deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-21 17:57:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:MicrosoftDocs/windows-docs-pr into pm-20230222-whfb-ckt-updates

Browse Source
This commit is contained in:
Paolo Matarazzo 2023-02-22 14:31:18 -05:00
commit 6aa6318c63
11 changed files with 39 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.openpublishing.redirection.json
View File

@ -20585,6 +20585,11 @@
"redirect_url": "/windows/security",
"redirect_document_id": false
},
{
"source_path": "windows/whats-new/windows-10-insider-preview.md",
"redirect_url": "/windows/whats-new",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md",
"redirect_url": "/windows/security",

10
windows/deployment/update/deployment-service-drivers.md
View File

@ -221,7 +221,7 @@ The following truncated response displays:
## Approve driver content for deployment
Each driver update is associated with a unique [catalog entry](/graph/api/resources/windowsupdates-catalogentry). Approve content for drivers and firmware by adding a [content approval](/graph/api/resources/windowsupdates-contentapproval) for the catalog entry to an existing policy. Content approval is a [compliance change](/graph/api/resources/windowsupdates-compliance) for the policy.
Each driver update is associated with a unique [catalog entry](/graph/api/resources/windowsupdates-catalogentry). Approve content for drivers and firmware by adding a [content approval](/graph/api/resources/windowsupdates-contentapproval) for the catalog entry to an existing policy. Content approval is a [compliance change](/graph/api/resources/windowsupdates-compliancechange) for the policy.
> [!IMPORTANT]
> Any [deployment settings](/graph/api/resources/windowsupdates-deploymentsettings) configured for the content approval will be combined with the existing [update policy's](#create-an-update-policy) deployment settings. If the content approval and update policy specify the same deployment setting, the setting from the content approval is used.
@ -277,7 +277,7 @@ Review all of the compliance changes to a policy with the most recent changes li
```
> [!TIP]
> There should only be one **Compliance Change ID** per **Catalog ID** for a policy. If there are multiple **Compliance Change IDs** for the same **Catalog ID** then, most likely, there's multiple deployments for the same piece of content targeted to the same audience but with different deployment behaviors. To remove the duplicate, [delete the compliance change](/graph/api/resources/windowsupdates-compliancechange-delete) with the duplicate **Catalog ID**. Deleting the compliance change will mark any deployments created by the approval as `archived`.
> There should only be one **Compliance Change ID** per **Catalog ID** for a policy. If there are multiple **Compliance Change IDs** for the same **Catalog ID** then, most likely, there's multiple deployments for the same piece of content targeted to the same audience but with different deployment behaviors. To remove the duplicate, [delete the compliance change](/graph/api/windowsupdates-compliancechange-delete) with the duplicate **Catalog ID**. Deleting the compliance change will mark any deployments created by the approval as `archived`.
To retrieve the deployment ID, use the [expand parameter](/graph/query-parameters#expand-parameter) to review the deployment information related the content approval. The following example displays the content approval and the deployment information for **Compliance Change ID** `c03911a7-9876-5432-10ab-cdef98765432` in update **Policy ID** `9011c330-1234-5678-9abc-def012345678`:
@ -287,7 +287,7 @@ To retrieve the deployment ID, use the [expand parameter](/graph/query-parameter
### Edit deployment settings for a content approval
Since content approval is a compliance change for the policy, when you [update a content approval](/graph/api/resources/windowsupdates--contentapproval-update), you're editing the compliance change for the policy. The following example changes the `startDateTime` for the **Compliance Change ID** of `c03911a7-9876-5432-10ab-cdef98765432` in the update **Policy ID** `9011c330-1234-5678-9abc-def012345678` to February 28, 2023 at 5 AM UTC:
Since content approval is a compliance change for the policy, when you [update a content approval](/graph/api/windowsupdates-contentapproval-update), you're editing the compliance change for the policy. The following example changes the `startDateTime` for the **Compliance Change ID** of `c03911a7-9876-5432-10ab-cdef98765432` in the update **Policy ID** `9011c330-1234-5678-9abc-def012345678` to February 28, 2023 at 5 AM UTC:
```msgraph-interactive
PATCH https://graph.microsoft.com/beta/admin/windows/updates/updatePolicies/9011c330-1234-5678-9abc-def012345678/complianceChanges/c03911a7-9876-5432-10ab-cdef98765432
@ -304,11 +304,9 @@ content-type: application/json
}
```
## Revoke content approval
Approval for content can be revoked by setting the `isRevoked` property of the [compliance change](/graph/api/resources/windowsupdates-compliance) to true. This setting can be changed while a deployment is in progress. However, revoking will only prevent the content from being offered to devices if they haven't already received it. To resume offering the content, a new [approval](#approve-driver-content-for-deployment) will need to be created.
Approval for content can be revoked by setting the `isRevoked` property of the [compliance change](/graph/api/resources/windowsupdates-compliancechange) to true. This setting can be changed while a deployment is in progress. However, revoking will only prevent the content from being offered to devices if they haven't already received it. To resume offering the content, a new [approval](#approve-driver-content-for-deployment) will need to be created.
```msgraph-interactive
PATCH https://graph.microsoft.com/beta/admin/windows/updates/updatePolicies/9011c330-1234-5678-9abc-def012345678/complianceChanges/c03911a7-9876-5432-10ab-cdef98765432

2
windows/deployment/update/deployment-service-prerequisites.md
View File

@ -59,7 +59,7 @@ When you use [Windows Update for Business reports](wufb-reports-overview.md) in
## Permissions
- [Windows Update for Business deployment service](/graph/api/resources/windowsupdates) operations require [WindowsUpdates.ReadWrite.All](/graph/permissions-reference#windows-updates-permissions)
- [Windows Update for Business deployment service](/graph/api/resources/adminwindowsupdates) operations require [WindowsUpdates.ReadWrite.All](/graph/permissions-reference#windows-updates-permissions)
- Some roles, such as the [Windows Update deployment administrator](/azure/active-directory/roles/permissions-reference#windows-update-deployment-administrator), already have the permissions.
> [!NOTE]

2
windows/deployment/update/includes/wufb-deployment-graph-explorer-permissions.md
View File

@ -12,7 +12,7 @@ ms.localizationpriority: medium
The following permissions are needed for the queries listed in this article:
- [WindowsUpdates.ReadWrite.All](/graph/permissions-reference#windows-updates-permissions) for [Windows Update for Business deployment service](/graph/api/resources/windowsupdates) operations.
- [WindowsUpdates.ReadWrite.All](/graph/permissions-reference#windows-updates-permissions) for [Windows Update for Business deployment service](/graph/api/resources/adminwindowsupdates) operations.
- At least [Device.Read.All](/graph/permissions-reference#device-permissions) permission to display [device](/graph/api/resources/device) information.
Some roles, such as the [Windows Update deployment administrator](/azure/active-directory/roles/permissions-reference#windows-update-deployment-administrator), already have these permissions.

2
windows/deployment/update/includes/wufb-deployment-graph-explorer.md
View File

@ -10,7 +10,7 @@ ms.localizationpriority: medium
---
<!--This file is shared by deployment-service-drivers.md, deployment-service-expedited-updates.md, and the deployment-service-feature-updates.md articles. Headings may be driven by article context. 7512398 -->
For this article, you'll use Graph Explorer to make requests to the [Microsoft Graph APIs](/graph/api/resources/windowsupdates-updates?view=graph-rest-beta&preserve-view=true) to retrieve, add, delete, and update data. Graph Explorer is a developer tool that lets you learn about Microsoft Graph APIs. For more information about using Graph Explorer, see [Get started with Graph Explorer](/graph/graph-explorer/overview).
For this article, you'll use Graph Explorer to make requests to the [Microsoft Graph APIs](/graph/api/resources/adminwindowsupdates) to retrieve, add, delete, and update data. Graph Explorer is a developer tool that lets you learn about Microsoft Graph APIs. For more information about using Graph Explorer, see [Get started with Graph Explorer](/graph/graph-explorer/graph-explorer-overview).
> [!WARNING]
>

2
windows/deployment/update/includes/wufb-reports-recommend.md
View File

@ -12,4 +12,4 @@ ms.localizationpriority: medium
> [!Important]
> - Update Compliance is [deprecated](/windows/whats-new/deprecated-features) and is no longer accepting new onboarding requests. Update Compliance has been replaced by [Windows Update for Business reports](..\wufb-reports-overview.md). If you're currently using Update Compliance, you can continue to use it, but you can't change your `CommercialID`. Support for Update Compliance will end on March 31, 2023 when the service will be [retired](/windows/whats-new/feature-lifecycle#terminology).
> - Changes have been made to the Windows diagnostic data processor configuration. For more information, see [Windows diagnostic data processor changes](/windows/deployment/update/windows-diagnostic-data-processor-changes).
> - Changes have been made to the Windows diagnostic data processor configuration. For more information, see [Windows diagnostic data processor changes](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data).

2
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-overview.md
View File

@ -38,7 +38,7 @@ If a device is registered with Windows Autopatch, and the device is:
- On, or above the currently targeted Windows feature update version, there won't be any Windows OS upgrades to that device.
> [!IMPORTANT]
> Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use a [LTSC media](/evalcenter/evaluate-windows-10-enterprise) or the [Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager) for Windows devices that are part of the LTSC.
> Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use [LTSC media](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) or the [Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager) for Windows devices that are part of the LTSC.
## Windows feature update policy configuration

3
windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
View File

@ -42,6 +42,7 @@ This article outlines your responsibilities and Windows Autopatch's responsibili
| [Deploy and configure Windows Autopatch service configuration](../references/windows-autopatch-changes-to-tenant.md) | :x: | :heavy_check_mark: |
| Educate users on the Windows Autopatch end user update experience<ul><li>[Windows quality update end user experience](../operate/windows-autopatch-windows-quality-update-end-user-exp.md)</li><li>[Windows feature update end user experience](../operate/windows-autopatch-windows-feature-update-end-user-exp.md)</li><li>[Microsoft 365 Apps for enterprise end user experience](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#end-user-experience)</li><li>[Microsoft Teams end user experience](../operate/windows-autopatch-teams.md#end-user-experience)</li></ul> | :heavy_check_mark: | :x: |
| Remove your devices from existing unsupported [Windows update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies | :heavy_check_mark: | :x: |
| [Turn on or off expedited Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md#expedited-releases) | :heavy_check_mark: | :x: |
| [Register devices/add devices to the Windows Autopatch Device Registration group](../deploy/windows-autopatch-register-devices.md#steps-to-register-devices) | :heavy_check_mark: | :x: |
| [Run the pre-registration device readiness checks](../deploy/windows-autopatch-register-devices.md#about-the-ready-not-ready-and-not-registered-tabs) | :x: | :heavy_check_mark: |
| [Automatically assign devices to First, Fast & Broad deployment rings at device registration](../operate/windows-autopatch-update-management.md#deployment-ring-calculation-logic) | :x: | :heavy_check_mark: |
@ -83,7 +84,7 @@ This article outlines your responsibilities and Windows Autopatch's responsibili
| [Request unenrollment from Windows Autopatch](../operate/windows-autopatch-unenroll-tenant.md) | :heavy_check_mark: | :x: |
| [Remove Windows Autopatch data from the service and deregister devices](../operate/windows-autopatch-unenroll-tenant.md#microsofts-responsibilities-during-unenrollment) | :x: | :heavy_check_mark: |
| [Maintain update configuration & update devices post unenrollment from Windows Autopatch](../operate/windows-autopatch-unenroll-tenant.md#your-responsibilities-after-unenrolling-your-tenant) | :heavy_check_mark: | :x: |
| Review and respond to Message Center and Service Health Dashboard notifications<ul><li>[Windows quality and feature update communications](../operate/windows-autopatch-windows-quality-update-communications.md)</li><li>[Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li></ul> | :heavy_check_mark: | :x: |
| Review and respond to Message Center and Service Health Dashboard notifications<ul><li>[Windows quality update communications](../operate/windows-autopatch-windows-quality-update-communications.md)</li><li>[Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li></ul> | :heavy_check_mark: | :x: |
| [Highlight Windows Autopatch Tenant management alerts that require customer action](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions) | :x: | :heavy_check_mark: |
| [Review and respond to Windows Autopatch Tenant management alerts](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions) | :heavy_check_mark: | :x: |
| [Raise and respond to support requests](../operate/windows-autopatch-support-request.md) | :heavy_check_mark: | :x: |

28
windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
View File

@ -14,7 +14,7 @@ msreviewer: hathind
# Changes made at tenant enrollment
The following configuration details are provided as information to help you understand the changes made to your tenant when enrolling into the Windows Autopatch service.
The following configuration details explain the changes made to your tenant when enrolling into the Windows Autopatch service.
> [!IMPORTANT]
> The service manages and maintains the following configuration items. Don't change, edit, add to, or remove any of the configurations. Doing so might cause unintended configuration conflicts and impact the Windows Autopatch service.
@ -27,17 +27,19 @@ Windows Autopatch creates an enterprise application in your tenant. This enterpr
| Enterprise application name | Usage | Permissions |
| ----- | ------ | ----- |
| Modern Workplace Management | This enterprise application is a limited first party enterprise application with elevated privileges. This application is used to manage the service, publish baseline configuration updates, and maintain overall service health. | <ul><li>DeviceManagementApps.ReadWrite.All</li><li>DeviceManagementConfiguration.ReadWrite.All</li><li>DeviceManagementManagedDevices.PriviligedOperation.All</li><li>DeviceManagementManagedDevices.ReadWrite.All</li><li>DeviceManagementRBAC.ReadWrite.All</li><li>DeviceManagementServiceConfig.ReadWrite.All</li><li>Directory.Read.All</li><li>Group.Create</li><li>Policy.Read.All</li><li>WindowsUpdates.Read.Write.All</li></ul> |
| Modern Workplace Management | The Modern Workplace Management application:<ul><li>Manages the service</li><li>Publishes baseline configuration updates</li><li>Maintains overall service health</li></ul> | <ul><li>DeviceManagementApps.ReadWrite.All</li><li>DeviceManagementConfiguration.ReadWrite.All</li><li>DeviceManagementManagedDevices.PriviligedOperation.All</li><li>DeviceManagementManagedDevices.ReadWrite.All</li><li>DeviceManagementRBAC.ReadWrite.All</li><li>DeviceManagementServiceConfig.ReadWrite.All</li><li>Directory.Read.All</li><li>Group.Create</li><li>Policy.Read.All</li><li>WindowsUpdates.ReadWrite.All</li></ul> |
### Service principal
Windows Autopatch will create a service principal in your tenant allowing the service to establish an identity and restrict access to what resources the service has access to within the tenant. For more information, see [Application and service principal objects in Azure Active Directory](/azure/active-directory/develop/app-objects-and-service-principals#service-principal-object). The service principal created by Windows Autopatch is:
Windows Autopatch will create a service principal in your tenant to establish an identity and restrict access to what resources the service has access to within the tenant. For more information, see [Application and service principal objects in Azure Active Directory](/azure/active-directory/develop/app-objects-and-service-principals#service-principal-object). The service principal created by Windows Autopatch is:
- Modern Workplace Customer APIs
## Azure Active Directory groups
Windows Autopatch will create Azure Active Directory groups that are required to operate the service. The following groups are used for targeting Windows Autopatch configurations to devices and management of the service by our [first party enterprise applications](#windows-autopatch-enterprise-applications).
Windows Autopatch will create the required Azure Active Directory groups to operate the service.
The following groups target Windows Autopatch configurations to devices and management of the service by our [first party enterprise applications](#windows-autopatch-enterprise-applications).
| Group name | Description |
| ----- | ----- |
@ -59,8 +61,8 @@ Windows Autopatch will create Azure Active Directory groups that are required to
| Policy name | Policy description | Properties | Value |
| ----- | ----- | ----- | ----- |
| Windows Autopatch-SetMDMtoWinOverGPO | Setsmobile device management (MDM)towinoverGPO<p>Assigned to:<ul><li>ModernWorkplaceDevices-WindowsAutopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [MDM Wins Over GP](/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-MDMWinsOverGP) | The MDM policy is used and the GP policy is blocked |
| Windows Autopatch-DataCollection | AllowsdiagnosticdatafromthisdevicetobeprocessedbyMicrosoftManagedDesktop and TelemetrysettingsforWindows devices.<p>Assigned to:<ul><li>ModernWorkplaceDevices-WindowsAutopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ol><li>[Configure Telemetry Opt In Change Notification](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinchangenotification)</li><li>[Configure Telemetry Opt In Settings Ux](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux)</li><li>[Allow Telemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[Limit Enhanced Diagnostic Data Windows Analytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[Limit Dump Collection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[Limit Diagnostic Log Collection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ol>|<ol><li>Enable telemetry change notifications</li><li>Enable Telemetry opt-in Settings</li><li>Full</li><li>Enabled</li><li>Enabled</li><li>Enabled</li></ol> |
| Windows Autopatch-SetMDMtoWinOverGPO | Setsmobile device management (MDM)towinoverGPO<p>Assigned to:<ul><li>ModernWorkplaceDevices-WindowsAutopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [MDM Wins Over GP](/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-MDMWinsOverGP) | <ul><li>MDM policy is used</li><li>GP policy is blocked</li></ul> |
| Windows Autopatch-DataCollection | Windows Autopatch and Telemetry settings processes diagnosticdatafromtheWindows device.<p>Assigned to:<ul><li>ModernWorkplaceDevices-WindowsAutopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ol><li>[Configure Telemetry Opt In Change Notification](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinchangenotification)</li><li>[Configure Telemetry Opt In Settings UX](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux)</li><li>[Allow Telemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[Limit Enhanced Diagnostic Data Windows Analytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[Limit Dump Collection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[Limit Diagnostic Log Collection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ol>|<ol><li>Enable telemetry change notifications</li><li>Enable Telemetry opt-in Settings</li><li>Full</li><li>Enabled</li><li>Enabled</li><li>Enabled</li></ol> |
## Deployment rings for Windows 10 and later
@ -76,13 +78,13 @@ Windows Autopatch will create Azure Active Directory groups that are required to
| ModernWorkplaceUpdatePolicy[Fast]-[WindowsAutopatch] | WindowsUpdateforBusinessConfigurationfortheFastRing<p>Assigned to:<ul><li>ModernWorkplaceDevices-WindowsAutopatch-Fast</li></ul>|<ul><li>QualityUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesRollbackWindowInDays</li><li>BusinessReadyUpdatesOnly</li><li>AutomaticUpdateMode</li><li>InstallTime</li><li>DeadlineForFeatureUpdatesInDays</li><li>DeadlineForQualityUpdatesInDays</li><li>DeadlineGracePeriodInDays</li><li>PostponeRebootUntilAfterDeadline</li><li>DriversExcluded</li></ul>|<ul><li>6</li><li>0</li><li>30</li><li>All</li><li>WindowsDefault</li><li>3</li><li>5</li><li>2</li><li>2</li><li>False</li><li>False</li>|
| ModernWorkplaceUpdatePolicy[Broad]-[WindowsAutopatch] | WindowsUpdateforBusinessConfigurationfortheBroadRing<p>Assigned to:<ul><li>ModernWorkplaceDevices-WindowsAutopatch-Broad</li></ul>|<ul><li>QualityUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesDeferralPeriodInDays</li><li>FeatureUpdatesRollbackWindowInDays</li><li>BusinessReadyUpdatesOnly</li><li>AutomaticUpdateMode</li><li>InstallTime</li><li>DeadlineForFeatureUpdatesInDays</li><li>DeadlineForQualityUpdatesInDays</li><li>DeadlineGracePeriodInDays</li><li>PostponeRebootUntilAfterDeadline</li><li>DriversExcluded</li></ul>|<ul><li>9</li><li>0</li><li>30</li><li>All</li><li>WindowsDefault</li><li>3</li><li>5</li><li>5</li><li>2</li><li>False</li><li>False</li>|
## Feature update policies
## Windows feature update policies
- Windows Autopatch - DSS Policy [Test]
- Windows Autopatch - DSS Policy [First]
- Windows Autopatch - DSS Policy [Fast]
- Windows Autopatch - DSS Policy [Broad]
- Windows Autopatch - DSS Policy [Windows 11]
- Modern Workplace DSS Policy [Windows 11]
| Policy name | Policy description | Value |
| ----- | ----- | ----- |
@ -90,7 +92,7 @@ Windows Autopatch will create Azure Active Directory groups that are required to
| Windows Autopatch -DSSPolicy[First] | DSSpolicyforFirstdevice group | Assigned to:<ul><li>ModernWorkplaceDevices-WindowsAutopatch-First</li><li>Modern Workplace - Windows 11 Pre-Release Test Devices</li> |
| Windows Autopatch -DSSPolicy[Fast] | DSSpolicyforFastdevice group | Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ul><br>Exclude from:<ul><li>Modern Workplace - Windows 11 Pre-Release Test Devices</li></ul> |
| Windows Autopatch -Policy[Broad] | DSSpolicyforBroad devicegroup | Assigned to:<ul><li>ModernWorkplaceDevices-WindowsAutopatch-Broad</li></ul><br>Exclude from:<ul><li>ModernWorkplace-Windows11Pre-ReleaseTestDevices</li></ul>|
| ModernWorkplaceDSSPolicy[Windows11] | Windows11DSSpolicy | Assigned to:<ul><li>ModernWorkplace-Windows11Pre-ReleaseTestDevices</li></ul>|
| Modern WorkplaceDSSPolicy[Windows11] | Windows11DSSpolicy | Assigned to:<ul><li>ModernWorkplace-Windows11Pre-ReleaseTestDevices</li></ul>|
## Microsoft Office update policies
@ -103,10 +105,10 @@ Windows Autopatch will create Azure Active Directory groups that are required to
| Policy name | Policy description | Properties | Value |
| ----- | ----- | ----- | ----- |
| Windows Autopatch-OfficeConfiguration | SetsOfficeUpdateChanneltotheMonthlyEnterpriseservicingbranch.<p>Assigned to:<ol><li>ModernWorkplaceDevices-WindowsAutopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>|<ol><li>Enable Automatic Updates</li><li>Hide option to enable or disable updates</li><li>Update Channel</li><li>Channel Name (Device)</li><li>Hide Update Notifications</li><li>Update Path</li></ol> |<ol><li>Enabled</li><li>Enabled</li><li>Enabled</li><li>Monthly Enterprise Channel</li><li>Disabled</li><li>Enabled</li></ol> |
| Windows Autopatch-OfficeUpdateConfiguration[Test] | Sets theOfficeupdatedeadline<p>Assigned to:<ol><li>ModernWorkplaceDevices-WindowsAutopatch-Test</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>|<ol><li>Enabled;Days(Device) == 0 days</li></li><li>Enabled;Update Deadline(Device) == 7 days</li></ol>|
| Windows Autopatch-OfficeUpdateConfiguration[First] | Setsthe Officeupdatedeadline<p>Assigned to:<ol><li>ModernWorkplaceDevices-WindowsAutopatch-First</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol> | <ol><li>Enabled;Days(Device) == 0 days</li><li>Enabled;Update Deadline(Device) == 7 days</li></ol>|
| Windows Autopatch-OfficeUpdateConfiguration[Fast] | Setsthe Officeupdatedeadline<p>Assigned to:<ol><li>ModernWorkplaceDevices-WindowsAutopatch-Fast</li></ol>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <ol><li>Enabled;Days(Device) == 3 days</li><li>Enabled;Update Deadline(Device) == 7 days</li></ol>|
| Windows Autopatch-OfficeUpdateConfiguration[Broad] | Setsthe Officeupdatedeadline<br>Assigned to:<ol><li>ModernWorkplaceDevices-WindowsAutopatch-Broad</li>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <ol><li>Enabled;Days(Device) == 7 days</li><li>Enabled;Update Deadline(Device) == 7 days</li></ol> |
| Windows Autopatch-OfficeUpdateConfiguration[Test] | Sets theOfficeupdatedeadline<p>Assigned to:<ol><li>ModernWorkplaceDevices-WindowsAutopatch-Test</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>|<ol><li>Enabled; `Days(Device) == 0 days`</li></li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
| Windows Autopatch-OfficeUpdateConfiguration[First] | Setsthe Officeupdatedeadline<p>Assigned to:<ol><li>ModernWorkplaceDevices-WindowsAutopatch-First</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol> | <ol><li>Enabled; `Days(Device) == 0 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
| Windows Autopatch-OfficeUpdateConfiguration[Fast] | Setsthe Officeupdatedeadline<p>Assigned to:<ol><li>ModernWorkplaceDevices-WindowsAutopatch-Fast</li></ol>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <ol><li>Enabled; `Days(Device) == 3 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
| Windows Autopatch-OfficeUpdateConfiguration[Broad] | Setsthe Officeupdatedeadline<br>Assigned to:<ol><li>ModernWorkplaceDevices-WindowsAutopatch-Broad</li>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <ol><li>Enabled; `Days(Device) == 7 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol> |
## Microsoft Edge update policies

9
windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
View File

@ -1,7 +1,7 @@
---
title: What's new 2023
description: This article lists the 2023 feature releases and any corresponding Message center post numbers.
ms.date: 02/17/2023
ms.date: 02/22/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: whats-new
@ -32,6 +32,13 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
| [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) | Updated Feature update policies section with Windows Autopatch - DSS Policy [deployment ring] |
| [Register your devices](../deploy/windows-autopatch-register-devices.md) |<ul><li>Updated the [Built-in roles required for registration](../deploy/windows-autopatch-register-devices.md#built-in-roles-required-for-device-registration) section</li><li>Added more information about assigning less-privileged user accounts</li></ul> |
### February service release
| Message center post number | Description |
| ----- | ----- |
| [MC517330](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Ability to opt out of Microsoft 365 App updates |
| [MC517327](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Planned service maintenance downtime for European Union (EU) Windows Autopatch customers enrolled before November 8, 2022 |
## January 2023
### January feature releases or updates

31
windows/whats-new/windows-10-insider-preview.md
View File

@ -1,31 +0,0 @@
---
title: Documentation for Windows 10 Insider Preview (Windows 10)
description: Preliminary documentation for some Windows 10 features in Insider Preview.
ms.prod: windows-client
author: dansimp
ms.date: 04/14/2017
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.technology: itpro-fundamentals
---
# Documentation for Windows 10 Insider Preview
>[!NOTE]
> Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This section contains preliminary documentation for some enterprise features in Windows 10 Insider Preview. Information in this section may change frequently.