From 7b9f34241d696b94bd8072d8dd53a354ffff15d2 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 19 Dec 2022 11:18:13 -0500 Subject: [PATCH 01/10] updates --- windows/security/TOC.yml | 10 ++++++++-- windows/security/breadcrumb/toc.yml | 3 +++ windows/security/index.yml | 13 +++++-------- 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml index 70275d478d..b1648c443a 100644 --- a/windows/security/TOC.yml +++ b/windows/security/TOC.yml @@ -306,10 +306,16 @@ items: - name: Overview href: identity.md - - name: Windows Hello for Business - href: identity-protection/hello-for-business/index.yml - name: Windows credential theft mitigation guide href: identity-protection/windows-credential-theft-mitigation-guide-abstract.md + - name: Passwordless + items: + - name: Windows Hello for Business + href: identity-protection/hello-for-business/index.yml + - name: FIDO 2 security keys + href: identity-protection/hello-for-business/index.yml + - name: Windows Local Administrator Password Solution (LAPS) + href: /windows-server/identity/laps/laps-overview?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json - name: Enterprise Certificate Pinning href: identity-protection/enterprise-certificate-pinning.md - name: Credential Guard diff --git a/windows/security/breadcrumb/toc.yml b/windows/security/breadcrumb/toc.yml index 2531ffba73..dea8f15b16 100644 --- a/windows/security/breadcrumb/toc.yml +++ b/windows/security/breadcrumb/toc.yml @@ -10,3 +10,6 @@ items: - name: Security tocHref: /windows-server/security/credentials-protection-and-management/ topicHref: /windows/security/ + - name: Security + tocHref: /windows-server/identity/laps/ + topicHref: /windows/security/ diff --git a/windows/security/index.yml b/windows/security/index.yml index 57d27d3093..2aa8f670fe 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -1,22 +1,19 @@ ### YamlMime:Landing -title: Windows security # < 60 chars -summary: Built with Zero Trust principles at the core to safeguard data and access anywhere, keeping you protected and productive. # < 160 chars +title: Windows security +summary: Built with Zero Trust principles at the core to safeguard data and access anywhere, keeping you protected and productive. metadata: - title: Windows security # Required; page title displayed in search results. Include the brand. < 60 chars. - description: Learn about Windows security # Required; article description that is displayed in search results. < 160 chars. + title: Windows security + description: Learn about Windows security technologies and how to use them to protect your data and devices. ms.topic: landing-page ms.prod: windows-client ms.technology: itpro-security ms.collection: - - m365-security-compliance - highpri - ms.custom: intro-hub-or-landing author: paolomatarazzo ms.author: paoloma - ms.date: 09/20/2021 - localization_priority: Priority + ms.date: 12/19/2022 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new From 776806e33ad6e17ef51544488a0ee6a7a6fba507 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 19 Dec 2022 16:07:36 -0500 Subject: [PATCH 02/10] updates --- windows/security/TOC.yml | 2 +- windows/security/breadcrumb/toc.yml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml index b1648c443a..d288849b94 100644 --- a/windows/security/TOC.yml +++ b/windows/security/TOC.yml @@ -313,7 +313,7 @@ - name: Windows Hello for Business href: identity-protection/hello-for-business/index.yml - name: FIDO 2 security keys - href: identity-protection/hello-for-business/index.yml + href: /azure/active-directory/authentication/howto-authentication-passwordless-security-key?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json - name: Windows Local Administrator Password Solution (LAPS) href: /windows-server/identity/laps/laps-overview?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json - name: Enterprise Certificate Pinning diff --git a/windows/security/breadcrumb/toc.yml b/windows/security/breadcrumb/toc.yml index dea8f15b16..19748bed13 100644 --- a/windows/security/breadcrumb/toc.yml +++ b/windows/security/breadcrumb/toc.yml @@ -13,3 +13,6 @@ items: - name: Security tocHref: /windows-server/identity/laps/ topicHref: /windows/security/ + - name: Security + tocHref: /azure/active-directory/authentication/ + topicHref: /windows/security/ From 96f668b6c67a7eda01b932b5a574fb6d42081a18 Mon Sep 17 00:00:00 2001 From: Rick Munck <33725928+jmunck@users.noreply.github.com> Date: Tue, 20 Dec 2022 05:54:03 -0600 Subject: [PATCH 03/10] Update security-compliance-toolkit-10.md Removed 21H1 support --- .../security-compliance-toolkit-10.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md index aecf0cfcc4..b08b62f673 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md @@ -31,7 +31,6 @@ The Security Compliance Toolkit consists of: - Windows 10 security baselines - Windows 10, version 22H2 - Windows 10, version 21H2 - - Windows 10, version 21H1 - Windows 10, version 20H2 - Windows 10, version 1809 - Windows 10, version 1607 From 617bda940779045dff13cd4f473a5c7092bbba1f Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 20 Dec 2022 07:55:10 -0500 Subject: [PATCH 04/10] updates --- windows/security/context/context.yml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 windows/security/context/context.yml diff --git a/windows/security/context/context.yml b/windows/security/context/context.yml new file mode 100644 index 0000000000..aa53a529eb --- /dev/null +++ b/windows/security/context/context.yml @@ -0,0 +1,4 @@ +### YamlMime: ContextObject +brand: windows +breadcrumb_path: ../breadcrumb/toc.yml +toc_rel: ../toc.yml \ No newline at end of file From 34626d9b38fe2ac32bbe204d51df418f35894dcf Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 20 Dec 2022 08:04:12 -0500 Subject: [PATCH 05/10] updates --- windows/security/TOC.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml index d288849b94..a197caf564 100644 --- a/windows/security/TOC.yml +++ b/windows/security/TOC.yml @@ -313,9 +313,9 @@ - name: Windows Hello for Business href: identity-protection/hello-for-business/index.yml - name: FIDO 2 security keys - href: /azure/active-directory/authentication/howto-authentication-passwordless-security-key?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json + href: /azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=/windows/security/context/context - name: Windows Local Administrator Password Solution (LAPS) - href: /windows-server/identity/laps/laps-overview?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json + href: /windows-server/identity/laps/laps-overview?context=/windows/security/context/context - name: Enterprise Certificate Pinning href: identity-protection/enterprise-certificate-pinning.md - name: Credential Guard From a57c2d18d87bfdc9545f38f71a8bab63ff550c49 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 20 Dec 2022 08:26:55 -0500 Subject: [PATCH 06/10] updates --- .openpublishing.redirection.json | 10 +++++++ .../microsoft-compatible-security-key.md | 26 ---------------- .../hello-for-business/reset-security-key.md | 30 ------------------- .../hello-for-business/webauthn-apis.md | 2 +- .../personal-data-encryption/overview-pde.md | 2 +- windows/security/security-foundations.md | 8 ++--- 6 files changed, 14 insertions(+), 64 deletions(-) delete mode 100644 windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md delete mode 100644 windows/security/identity-protection/hello-for-business/reset-security-key.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 5ac855eded..1b668dda99 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -20284,6 +20284,16 @@ "source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-preview-addendum.md", "redirect_url": "/windows/deployment/windows-autopatch/overview/windows-autopatch-overview", "redirect_document_id": true + }, + { + "source_path": "/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md", + "redirect_url": "/azure/active-directory/authentication/howto-authentication-passwordless-security-key", + "redirect_document_id": true + }, + { + "source_path": "/windows/security/identity-protection/hello-for-business/reset-security-key.md", + "redirect_url": "/azure/active-directory/authentication/howto-authentication-passwordless-security-key", + "redirect_document_id": true } ] } diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md deleted file mode 100644 index 6d5ad8dea5..0000000000 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -title: Microsoft-compatible security key -description: Learn how a Microsoft-compatible security key for Windows is different (and better) than any other FIDO2 security key. -ms.date: 11/14/2018 -appliesto: -- ✅ Windows 10 and later -ms.topic: article ---- -# What is a Microsoft-compatible security key? - -> [!Warning] -> Some information relates to pre-released product that may change before it is commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. - - -Microsoft has been aligned with the [FIDO Alliance](https://fidoalliance.org/) with a mission to replace passwords with an easy to use, strong 2FA credential. We have been working with our partners to extensively test and deliver a seamless and secure authentication experience to end users. See [FIDO2 security keys features and providers](/azure/active-directory/authentication/concept-authentication-passwordless#fido2-security-keys). - -The [FIDO2 CTAP specification](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html) contains a few optional features and extensions which are crucial to provide that seamless and secure experience. - -A security key **MUST** implement the following features and extensions from the FIDO2 CTAP protocol to be Microsoft-compatible: - -| #
| Feature / Extension trust
| Why is this required?
| -| --- | --- | --- | -| 1 | Resident key | This feature enables the security key to be portable, where your credential is stored on the security key | -| 2 | Client pin | This feature enables you to protect your credentials with a second factor and applies to security keys that do not have a user interface| -| 3 | hmac-secret | This extension ensures you can sign-in to your device when it's off-line or in airplane mode | -| 4 | Multiple accounts per RP | This feature ensures you can use the same security key across multiple services like Microsoft Account (MSA) and Azure Active Directory (AAD) | diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md deleted file mode 100644 index 366a317f73..0000000000 --- a/windows/security/identity-protection/hello-for-business/reset-security-key.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -title: Reset-security-key -description: Windows 10 and Windows 11 enables users to sign in to their device using a security key. How to reset a security key -ms.date: 11/14/2018 -appliesto: -- ✅ Windows 10 and later -ms.topic: article ---- -# How to reset a Microsoft-compatible security key? -> [!Warning] -> Some information relates to pre-released product that may change before it is commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. - ->[!IMPORTANT] ->This operation will wipe everything from your security key and reset it to factory defaults.
**All data and credentials will be cleared.** - - -A [Microsoft-compatible security key](./microsoft-compatible-security-key.md) can be reset via Settings app (Settings > Accounts > Sign-in options > Security key). -
-Follow the instructions in the Settings app and look for specific instructions based on your security key manufacturer below: - - -|Security key manufacturer
| Reset instructions
| -| --- | --- | -|Yubico | **USB:** Remove and reinsert the security key. When the LED on the security key begins flashing, touch the metal contact
**NFC:** Tap the security key on the reader
| -|Feitian | Touch the blinking fingerprint sensor twice to reset the key| -|HID | Tap the card on the reader twice to reset it | - ->[!NOTE] ->The steps to reset your security key may vary based on the security key manufacturer.
->If your security key is not listed here, please reach out to your security key manufacturer for reset instructions. diff --git a/windows/security/identity-protection/hello-for-business/webauthn-apis.md b/windows/security/identity-protection/hello-for-business/webauthn-apis.md index 534fddf6ee..42e5d338b1 100644 --- a/windows/security/identity-protection/hello-for-business/webauthn-apis.md +++ b/windows/security/identity-protection/hello-for-business/webauthn-apis.md @@ -16,7 +16,7 @@ Starting in **Windows 11, version 22H2**, WebAuthn APIs support ECC algorithms. ## What does this mean? -By using WebAuthn APIs, developer partners and the developer community can use [Windows Hello](./index.yml) or [FIDO2 Security Keys](./microsoft-compatible-security-key.md) to implement passwordless multi-factor authentication for their applications on Windows devices. +By using WebAuthn APIs, developer partners and the developer community can use [Windows Hello](./index.yml) or [FIDO2 Security Keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) to implement passwordless multi-factor authentication for their applications on Windows devices. Users of these apps or sites can use any browser that supports WebAuthn APIs for passwordless authentication. Users will have a familiar and consistent experience on Windows, no matter which browser they use. diff --git a/windows/security/information-protection/personal-data-encryption/overview-pde.md b/windows/security/information-protection/personal-data-encryption/overview-pde.md index e0da74cb1c..c5b9e5773f 100644 --- a/windows/security/information-protection/personal-data-encryption/overview-pde.md +++ b/windows/security/information-protection/personal-data-encryption/overview-pde.md @@ -33,7 +33,7 @@ ms.date: 12/13/2022 ### Not supported with PDE -- [FIDO/security key authentication](../../identity-protection/hello-for-business/microsoft-compatible-security-key.md) +- [FIDO/security key authentication](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) - [Winlogon automatic restart sign-on (ARSO)](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-) - For information on disabling ARSO via Intune, see [Disable Winlogon automatic restart sign-on (ARSO)](configure-pde-in-intune.md#disable-winlogon-automatic-restart-sign-on-arso)). - [Windows Information Protection (WIP)](../windows-information-protection/protect-enterprise-data-using-wip.md) diff --git a/windows/security/security-foundations.md b/windows/security/security-foundations.md index e03f7c9cec..ceed1cb436 100644 --- a/windows/security/security-foundations.md +++ b/windows/security/security-foundations.md @@ -3,7 +3,6 @@ title: Windows security foundations description: Get an overview of security foundations, including the security development lifecycle, common criteria, and the bug bounty program. ms.reviewer: ms.topic: article -manager: aaroncz ms.author: paoloma author: paolomatarazzo ms.prod: windows-client @@ -15,9 +14,9 @@ ms.date: 12/31/2017 Microsoft is committed to continuously invest in improving our software development process, building highly secure-by-design software, and addressing security compliance requirements. At Microsoft, we embed security and privacy considerations from the earliest life-cycle phases of all our software development processes. We build in security from the ground for powerful defense in today’s threat environment. -Our strong security foundation uses Microsoft Security Development Lifecycle (SDL) Bug Bounty, support for product security standards and certifications, and Azure Code signing. As a result, we improve security by producing software with fewer defects and vulnerabilities instead of relying on applying updates after vulnerabilities have been identified. +Our strong security foundation uses Microsoft Security Development Lifecycle (SDL) Bug Bounty, support for product security standards and certifications, and Azure Code signing. As a result, we improve security by producing software with fewer defects and vulnerabilities instead of relying on applying updates after vulnerabilities have been identified. -Use the links in the following table to learn more about the security foundations:

+Use the links in the following table to learn more about the security foundations: | Concept | Description | |:---|:---| @@ -25,6 +24,3 @@ Use the links in the following table to learn more about the security foundation | Common Criteria Certifications | Microsoft supports the Common Criteria certification program, ensures that products incorporate the features and functions required by relevant Common Criteria Protection Profiles, and completes Common Criteria certifications of Microsoft Windows products.

Learn more about [Common Criteria Certifications](threat-protection/windows-platform-common-criteria.md). | | Microsoft Security Development Lifecycle | The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. The SDL has played a critical role in embedding security and privacy in software and culture at Microsoft.

Learn more about [Microsoft SDL](threat-protection/msft-security-dev-lifecycle.md).| | Microsoft Bug Bounty Program | If you find a vulnerability in a Microsoft product, service, or device, we want to hear from you! If your vulnerability report affects a product or service that is within scope of one of our bounty programs below, you could receive a bounty award according to the program descriptions.

Learn more about the [Microsoft Bug Bounty Program](https://www.microsoft.com/en-us/msrc/bounty?rtc=1). | - - - From 28113d037231f80e5b7e470fed9e91b945a05fc1 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 20 Dec 2022 08:37:55 -0500 Subject: [PATCH 07/10] updates --- .openpublishing.redirection.json | 4 ++-- windows/security/TOC.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 1b668dda99..c54dd8a4b2 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -20286,12 +20286,12 @@ "redirect_document_id": true }, { - "source_path": "/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md", + "source_path": "windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md", "redirect_url": "/azure/active-directory/authentication/howto-authentication-passwordless-security-key", "redirect_document_id": true }, { - "source_path": "/windows/security/identity-protection/hello-for-business/reset-security-key.md", + "source_path": "windows/security/identity-protection/hello-for-business/reset-security-key.md", "redirect_url": "/azure/active-directory/authentication/howto-authentication-passwordless-security-key", "redirect_document_id": true } diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml index a197caf564..26288c8351 100644 --- a/windows/security/TOC.yml +++ b/windows/security/TOC.yml @@ -314,7 +314,7 @@ href: identity-protection/hello-for-business/index.yml - name: FIDO 2 security keys href: /azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=/windows/security/context/context - - name: Windows Local Administrator Password Solution (LAPS) + - name: Local Administrator Password Solution (LAPS) href: /windows-server/identity/laps/laps-overview?context=/windows/security/context/context - name: Enterprise Certificate Pinning href: identity-protection/enterprise-certificate-pinning.md From 61a19baa54d14423ac77e0e3ea4a1e44a244c840 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 20 Dec 2022 08:40:49 -0500 Subject: [PATCH 08/10] updates --- .openpublishing.redirection.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index c54dd8a4b2..decbbc3864 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -20288,12 +20288,12 @@ { "source_path": "windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md", "redirect_url": "/azure/active-directory/authentication/howto-authentication-passwordless-security-key", - "redirect_document_id": true + "redirect_document_id": false }, { "source_path": "windows/security/identity-protection/hello-for-business/reset-security-key.md", "redirect_url": "/azure/active-directory/authentication/howto-authentication-passwordless-security-key", - "redirect_document_id": true + "redirect_document_id": false } ] } From 928b3d82e22442824849735fb71e21e215ba17df Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 21 Dec 2022 08:27:42 -0800 Subject: [PATCH 09/10] Tweaks. --- .../operate/windows-autopatch-wqu-overview.md | 38 +++++++++++++++---- 1 file changed, 31 insertions(+), 7 deletions(-) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md index 718e1126b8..fa6ab29268 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md @@ -52,7 +52,24 @@ Windows Autopatch configures these policies differently across update rings to g :::image type="content" source="../media/release-process-timeline.png" alt-text="Release process timeline" lightbox="../media/release-process-timeline.png"::: -## Expedited releases +## Release management + +In the Release management blade, you can: + +- Track the [Windows quality update schedule](#release-schedule) for devices in the [four deployment rings](windows-autopatch-update-management.md#windows-autopatch-deployment-rings). +- [Turn off expedited Windows quality updates](#turn-off-service-driven-expedited-quality-update-releases). +- Review release announcements and knowledge based articles for regular and [Out of Band (OOB) Windows quality updates](#out-of-band-releases). + +### Release schedule + +For each [deployment ring](windows-autopatch-update-management.md#windows-autopatch-deployment-rings), the **Release schedule** tab contains: + +- The status of the update. Releases will appear as **Active**. The update schedule is based on the values of the [Windows 10 Update Ring policies](/mem/intune/protect/windows-update-for-business-configure), which have been configured on your behalf. +- The date the update is available. +- The target completion date of the update. +- In the **Release schedule** tab, you can either [**Pause** and/or **Resume**](#pausing-and-resuming-a-release) a Windows quality update release. + +### Expedited releases Threat and vulnerability information about a new revision of Windows becomes available on the second Tuesday of each month. Windows Autopatch assesses that information shortly afterwards. If the service determines that it's critical to security, it may be expedited. The quality update is also evaluated on an ongoing basis throughout the release and Windows Autopatch may choose to expedite at any time during the release. @@ -63,10 +80,12 @@ When running an expedited release, the regular goal of 95% of devices in 21 days | Standard release | Test

First

Fast

Broad | 0

1

6

9 | 0

2

2

5 | 0

2

2

2 | | Expedited release | All devices | 0 | 1 | 1 | -### Turn off service-driven expedited quality update releases +#### Turn off service-driven expedited quality update releases Windows Autopatch provides the option to turn off of service-driven expedited quality updates. +By default, the service expedites quality updates as needed. For those organizations seeking greater control, you can disable expedited quality updates for Microsoft Managed Desktop-enrolled devices using Microsoft Intune. + **To turn off service-driven expedited quality updates:** 1. Go to **[Microsoft Endpoint Manager portal](https://go.microsoft.com/fwlink/?linkid=2109431)** > **Devices**. @@ -75,9 +94,9 @@ Windows Autopatch provides the option to turn off of service-driven expedited qu > [!NOTE] > Windows Autopatch doesn't allow customers to request expedited releases. -## Out of Band releases +### Out of Band releases -Windows Autopatch schedules and deploys required Out of Band (OOB) updates released outside of the normal schedule. You can view the deployed OOB quality updates in the **Release Management** blade in the **[Microsoft Endpoint Manager portal](https://go.microsoft.com/fwlink/?linkid=2109431)**. +Windows Autopatch schedules and deploys required Out of Band (OOB) updates released outside of the normal schedule. **To view deployed Out of Band quality updates:** @@ -87,13 +106,18 @@ Windows Autopatch schedules and deploys required Out of Band (OOB) updates relea > [!NOTE] > Announcements will be **removed** from the Release announcements tab when the next quality update is released. Further, if quality updates are paused for a deployment ring, the OOB updates will also be paused. -## Pausing and resuming a release +### Pausing and resuming a release If Windows Autopatch detects a [significant issue with a release](../operate/windows-autopatch-wqu-signals.md), we may decide to pause that release. -If we pause the release, a policy will be deployed which prevents devices from updating while the issue is investigated. Once the issue is resolved, the release will be resumed. +In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Release management** > in the **Release schedule** tab, you can pause or resume a Windows quality update. -You can pause or resume a Windows quality update from the **Release management** tab in the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +There are two statuses associated with paused quality updates, **Service Paused** and **Customer Paused**. + +| Status | Description | +| ----- | ------ | +| Service Paused | If the Microsoft Managed Desktop service has paused an update, the release will have the **Service Paused** status. You must [submit a support request](windows-autopatch-support-request.md) to resume the update. | +| Customer Paused | If you've paused an update, the release will have the **Customer Paused** status. The Microsoft Managed Desktop service can't overwrite a customer-initiated pause. You must select Resume to resume the update. | ## Incidents and outages From ec035942114fd2ba5259e1913ce8a164b023edfe Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 21 Dec 2022 08:34:19 -0800 Subject: [PATCH 10/10] Tweak --- .../windows-autopatch/operate/windows-autopatch-wqu-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md index fa6ab29268..2ef4799a5e 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md @@ -117,7 +117,7 @@ There are two statuses associated with paused quality updates, **Service Paused* | Status | Description | | ----- | ------ | | Service Paused | If the Microsoft Managed Desktop service has paused an update, the release will have the **Service Paused** status. You must [submit a support request](windows-autopatch-support-request.md) to resume the update. | -| Customer Paused | If you've paused an update, the release will have the **Customer Paused** status. The Microsoft Managed Desktop service can't overwrite a customer-initiated pause. You must select Resume to resume the update. | +| Customer Paused | If you've paused an update, the release will have the **Customer Paused** status. The Microsoft Managed Desktop service can't overwrite a customer-initiated pause. You must select **Resume** to resume the update. | ## Incidents and outages