORTANT]
> This feature is in **public preview**. The feature is being actively developed, and might not be complete. You can test and use these features in production environments and provide feedback.
You can manage and control your driver and firmware updates with Windows Autopatch. You can choose to receive driver and firmware updates automatically, or self-manage the deployment.
> [!TIP]
> Windows Autopatch's driver and firmware update management is based on [Intunes driver and firmware update management](/mem/intune/protect/windows-driver-updates-overview). You can use **both** Intune and Windows Autopatch to manage your driver and firmware updates.
## Automatic and Self-managed modes
Switching the toggle between Automatic and Self-managed modes creates driver profiles on a per-ring basis within your tenant.
| Modes | Description |
| ----- | -----|
| Automatic | We recommend using **Automatic** mode.<p>Automatic mode (default) is recommended for organizations with standard Original Equipment Manufacturer (OEM) devices where no recent driver or hardware issues have occurred due to Windows Updates. Automatic mode ensures the most secure drivers are installed using Autopatch deployment ring rollout.</p> |
| Self-managed | When you use the the **Self-managed** mode for drivers and firmware, no drivers are installed in your environment without your explicit approval. You can still use Intune to choose specific drivers and deploy them on a ring-by-ring basis.<p>Self-managed mode turns off Windows Autopatchs automatic driver deployment. Instead, the Administrator controls the driver deployment.<p>The Administrator selects the individual driver within an Intune driver update profile. Then, Autopatch creates an Intune driver update profile per deployment ring. Drivers can vary between deployment rings.</p><p>The drivers listed for selection represent only the drivers needed for the targeted clients, which are the Autopatch rings. Therefore, the drivers offered may vary between rings depending on the variety of device hardware in an organization.</p> |
## Set driver and firmware updates to Automatic or Self-managed mode
**To set driver and firmware updates to Automatic or Self-managed mode:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Navigate to **Devices** > **Windows Autopatch** > **Release management** > **Release settings**.
1. In the **Windows Driver Updates** section, read and accept the agreement.
1. Select either **Automatic** or **Self-managed**.
## View driver and firmware policies created by Windows Autopatch
**To view driver and firmware policies created by Windows Autopatch:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Navigate to **Devices** > **Driver updates for Windows 10 and later**.
1. Windows Autopatch creates four policies. The policy names begin with **Windows Autopatch Driver Update Policy** and end with the name of the ring to which they're targeted in brackets. For example, **Windows Autopatch Driver Update Policy [Test]**.
The `CreateDriverUpdatePolicy` is created for the Test, First, Fast, and Broad deployment rings. The policy settings are defined in the following table:
| Policy name | DisplayName | Description | Approval Type | DeploymentDeferralInDays |
| ----- | ----- | ----- | ----- | ----- |
| `CreateDriverUpdatePolicy` | Windows Autopatch Driver Update policy [Test/First/Fast/Broad] | Driver Update Policy for device Test/First/Fast/Broad group | Automatic | `0` |
> [!NOTE]
> In public preview, the DeploymentDeferralInDays setting is set to `0` for all deployment rings.
## Feedback and support
If you need support with this feature, and have enrolled your tenant into Windows Autopatch, [submit a support request](../operate/windows-autopatch-support-request.md).

12
windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md
View File

@ -1,7 +1,7 @@
---
title: Microsoft 365 Apps for enterprise
description: This article explains how Windows Autopatch manages Microsoft 365 Apps for enterprise updates
ms.date: 03/10/2023
ms.date: 06/23/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: how-to
@ -41,9 +41,9 @@ For a device to be eligible for Microsoft 365 Apps for enterprise updates (both
## Update release schedule
All devices registered for Windows Autopatch will receive updates from the [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview). This practice provides your users with new features each month, and they'll receive just one update per month on a predictable release schedule. Updates are released on the second Tuesday of the month; these updates can include feature, security, and quality updates. These updates occur automatically and pulled directly from the Office Content Delivery Network (CDN).
All devices registered for Windows Autopatch receive updates from the [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview). This practice provides your users with new features each month, and they receive just one update per month on a predictable release schedule. Updates are released on the second Tuesday of the month; these updates can include feature, security, and quality updates. These updates occur automatically and pulled directly from the Office Content Delivery Network (CDN).
Unlike Windows update, the Office CDN doesn't make the update available to all devices at once. Over the course of the release, the Office CDN gradually makes the update available to the whole population of devices. Windows Autopatch doesn't control the order in which updates are offered to devices across your estate. After the update downloads, there's a seven day [update deadline](/deployoffice/configure-update-settings-microsoft-365-apps) that specifies how long the user has until the user must apply the update.
Unlike Windows update, the Office CDN doesn't make the update available to all devices at once. Over the course of the release, the Office CDN gradually makes the update available to the whole population of devices. Windows Autopatch doesn't control the order in which updates are offered to devices across your estate. After the update downloads, there's a seven day [update deadline](../references/windows-autopatch-microsoft-365-policies.md) that specifies how long the user has until the user must apply the update.
## Deployment rings
@ -81,7 +81,7 @@ Windows Autopatch doesn't allow you to pause or roll back an update in the Micro
## Allow or block Microsoft 365 App updates
For organizations seeking greater control, you can allow or block Microsoft 365 App updates for Windows Autopatch-enrolled devices. When the Microsoft 365 App update setting is set to **Block**, Windows Autopatch won't provide Microsoft 365 App updates on your behalf, and your organizations will have full control over these updates. For example, you can continue to receive updates from [channels](/deployoffice/overview-update-channels) other than the default [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview).
For organizations seeking greater control, you can allow or block Microsoft 365 App updates for Windows Autopatch-enrolled devices. When the Microsoft 365 App update setting is set to **Block**, Windows Autopatch doesn't provide Microsoft 365 App updates on your behalf, and your organizations have full control over these updates. For example, you can continue to receive updates from [channels](/deployoffice/overview-update-channels) other than the default [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview).
**To allow or block Microsoft 365 App updates:**
@ -120,12 +120,12 @@ For organizations seeking greater control, you can allow or block Microsoft 365
[Servicing profiles](/deployoffice/admincenter/servicing-profile) is a feature in the [Microsoft 365 Apps admin center](https://config.office.com/) that provides controlled update management of monthly Office updates, including controls for user and device targeting, scheduling, rollback, and reporting.
A [service profile](/deployoffice/admincenter/servicing-profile#compatibility-with-other-management-tools) takes precedence over other policies, such as a Microsoft Intune policy or the Office Deployment Tool. The servicing profile will affect all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it will be ineligible for Microsoft 365 App update management.
A [service profile](/deployoffice/admincenter/servicing-profile#compatibility-with-other-management-tools) takes precedence over other policies, such as a Microsoft Intune policy or the Office Deployment Tool. The servicing profile affects all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it's ineligible for Microsoft 365 App update management.
However, the device may still be eligible for other managed updates. For more information about a device's eligibility for a given [software update workload](windows-autopatch-update-management.md#software-update-workloads), see the Device eligibility section of each respective software update workload.
## Incidents and outages
If devices in your tenant aren't meeting the [service level objective](#service-level-objective) for Microsoft 365 Apps for enterprise updates, an incident will be raised. The Windows Autopatch Service Engineering Team will work to bring the devices back into compliance.
If devices in your tenant aren't meeting the [service level objective](#service-level-objective) for Microsoft 365 Apps for enterprise updates, an incident is raised. The Windows Autopatch Service Engineering Team will work to bring the devices back into compliance.
If you're experiencing issues related to Microsoft 365 Apps for enterprise updates, [submit a support request](../operate/windows-autopatch-support-request.md).

4
windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
View File

@ -1,7 +1,7 @@
---
title: Roles and responsibilities
description: This article describes the roles and responsibilities provided by Windows Autopatch and what the customer must do
ms.date: 03/08/2023
ms.date: 06/27/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: conceptual
@ -47,6 +47,7 @@ This article outlines your responsibilities and Windows Autopatch's responsibili
| Remove your devices from existing unsupported [Windows update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies | :heavy_check_mark: | :x: |
| [Turn on or off expedited Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md#expedited-releases) | :heavy_check_mark: | :x: |
| [Allow or block Microsoft 365 Apps for enterprise updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates) | :heavy_check_mark: | :x: |
| [Manage driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md) | :heavy_check_mark: | :x: |
| [Customize Windows Update settings](../operate/windows-autopatch-windows-update.md) | :heavy_check_mark: | :x: |
| [Register devices/add devices to the Windows Autopatch Device Registration group](../deploy/windows-autopatch-register-devices.md#steps-to-register-devices-using-the-classic-method) | :heavy_check_mark: | :x: |
| [Run the pre-registration device readiness checks](../deploy/windows-autopatch-register-devices.md#about-the-registered-not-ready-and-not-registered-tabs) | :x: | :heavy_check_mark: |
@ -69,6 +70,7 @@ This article outlines your responsibilities and Windows Autopatch's responsibili
| [Maintain the Test deployment ring membership](../operate/windows-autopatch-update-management.md#deployment-ring-calculation-logic) | :heavy_check_mark: | :x: |
| Monitor [Windows update signals](../operate/windows-autopatch-windows-quality-update-signals.md) for safe update release | :x: | :heavy_check_mark: |
| Test specific [business update scenarios](../operate/windows-autopatch-windows-quality-update-signals.md) | :heavy_check_mark: | :x: |
| [Manage driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md) | :heavy_check_mark: | :x: |
| [Customize Windows Update settings](../operate/windows-autopatch-windows-update.md) | :heavy_check_mark: | :x: |
| [Define and implement service default release schedule](../operate/windows-autopatch-windows-quality-update-overview.md) | :x: | :heavy_check_mark: |
| Communicate the update [release schedule](../operate/windows-autopatch-windows-quality-update-communications.md) | :x: | :heavy_check_mark: |

4
windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
View File

@ -1,7 +1,7 @@
---
title: Changes made at tenant enrollment
description: This reference article details the changes made to your tenant when enrolling into Windows Autopatch
ms.date: 01/24/2023
ms.date: 06/23/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: reference
@ -108,7 +108,7 @@ The following groups target Windows Autopatch configurations to devices and mana
| Policy name | Policy description | Properties | Value |
| ----- | ----- | ----- | ----- |
| Windows Autopatch-OfficeConfiguration | SetsOfficeUpdateChanneltotheMonthlyEnterpriseservicingbranch.<p>Assigned to:<ol><li>ModernWorkplaceDevices-WindowsAutopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>|<ol><li>Enable Automatic Updates</li><li>Hide option to enable or disable updates</li><li>Update Channel</li><li>Channel Name (Device)</li><li>Hide Update Notifications</li><li>Update Path</li></ol> |<ol><li>Enabled</li><li>Enabled</li><li>Enabled</li><li>Monthly Enterprise Channel</li><li>Disabled</li><li>Enabled</li></ol> |
| Windows Autopatch-OfficeConfiguration | SetsOfficeUpdateChanneltotheMonthlyEnterpriseservicingbranch.<p>Assigned to:<ol><li>ModernWorkplaceDevices-WindowsAutopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>|<ol><li>Enable Automatic Updates</li><li>Hide option to enable or disable updates</li><li>Update Channel</li><li>Channel Name (Device)</li><li>Hide Update Notifications</li><li>Update Path</li><li>Location for updates (Device)</li></ol> |<ol><li>Enabled</li><li>Enabled</li><li>Enabled</li><li>Monthly Enterprise Channel</li><li>Disabled</li><li>Enabled</li><li>`http://officecdn.microsoft.com/pr/55336b82-a18d-4dd6-b5f6-9e5095c314a6`</li></ol> |
| Windows Autopatch-OfficeUpdateConfiguration[Test] | Sets theOfficeupdatedeadline<p>Assigned to:<ol><li>ModernWorkplaceDevices-WindowsAutopatch-Test</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>|<ol><li>Enabled; `Days(Device) == 0 days`</li></li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
| Windows Autopatch-OfficeUpdateConfiguration[First] | Setsthe Officeupdatedeadline<p>Assigned to:<ol><li>ModernWorkplaceDevices-WindowsAutopatch-First</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol> | <ol><li>Enabled; `Days(Device) == 0 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
| Windows Autopatch-OfficeUpdateConfiguration[Fast] | Setsthe Officeupdatedeadline<p>Assigned to:<ol><li>ModernWorkplaceDevices-WindowsAutopatch-Fast</li></ol>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <ol><li>Enabled; `Days(Device) == 3 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|

29
windows/deployment/windows-autopatch/references/windows-autopatch-driver-and-firmware-updates-public-preview-addendum.md Normal file
View File

@ -0,0 +1,29 @@
---
title: Driver and firmware updates for Windows Autopatch Public Preview Addendum
description: This article explains how driver and firmware updates are managed in Autopatch
ms.date: 06/26/2023
ms.prod: w11
ms.technology: windows
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
manager: dougeby
msreviewer: hathind
---
# Driver and Firmware Updates for Windows Autopatch Public Preview Addendum
**This Driver and Firmware Updates for Windows Autopatch Public Preview Addendum ("Addendum") to the Microsoft Product Terms Universal License Terms for Online Services** (as provided at: [Microsoft Product Terms](https://www.microsoft.com/licensing/terms/product/ForOnlineServices/all) (the "**Product Terms**")) is entered into between Microsoft Corporation, a Washington corporation having its principal place of business at One Microsoft Way, Redmond, Washington, USA 98052-6399 (or based on where Customer lives, one of Microsoft's affiliates) ("**Microsoft**"), and you ("**Customer**").
For good and valuable consideration, the receipt and sufficiency of which is acknowledged, the parties agree as follows:
Microsoft desires to preview the Driver and Firmware Updates for Windows Autopatch service it's developing ("**Driver and Firmware Updates Preview**”) in order to evaluate it. Customer would like to particulate this Driver and Firmware Updates Preview under the Product Terms and this Addendum. Driver and Firmware Updates Preview consists of features and services that are in preview, beta, or other prerelease form. Driver and Firmware Updates Preview is subject to the "preview" terms set forth in the Product Terms Universal License Terms for Online Services.
## Definitions
Capitalized terms used but not defined herein have the meanings given in the Product Terms.
## Data Handling
Driver and Firmware Updates Preview integrates Customer Data from other Products, including Windows, Microsoft Intune, Azure Active Directory, and Office (collectively for purposes of this provision "Windows Autopatch Input Services"). Once Customer Data from Windows Autopatch Input Services is integrated into Driver and Firmware Updates Preview, only the Product Terms and [DPA provisions](https://www.microsoft.com/licensing/terms/product/Glossary/all) applicable to Driver and Firmware Updates Preview apply to that data.

22
windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md
View File

@ -1,7 +1,7 @@
---
title: Microsoft 365 Apps for enterprise update policies
description: This article explains the Microsoft 365 Apps for enterprise policies in Windows Autopatch
ms.date: 07/11/2022
ms.date: 06/23/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: conceptual
@ -22,14 +22,14 @@ Deploying any of the following policies to a managed device makes that device in
### Update policies
Window Autopatch deploys mobile device management (MDM) policies to configure Microsoft 365 Apps and requires a specific configuration. If any [Microsoft 365 Apps update settings](/deployoffice/configure-update-settings-microsoft-365-apps) are deployed which conflict with our policies, then the device won't be eligible for management.
Window Autopatch deploys mobile device management (MDM) policies to configure Microsoft 365 Apps and requires a specific configuration. If any [Microsoft 365 Apps update settings](/deployoffice/configure-update-settings-microsoft-365-apps) are deployed which conflict with our policies, then the device isn't eligible for management.
| Update setting | Value | Usage reason |
| ----- | ----- | ----- |
| Set updates to occur automatically | Enabled | Enable automatic updates |
| Specify a location to look for updates | Blank | Don't use this setting since it overwrites the update branch |
| Update channel | Monthly Enterprise | Supported channel for Windows Autopatch |
| Specify the version of Microsoft 365 Apps to update to | Variable | Used to roll back to a previous version if an error occurs |
| Set a deadline by when updates must be applied | 7 | Update deadline |
| Hide update notifications from users | Turned off | Users should be notified when Microsoft 365 Apps are being updated |
| Hide the option to turn on or off automatic Office updates | Turned on | Prevents users from disabling automatic updates |
| Setting name | Test | First | Fast | Broad | Usage reason |
| ----- | ----- | ----- | ----- | ----- | ----- |
| Set updates to occur automatically | Turned on | Turned on | Turned on | Turned on | Turn on automatic updates |
| Specify a location to look for updates | Blank | Blank | Blank | Blank | Don't use this setting because it overwrites the update branch |
| Specify the version of Microsoft Apps to update to | Variable | Variable | Variable | Variable | Used to roll back to a previous version if an error occurs |
| Set a deadline when updates must be applied | 7 | 7 | 7 | 7 | Updates must be applied by the specified deadline |
| Sets the Office update deferral | 0 | 0 | 3 | 7| Delay downloading and installing updates for Office |
| Hide update notifications from end users | Turned off | Turned off | Turned off | Turned off | End users should be notified when Microsoft 365 Apps are being updated |
| Hide the option to turn on or off automatic Office updates | Turned on | Turned on | Turned on | Turned on | Prevents end users from turning off automatic updates |

33
windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
View File

@ -1,7 +1,7 @@
---
title: What's new 2023
description: This article lists the 2023 feature releases and any corresponding Message center post numbers.
ms.date: 06/12/2023
ms.date: 06/26/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: whats-new
@ -21,9 +21,28 @@ This article lists new and updated feature releases, and service releases, with
Minor corrections such as typos, style, or formatting issues aren't listed.
## June 2023
### June feature releases or updates
| Article | Description |
| ----- | ----- |
| [Manage driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md) | New article on how to manage driver and firmware updates. This feature is in public preview |
| [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) | Added Location for updates (Device) setting and value to the [Windows Autopatch - Office Configuration policy](../references/windows-autopatch-changes-to-tenant.md#microsoft-office-update-policies) |
| [Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md) | Updated [deadline link](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#behavior-during-updates) |
| [Microsoft 365 Apps for enterprise update policies](../references/windows-autopatch-microsoft-365-policies.md) | Updated the [Update policies](../references/windows-autopatch-microsoft-365-policies.md#update-policies) section |
### June service releases
| Message center post number | Description |
| ----- | ----- |
| [MC604889](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Expanding Windows Autopatch availability in August 2023 |
| [MC602590](https://admin.microsoft.com/adminportal/home#/MessageCenter) | June 2023 Windows Autopatch baseline configuration update |
| [MC591864](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Updated ticket categories to reduce how long it takes to resolve support requests |
## May 2023
### May 2023 feature release
### May feature releases or updates
| Article | Description |
| ----- | ----- |
@ -51,7 +70,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
| [Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md) | Add new Policy health and remediation feature. This feature is in public preview |
| [Windows Autopatch groups public preview addendum](../references/windows-autopatch-groups-public-preview-addendum.md) | Added addendum for the Windows Autopatch groups public preview |
## May service release
### May service releases
| Message center post number | Description |
| ----- | ----- |
@ -65,7 +84,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
| ----- | ----- |
| [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) | Updated the [Deployment rings for Windows 10 and later](../references/windows-autopatch-changes-to-tenant.md#deployment-rings-for-windows-10-and-later) section |
### April service release
### April service releases
| Message center post number | Description |
| ----- | ----- |
@ -83,7 +102,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
| [Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md) | <ul><li>Added support for subscription versions of Microsoft Project and Visio desktop apps</li><li>Updated device eligibility criteria</li><li>Clarified update controls</li></ul> |
| [Customize Windows Update settings](../operate/windows-autopatch-windows-update.md) | New [Customize Windows Update settings](../operate/windows-autopatch-windows-update.md) feature. This feature is in public preview<ul><li>[MC524715](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul>|
### March service release
### March service releases
| Message center post number | Description |
| ----- | ----- |
@ -107,7 +126,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
| [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) | Updated Feature update policies section with Windows Autopatch - DSS Policy [deployment ring] |
| [Register your devices](../deploy/windows-autopatch-register-devices.md) |<ul><li>Updated the [Built-in roles required for registration](../deploy/windows-autopatch-register-devices.md#built-in-roles-required-for-device-registration) section</li><li>Added more information about assigning less-privileged user accounts</li></ul> |
### February service release
### February service releases
| Message center post number | Description |
| ----- | ----- |
@ -126,7 +145,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
| [Submit a tenant enrollment support request](../prepare/windows-autopatch-enrollment-support-request.md) | Added the Submit a tenant enrollment support request section. You can submit a tenant enrollment support request through the Tenant enrollment tool if you're running into issues with enrollment |
| [Submit a support request](../operate/windows-autopatch-support-request.md) | Added Premier and Unified support options section |
### January service release
### January service releases
| Message center post number | Description |
| ----- | ----- |