mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-22 05:43:41 +00:00
Merge branch 'main' into patch-1
This commit is contained in:
Tiara Quan
GitHub
@ -2,8 +2,8 @@
|
||||
title: Deploying with Windows Autopatch
|
||||
description: Landing page for the deploy section
|
||||
ms.date: 05/30/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Add and verify admin contacts
|
||||
description: This article explains how to add and verify admin contacts
|
||||
description: This article explains how to add and verify admin contacts
|
||||
ms.date: 05/30/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Device registration overview
|
||||
description: This article provides an overview on how to register devices in Autopatch
|
||||
ms.date: 09/07/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
description: This article provides an overview on how to register devices in Autopatch
|
||||
ms.date: 10/5/2022
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
@ -22,7 +22,8 @@ The overall device registration process is:
|
||||
|
||||
:::image type="content" source="../media/windows-autopatch-device-registration-overview.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-device-registration-overview.png":::
|
||||
|
||||
1. IT admin identifies devices to be managed by Windows Autopatch and adds them into the **Windows Autopatch Device Registration** Azure Active Directory (AD) group.
|
||||
1. IT admin reviews [Windows Autopatch device registration pre-requisites](windows-autopatch-register-devices.md#prerequisites-for-device-registration) prior to register devices with Windows Autopatch.
|
||||
2. IT admin identifies devices to be managed by Windows Autopatch and adds them into the **Windows Autopatch Device Registration** Azure Active Directory (AD) group.
|
||||
1. Windows Autopatch then:
|
||||
1. Performs device readiness prior registration (prerequisite checks).
|
||||
1. Calculates the deployment ring distribution.
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Post-device registration readiness checks
|
||||
description: This article details how post-device registration readiness checks are performed in Windows Autopatch
|
||||
description: This article details how post-device registration readiness checks are performed in Windows Autopatch
|
||||
ms.date: 09/16/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Register your devices
|
||||
description: This article details how to register devices in Autopatch
|
||||
description: This article details how to register devices in Autopatch
|
||||
ms.date: 09/07/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
@ -30,9 +30,9 @@ Windows Autopatch can take over software update management control of devices th
|
||||
|
||||
You must choose what devices to manage with Windows Autopatch by adding them to the **Windows Autopatch Device Registration** Azure AD assigned group. Devices can be added using the following methods:
|
||||
|
||||
- Direct membership
|
||||
- Direct membership
|
||||
- Nesting other Azure AD dynamic/assigned groups
|
||||
- [Bulk add/import group members](/azure/active-directory/enterprise-users/groups-bulk-import-members)
|
||||
- [Bulk add/import group members](/azure/active-directory/enterprise-users/groups-bulk-import-members)
|
||||
|
||||
Windows Autopatch automatically runs its discover devices function every hour to discover new devices added to this group. Once new devices are discovered, Windows Autopatch attempts to register these devices.
|
||||
|
||||
@ -72,8 +72,8 @@ To be eligible for Windows Autopatch management, devices must meet a minimum set
|
||||
- Windows 10 (1809+)/11 Enterprise or Professional editions (only x64 architecture).
|
||||
- Either [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) (personal devices aren't supported).
|
||||
- Managed by Microsoft Endpoint Manager.
|
||||
- [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) and/or [Configuration Manager Co-management](/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites#configuration-manager-co-management-requirements).
|
||||
- Must switch the following Microsoft Endpoint Manager-Configuration Manager [Co-management workloads](/mem/configmgr/comanage/how-to-switch-workloads) to Microsoft Endpoint Manager-Intune (either set to Pilot Intune or Intune):
|
||||
- [Already enrolled into Microsoft Intune](/mem/intune/user-help/enroll-windows-10-device) and/or [Configuration Manager co-management](/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites#configuration-manager-co-management-requirements).
|
||||
- Must switch the following Microsoft Endpoint Manager-Configuration Manager [co-management workloads](/mem/configmgr/comanage/how-to-switch-workloads) to Microsoft Endpoint Manager-Intune (either set to Pilot Intune or Intune):
|
||||
- Windows updates policies
|
||||
- Device configuration
|
||||
- Office Click-to-run
|
||||
@ -100,7 +100,7 @@ See all possible device readiness statuses in Windows Autopatch:
|
||||
|
||||
| Readiness status | Description | Device blade tab |
|
||||
| ----- | ----- | ----- |
|
||||
| Active | Devices with this status successfully passed all prerequisite checks and subsequently successfully registered with Windows Autopatch. Additionally, devices with this status successfully passed all post-device registration readiness checks. | Ready |
|
||||
| Active | Devices with this status successfully passed all prerequisite checks and then successfully registered with Windows Autopatch. Additionally, devices with this status successfully passed all post-device registration readiness checks. | Ready |
|
||||
| Readiness failed | Devices with this status haven't passed one or more post-device registration readiness checks. These devices aren't ready to have one or more software update workloads managed by Windows Autopatch. | Not ready |
|
||||
| Inactive | Devices with this status haven't communicated with Microsoft Endpoint Manager-Intune in the last 28 days. | Not ready |
|
||||
| Pre-requisites failed | Devices with this status haven't passed one or more pre-requisite checks and haven't successfully registered with Windows Autopatch | Not registered |
|
||||
@ -161,17 +161,48 @@ Windows 365 Enterprise gives IT admins the option to register devices with the W
|
||||
1. Provide a policy name and select **Join Type**. For more information, see [Device join types](/windows-365/enterprise/identity-authentication#device-join-types).
|
||||
1. Select **Next**.
|
||||
1. Choose the desired image and select **Next**.
|
||||
1. Under the **Microsoft managed services** section, select **Windows Autopatch**. Then, select **Next**. If the *Windows Autopatch (preview) cannot manage your Cloud PCs until a Global Admin has finished setting it up.* message appears, you must [enroll your tenant](../prepare/windows-autopatch-enroll-tenant.md) to continue.
|
||||
1. Under the **Microsoft managed services** section, select **Windows Autopatch**. Then, select **Next**. If the *Windows Autopatch (preview) can't manage your Cloud PCs until a Global Admin has finished setting it up.* message appears, you must [enroll your tenant](../prepare/windows-autopatch-enroll-tenant.md) to continue.
|
||||
1. Assign your policy accordingly and select **Next**.
|
||||
1. Select **Create**. Now your newly provisioned Windows 365 Enterprise Cloud PCs will automatically be enrolled and managed by Windows Autopatch.
|
||||
|
||||
For more information, see [Create a Windows 365 Provisioning Policy](/windows-365/enterprise/create-provisioning-policy).
|
||||
|
||||
### Windows Autopatch on Azure Virtual Desktop workloads
|
||||
|
||||
Windows Autopatch is available for your Azure Virtual Desktop workloads. Enterprise admins can provision their Azure Virtual Desktop workloads to be managed by Windows Autopatch using the existing [device registration process](#steps-to-register-devices).
|
||||
|
||||
Windows Autopatch provides the same scope of service with virtual machines as it does with [physical devices](#steps-to-register-devices). However, Windows Autopatch defers any Azure Virtual Desktop specific support to [Azure support](#contact-support-for-device-registration-related-incidents), unless otherwise specified.
|
||||
|
||||
#### Prerequisites
|
||||
|
||||
Windows Autopatch for Azure Virtual Desktop follows the same [prerequisites](../prepare/windows-autopatch-prerequisites.md) as Windows Autopatch, and the [Azure Virtual Desktop prerequisites](/azure/virtual-desktop/prerequisites).
|
||||
|
||||
The service supports:
|
||||
|
||||
- Personal persistent virtual machines
|
||||
|
||||
The following Azure Virtual Desktop features aren’t supported:
|
||||
|
||||
- Multi-session hosts
|
||||
- Pooled non persistent virtual machines
|
||||
- Remote app streaming
|
||||
|
||||
#### Deploy Autopatch on Azure Virtual Desktop
|
||||
|
||||
Azure Virtual Desktop workloads can be registered into Windows Autopatch by using the same method as your [physical devices](#steps-to-register-devices). For more information, see [Register your devices](#steps-to-register-devices).
|
||||
|
||||
For ease of deployment, we recommend nesting a dynamic device group in your Autopatch device registration group. The dynamic device group would target the **Name** prefix defined in your session host, but **exclude** any Multi-Session Session Hosts. For example:
|
||||
|
||||
| Group name | Dynamic membership name |
|
||||
| ----- | ----- |
|
||||
| Windows Autopatch - Host Pool Session Hosts | <ul><li>`(device.displayName -contains "AP")`</li><li>`(device.deviceOSType -ne "Windows 10 Enterprise for Virtual Desktops")`</li></ul> |
|
||||
|
||||
### Contact support for device registration-related incidents
|
||||
|
||||
Support is available either through Windows 365, or the Windows Autopatch Service Engineering team for device registration-related incidents.
|
||||
|
||||
- For Windows 365 support, see [Get support](/mem/get-support).
|
||||
- For Windows 365 support, see [Get support](/mem/get-support).
|
||||
- For Azure Virtual Desktop support, see [Get support](https://azure.microsoft.com/support/create-ticket/).
|
||||
- For Windows Autopatch support, see [Submit a support request](/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request).
|
||||
|
||||
## Device management lifecycle scenarios
|
||||
|
||||
@ -13,6 +13,8 @@ metadata:
|
||||
ms.author: tiaraquan #Required; microsoft alias of author; optional team alias.
|
||||
ms.date: 05/30/2022 #Required; mm/dd/yyyy format.
|
||||
ms.custom: intro-hub-or-landing
|
||||
ms.collection:
|
||||
- highpri
|
||||
|
||||
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
|
||||
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
title: Operating with Windows Autopatch
|
||||
description: Landing page for the operate section
|
||||
ms.date: 05/30/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Deregister a device
|
||||
description: This article explains how to deregister devices
|
||||
description: This article explains how to deregister devices
|
||||
ms.date: 06/15/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Microsoft Edge
|
||||
description: This article explains how Microsoft Edge updates are managed in Windows Autopatch
|
||||
description: This article explains how Microsoft Edge updates are managed in Windows Autopatch
|
||||
ms.date: 05/30/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Windows feature update end user experience
|
||||
description: This article explains the Windows feature update end user experience
|
||||
description: This article explains the Windows feature update end user experience
|
||||
ms.date: 07/11/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Windows feature updates
|
||||
description: This article explains how Windows feature updates are managed in Autopatch
|
||||
description: This article explains how Windows feature updates are managed in Autopatch
|
||||
ms.date: 07/11/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Maintain the Windows Autopatch environment
|
||||
description: This article details how to maintain the Windows Autopatch environment
|
||||
description: This article details how to maintain the Windows Autopatch environment
|
||||
ms.date: 07/11/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
@ -31,3 +31,18 @@ After you've completed enrollment in Windows Autopatch, some management settings
|
||||
## Windows Autopatch configurations
|
||||
|
||||
Windows Autopatch deploys, manages and maintains all configurations related to the operation of the service, as described in [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md). Don't make any changes to any of the Windows Autopatch configurations.
|
||||
|
||||
## Windows Autopatch tenant actions
|
||||
|
||||
The **Tenant management** blade can be found by navigating to Tenant administration > Windows Autopatch > **Tenant management**.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Starting October 12, 2022, Windows Autopatch will manage your tenant with our [first party enterprise applications](../references/windows-autopatch-changes-to-tenant.md#windows-autopatch-enterprise-applications). If your tenant is still using the [Windows Autopatch service accounts](../references/windows-autopatch-privacy.md#service-accounts), your Global admin must take action in the new Windows Autopatch Tenant management blade to approve the configuration change. To take action or see if you need to take action, visit the Tenant management blade in the Windows Autopatch portal.
|
||||
|
||||
The type of banner that appears depends on the severity of the action. Currently, only critical actions are listed.
|
||||
|
||||
### Tenant action severity types
|
||||
|
||||
| Severity | Description |
|
||||
| ----- | ----- |
|
||||
| Critical | You must take action as soon as possible. If no action is taken, the Windows Autopatch service may be affected. |
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Microsoft 365 Apps for enterprise
|
||||
description: This article explains how Microsoft 365 Apps for enterprise updates are managed in Windows Autopatch
|
||||
description: This article explains how Microsoft 365 Apps for enterprise updates are managed in Windows Autopatch
|
||||
ms.date: 08/08/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Submit a support request
|
||||
description: Details how to contact the Windows Autopatch Service Engineering Team and submit support requests
|
||||
description: Details how to contact the Windows Autopatch Service Engineering Team and submit support requests
|
||||
ms.date: 05/30/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Microsoft Teams
|
||||
description: This article explains how Microsoft Teams updates are managed in Windows Autopatch
|
||||
description: This article explains how Microsoft Teams updates are managed in Windows Autopatch
|
||||
ms.date: 05/30/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Unenroll your tenant
|
||||
description: This article explains what unenrollment means for your organization and what actions you must take.
|
||||
description: This article explains what unenrollment means for your organization and what actions you must take.
|
||||
ms.date: 07/27/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Software update management
|
||||
description: This article provides an overview of how updates are handled in Autopatch
|
||||
description: This article provides an overview of how updates are handled in Autopatch
|
||||
ms.date: 08/08/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: overview
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Windows quality update communications
|
||||
description: This article explains Windows quality update communications
|
||||
title: Windows quality and feature update communications
|
||||
description: This article explains Windows quality update communications
|
||||
ms.date: 05/30/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
@ -14,7 +14,7 @@ msreviewer: hathind
|
||||
|
||||
# Windows quality update communications
|
||||
|
||||
There are three categories of communication that are sent out during a Windows quality update:
|
||||
There are three categories of communication that are sent out during a Windows quality and feature update:
|
||||
|
||||
- [Standard communications](#standard-communications)
|
||||
- [Communications during release](#communications-during-release)
|
||||
@ -22,7 +22,7 @@ There are three categories of communication that are sent out during a Windows q
|
||||
|
||||
Communications are posted to Message center, Service health dashboard, and the Windows Autopatch messages section of the Microsoft Endpoint Manager admin center as appropriate for the type of communication.
|
||||
|
||||
:::image type="content" source="../media/update-communications.png" alt-text="Update communications timeline":::
|
||||
:::image type="content" source="../media/update-communications.png" alt-text="Update communications timeline" lightbox="../media/update-communications.png":::
|
||||
|
||||
## Standard communications
|
||||
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Windows quality update end user experience
|
||||
description: This article explains the Windows quality update end user experience
|
||||
description: This article explains the Windows quality update end user experience
|
||||
ms.date: 05/30/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Windows quality updates
|
||||
description: This article explains how Windows quality updates are managed in Autopatch
|
||||
description: This article explains how Windows quality updates are managed in Autopatch
|
||||
ms.date: 08/08/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Windows quality update signals
|
||||
description: This article explains the Windows quality update signals
|
||||
description: This article explains the Windows quality update signals
|
||||
ms.date: 05/30/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Windows update policies
|
||||
description: This article explains Windows update policies in Windows Autopatch
|
||||
description: This article explains Windows update policies in Windows Autopatch
|
||||
ms.date: 07/07/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,15 +1,17 @@
|
||||
---
|
||||
title: What is Windows Autopatch?
|
||||
description: Details what the service is and shortcuts to articles
|
||||
description: Details what the service is and shortcuts to articles
|
||||
ms.date: 07/11/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
ms.author: tiaraquan
|
||||
manager: dougeby
|
||||
msreviewer: hathind
|
||||
ms.collection:
|
||||
- highpri
|
||||
---
|
||||
|
||||
# What is Windows Autopatch?
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
title: Preparing for Windows Autopatch
|
||||
description: Landing page for the prepare section
|
||||
ms.date: 05/30/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Configure your network
|
||||
description: This article details the network configurations needed for Windows Autopatch
|
||||
description: This article details the network configurations needed for Windows Autopatch
|
||||
ms.date: 05/30/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Enroll your tenant
|
||||
description: This article details how to enroll your tenant
|
||||
description: This article details how to enroll your tenant
|
||||
ms.date: 07/11/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Fix issues found by the Readiness assessment tool
|
||||
description: This article details how to fix issues found by the Readiness assessment tool
|
||||
description: This article details how to fix issues found by the Readiness assessment tool
|
||||
ms.date: 05/30/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Prerequisites
|
||||
description: This article details the prerequisites needed for Windows Autopatch
|
||||
description: This article details the prerequisites needed for Windows Autopatch
|
||||
ms.date: 09/16/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
@ -24,7 +24,7 @@ Getting started with Windows Autopatch has been designed to be easy. This articl
|
||||
| Licensing | Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher) to be assigned to your users. Additionally, Azure Active Directory Premium and Microsoft Intune are required. For details about the specific service plans, see [more about licenses](#more-about-licenses).<p><p>For more information on available licenses, see [Microsoft 365 licensing](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans).<p><p>For more information about licensing terms and conditions for products and services purchased through Microsoft Commercial Volume Licensing Programs, see the [Product Terms site](https://www.microsoft.com/licensing/terms/). |
|
||||
| Connectivity | All Windows Autopatch devices require connectivity to multiple Microsoft service endpoints from the corporate network.<p><p>For the full list of required IPs and URLs, see [Configure your network](../prepare/windows-autopatch-configure-network.md). |
|
||||
| Azure Active Directory | Azure Active Directory must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Azure Active Directory Connect to enable Hybrid Azure Active Directory join.<br><ul><li>For more information, see [Azure Active Directory Connect](/azure/active-directory/hybrid/whatis-azure-ad-connect) and [Hybrid Azure Active Directory join](/azure/active-directory/devices/howto-hybrid-azure-ad-join)</li><li>For more information on supported Azure Active Directory Connect versions, see [Azure AD Connect:Version release history](/azure/active-directory/hybrid/reference-connect-version-history).</li></ul> |
|
||||
| Device management | Windows Autopatch devices must be managed by Microsoft Intune. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.<p><p>At a minimum, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see [co-management requirements for Windows Autopatch](#configuration-manager-co-management-requirements).<p>Other device management prerequisites include:<ul><li>Devices must be corporate-owned. Windows bring-your-own-devices (BYOD) are blocked during device registration prerequisite checks.</li><li>Devices must be managed by either Intune or Configuration Manager co-management. Devices only managed by Configuration Manager aren't supported.</li><li>Devices must be in communication with Microsoft Intune in the **last 28 days**. Otherwise, the devices won't be registered with Autopatch.</li><li>Devices must be connected to the internet.</li><li>Devices must have a **Serial number**, **Model** and **Manufacturer**. Device emulators that don't generate this information fail to meet **Intune or Cloud-attached** prerequisite check.</li></ul><p>See [Register your devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices) for more details on device prerequisites and on how the device registration process works.<p>For more information on co-management, see [co-management for Windows devices](/mem/configmgr/comanage/overview).</p> |
|
||||
| Device management | [Devices must be already enrolled with Microsoft Intune](/mem/intune/user-help/enroll-windows-10-device) prior to registering with Windows Autopatch. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.<p><p>At a minimum, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see [co-management requirements for Windows Autopatch](#configuration-manager-co-management-requirements).<p>Other device management prerequisites include:<ul><li>Devices must be corporate-owned. Windows bring-your-own-devices (BYOD) are blocked during device registration prerequisite checks.</li><li>Devices must be managed by either Intune or Configuration Manager co-management. Devices only managed by Configuration Manager aren't supported.</li><li>Devices must be in communication with Microsoft Intune in the **last 28 days**. Otherwise, the devices won't be registered with Autopatch.</li><li>Devices must be connected to the internet.</li><li>Devices must have a **Serial number**, **Model** and **Manufacturer**. Device emulators that don't generate this information fail to meet **Intune or Cloud-attached** prerequisite check.</li></ul><p>See [Register your devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices) for more details on device prerequisites and on how the device registration process works with Windows Autopatch.<p>For more information on co-management, see [co-management for Windows devices](/mem/configmgr/comanage/overview).</p> |
|
||||
| Data and privacy | For more information on Windows Autopatch privacy practices, see [Windows Autopatch Privacy](../references/windows-autopatch-privacy.md). |
|
||||
|
||||
## More about licenses
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Changes made at tenant enrollment
|
||||
description: This reference article details the changes made to your tenant when enrolling into Windows Autopatch
|
||||
description: This reference article details the changes made to your tenant when enrolling into Windows Autopatch
|
||||
ms.date: 08/08/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: reference
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
@ -50,7 +50,7 @@ Windows Autopatch creates an enterprise application in your tenant. This enterpr
|
||||
|
||||
| Enterprise application name | Usage | Permissions |
|
||||
| ----- | ------ | ----- |
|
||||
| Modern Workplace Management | This enterprise application is a limited first party enterprise application with elevated privileges. This account is used to manage the service, publish baseline configuration updates, and maintain overall service health. | <ul><li>DeviceManagementApps.ReadWrite.All</li><li>DeviceManagementConfiguration.ReadWrite.All</li><li>DeviceManagementManagedDevices.PriviligedOperation.All</li><li>DeviceManagementManagedDevices.ReadWrite.All</li><li>DeviceManagementRBAC.ReadWrite.All</li><li>DeviceManagementServiceConfig.ReadWrite.All</li><li>Directory.Read.All</li><li>Group.Create</li><li>Policy.Read.All</li><li>WindowsUpdates.Read.Write.All</li></ul> |
|
||||
| Modern Workplace Management | This enterprise application is a limited first party enterprise application with elevated privileges. This application is used to manage the service, publish baseline configuration updates, and maintain overall service health. | <ul><li>DeviceManagementApps.ReadWrite.All</li><li>DeviceManagementConfiguration.ReadWrite.All</li><li>DeviceManagementManagedDevices.PriviligedOperation.All</li><li>DeviceManagementManagedDevices.ReadWrite.All</li><li>DeviceManagementRBAC.ReadWrite.All</li><li>DeviceManagementServiceConfig.ReadWrite.All</li><li>Directory.Read.All</li><li>Group.Create</li><li>Policy.Read.All</li><li>WindowsUpdates.Read.Write.All</li></ul> |
|
||||
|
||||
> [!NOTE]
|
||||
> Enterprise application authentication is only available on tenants enrolled after July 9th, 2022. For tenants enrolled before this date, Enterprise Application authentication will be made available for enrollment soon.
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Microsoft 365 Apps for enterprise update policies
|
||||
description: This article explains the Microsoft 365 Apps for enterprise policies in Windows Autopatch
|
||||
description: This article explains the Microsoft 365 Apps for enterprise policies in Windows Autopatch
|
||||
ms.date: 07/11/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Windows Autopatch Preview Addendum
|
||||
description: This article explains the Autopatch preview addendum
|
||||
description: This article explains the Autopatch preview addendum
|
||||
ms.date: 05/30/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: reference
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
---
|
||||
title: Privacy
|
||||
description: This article provides details about the data platform and privacy compliance for Autopatch
|
||||
description: This article provides details about the data platform and privacy compliance for Autopatch
|
||||
ms.date: 05/30/2022
|
||||
ms.prod: w11
|
||||
ms.technology: windows
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: reference
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
@ -52,7 +52,7 @@ Windows Autopatch uses [Windows 10/11 Enhanced diagnostic data](/windows/privacy
|
||||
|
||||
The enhanced diagnostic data setting includes more detailed information about the devices enrolled in Windows Autopatch and their settings, capabilities, and device health. When enhanced diagnostic data is selected, data, including required diagnostic data, are collected. For more information, see [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection) about the Windows 10 diagnostic data setting and data collection.
|
||||
|
||||
The diagnostic data terminology will change in future versions of Windows. Windows Autopatch is committed to processing only the data that the service needs. While this will mean the diagnostic level will change to **Optional**, Windows Autopatch will implement the limited diagnostic policies to fine-tune diagnostic data collection required for the service. For more information, see [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection).
|
||||
The diagnostic data terminology will change in future versions of Windows. Windows Autopatch is committed to processing only the data that the service needs. The diagnostic level will change to **Optional**, but Windows Autopatch will implement the limited diagnostic policies to fine-tune diagnostic data collection required for the service. For more information, see [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection).
|
||||
|
||||
Windows Autopatch only processes and stores system-level data from Windows 10 optional diagnostic data that originates from enrolled devices such as application and device reliability, and performance information. Windows Autopatch doesn't process and store customers' personal data such as chat and browser history, voice, text, or speech data.
|
||||
|
||||
@ -60,13 +60,24 @@ For more information about the diagnostic data collection of Microsoft Windows 1
|
||||
|
||||
## Tenant access
|
||||
|
||||
Windows Autopatch creates and uses guest accounts leveraging just-in-time access functionality when signing into a customer tenant to manage the Windows Autopatch service. To provide additional locked down control, Windows Autopatch maintains a separate conditional access policy to restrict access to these accounts.
|
||||
Windows Autopatch creates an enterprise application in your tenant. This enterprise application is a first party application used to run the Windows Autopatch service.
|
||||
|
||||
| Enterprise application name | Usage | Permissions |
|
||||
| ----- | ----- | ----- |
|
||||
| Modern Workplace Management | This enterprise application is a limited first party enterprise application with elevated privileges. This application is used to manage the service, publish baseline configuration updates, and maintain overall service health. | <ul><li>DeviceManagementApps.ReadWrite.All</li><li>DeviceManagementConfiguration.ReadWrite.All</li><li>DeviceManagementManagedDevices.PriviligedOperation.All</li><li>DeviceManagementManagedDevices.ReadWrite.All</li><li>DeviceManagementRBAC.ReadWrite.All</li><li>DeviceManagementServiceConfig.ReadWrite.All</li><li>Directory.Read.All</li><li>Group.Create</li><li>Policy.Read.All</li><li>WindowsUpdates.Read.Write.All</li></ul>|
|
||||
|
||||
### Service accounts
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Starting October 12, 2022, Windows Autopatch will manage your tenant with our [first party enterprise application](windows-autopatch-changes-to-tenant.md#windows-autopatch-enterprise-applications). If your tenant is still using the [Windows Autopatch service accounts](windows-autopatch-privacy.md#service-accounts), you must take action. To take action or see if you need to take action, visit the [Tenant management blade](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions) in the Windows Autopatch portal.
|
||||
|
||||
Windows Autopatch creates and uses guest accounts using just-in-time access functionality when signing into a customer tenant to manage the Windows Autopatch service. To provide additional locked down control, Windows Autopatch maintains a separate conditional access policy to restrict access to these accounts.
|
||||
|
||||
| Account name | Usage | Mitigating controls |
|
||||
| ----- | ----- | -----|
|
||||
| MsAdmin@tenantDomain.onmicrosoft.com | <ul><li>This is a limited-service account with administrator privileges. This account is used as an Intune and User administrator to define and configure the tenant for Windows Autopatch devices.</li><li>This account doesn't have interactive login permissions. The account performs operations only through the service.</li></ul> | Audited sign-ins |
|
||||
| MsAdminInt@tenantDomain.onmicrosoft.com |<ul><li>This account is an Intune and User administrator account used to define and configure the tenant for Windows Autopatch devices.</li><li>This account is used for interactive login to the customer’s tenant.</li><li>The use of this account is extremely limited as most operations are exclusively through MsAdmin (non-interactive) account.</li></ul> | <ul><li>Restricted to be accessed only from defined secure access workstations (SAWs) through a conditional access policy</li><li>Audited sign-ins</li</ul> |
|
||||
| MsTest@tenantDomain.onmicrosoft.com | This is a standard account used as a validation account for initial configuration and roll out of policy, application, and device compliance settings. | Audited sign-ins |
|
||||
| MsAdmin@tenantDomain.onmicrosoft.com | <ul><li>This account is a limited-service account with administrator privileges. This account is used as an Intune and User administrator to define and configure the tenant for Windows Autopatch devices.</li><li>This account doesn't have interactive sign-in permissions. The account performs operations only through the service.</li></ul> | Audited sign-ins |
|
||||
| MsAdminInt@tenantDomain.onmicrosoft.com |<ul><li>This account is an Intune and User administrator account used to define and configure the tenant for Windows Autopatch devices.</li><li>This account is used for interactive login to the customer’s tenant.</li><li>The use of this account is limited as most operations are exclusively through MsAdmin (non-interactive) account.</li></ul> | <ul><li>Restricted to be accessed only from defined secure access workstations (SAWs) through a conditional access policy</li><li>Audited sign-ins</li</ul> |
|
||||
| MsTest@tenantDomain.onmicrosoft.com | This account is a standard account used as a validation account for initial configuration and roll out of policy, application, and device compliance settings. | Audited sign-ins |
|
||||
|
||||
## Microsoft Windows Update for Business
|
||||
|
||||
@ -90,7 +101,7 @@ Microsoft 365 Apps for enterprise collects and shares data with Windows Autopatc
|
||||
|
||||
Windows Autopatch follows a change control process as outlined in our service communication framework.
|
||||
|
||||
We notify customers through the Microsoft 365 message center, and the Windows Autopatch admin center of both security incidents and major changes to the service.
|
||||
We notify customers through the Microsoft 365 message center, and the Windows Autopatch admin center about security incidents and major changes to the service.
|
||||
|
||||
Changes to the types of data gathered and where it's stored are considered a material change. We'll provide a minimum of 30 days advanced notice of this change as it's standard practice for Microsoft 365 products and services.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user