From 6d19c1a503aa512bb87abd40f33a3be93cbc010d Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Thu, 20 Jul 2023 10:34:39 -0700 Subject: [PATCH] Autopatch Groups, Policy Health, Windows Update Settings, and Reports GA --- .openpublishing.redirection.json | 70 ++++++++ windows/deployment/windows-autopatch/TOC.yml | 143 ++++++---------- ...-autopatch-device-registration-overview.md | 8 +- ...utopatch-groups-manage-autopatch-groups.md | 7 +- .../windows-autopatch-groups-overview.md | 10 +- .../windows-autopatch-register-devices.md | 84 ++-------- .../windows-autopatch-device-alerts.md | 7 +- ...s-manage-windows-feature-update-release.md | 7 +- ...dows-autopatch-groups-update-management.md | 15 +- ...-groups-windows-feature-update-overview.md | 9 +- ...ps-windows-feature-update-status-report.md | 11 +- ...indows-feature-update-summary-dashboard.md | 7 +- ...-windows-feature-update-trending-report.md | 7 +- ...ity-and-feature-update-reports-overview.md | 9 +- ...s-windows-quality-update-communications.md | 8 +- ...ups-windows-quality-update-end-user-exp.md | 7 +- ...-groups-windows-quality-update-overview.md | 7 +- ...h-groups-windows-quality-update-signals.md | 7 +- ...ps-windows-quality-update-status-report.md | 10 +- ...indows-quality-update-summary-dashboard.md | 7 +- ...-windows-quality-update-trending-report.md | 5 +- ...windows-autopatch-groups-windows-update.md | 10 +- ...autopatch-policy-health-and-remediation.md | 22 +-- .../windows-autopatch-update-management.md | 107 ------------ ...tch-windows-feature-update-end-user-exp.md | 85 ---------- ...topatch-windows-feature-update-overview.md | 119 -------------- ...ty-update-all-devices-historical-report.md | 43 ----- ...ndows-quality-update-all-devices-report.md | 59 ------- ...h-windows-quality-update-communications.md | 68 -------- ...date-eligible-devices-historical-report.md | 43 ----- ...tch-windows-quality-update-end-user-exp.md | 82 --------- ...te-ineligible-devices-historical-report.md | 46 ------ ...topatch-windows-quality-update-overview.md | 155 ------------------ ...windows-quality-update-reports-overview.md | 113 ------------- ...utopatch-windows-quality-update-signals.md | 62 ------- ...indows-quality-update-summary-dashboard.md | 47 ------ .../windows-autopatch-windows-update.md | 124 -------------- 37 files changed, 190 insertions(+), 1440 deletions(-) delete mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md delete mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-end-user-exp.md delete mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-overview.md delete mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-historical-report.md delete mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-report.md delete mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-communications.md delete mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-eligible-devices-historical-report.md delete mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-end-user-exp.md delete mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-ineligible-devices-historical-report.md delete mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview.md delete mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-reports-overview.md delete mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-signals.md delete mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-summary-dashboard.md delete mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-windows-update.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 5ec8592f63..cc6401ebcf 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -21954,6 +21954,76 @@ "source_path": "windows/security/security-foundations.md", "redirect_url": "/windows/security/security-foundations/index", "redirect_document_id": false + }, + { + "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md", + "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management", + "redirect_document_id": true + }, + { + "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-update.md", + "redirect_url": "/windows/security/security-foundations/windows-autopatch-groups-windows-update", + "redirect_document_id": true + }, + { + "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview.md", + "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-quality-update-overview", + "redirect_document_id": true + }, + { + "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-end-user-exp.md", + "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-end-user-exp", + "redirect_document_id": true + }, + { + "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-signals.md", + "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-signals", + "redirect_document_id": true + }, + { + "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-communications.md", + "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-communications", + "redirect_document_id": true + }, + { + "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-reports-overview.md", + "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview", + "redirect_document_id": true + }, + { + "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-summary-dashboard.md", + "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-summary-dashboard", + "redirect_document_id": true + }, + { + "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-report.md", + "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-status-report", + "redirect_document_id": true + }, + { + "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-historical-report.md", + "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-trending-report", + "redirect_document_id": true + }, + { + "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-eligible-devices-historical-report.md", + "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-ineligible-devices-historical-report.md", + "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-overview.md", + "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-overview", + "redirect_document_id": true + }, + { + "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-end-user-exp.md", + "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release", + "redirect_document_id": true } ] } diff --git a/windows/deployment/windows-autopatch/TOC.yml b/windows/deployment/windows-autopatch/TOC.yml index fe595c38ea..edc8326579 100644 --- a/windows/deployment/windows-autopatch/TOC.yml +++ b/windows/deployment/windows-autopatch/TOC.yml @@ -38,11 +38,9 @@ href: deploy/windows-autopatch-device-registration-overview.md - name: Register your devices href: deploy/windows-autopatch-register-devices.md - - name: Windows Autopatch groups experience - href: + - name: Windows Autopatch groups overview + href: deploy/windows-autopatch-groups-overview.md items: - - name: Windows Autopatch groups overview - href: deploy/windows-autopatch-groups-overview.md - name: Manage Windows Autopatch groups href: deploy/windows-autopatch-groups-manage-autopatch-groups.md - name: Post-device registration readiness checks @@ -50,98 +48,57 @@ - name: Operate href: items: - - name: Windows Autopatch groups experience - href: + - name: Software update management + href: operate/windows-autopatch-groups-update-management.md items: - - name: Software update management - href: operate/windows-autopatch-groups-update-management.md + - name: Windows updates + href: + items: + - name: Customize Windows Update settings + href: operate/windows-autopatch-groups-windows-update.md + - name: Windows quality updates + href: operate/windows-autopatch-groups-windows-quality-update-overview.md + items: + - name: Windows quality update end user experience + href: operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md + - name: Windows quality update signals + href: operate/windows-autopatch-groups-windows-quality-update-signals.md + - name: Windows quality update communications + href: operate/windows-autopatch-groups-windows-quality-update-communications.md + - name: Windows feature updates + href: operate/windows-autopatch-groups-windows-feature-update-overview.md + items: + - name: Manage Windows feature updates + href: operate/windows-autopatch-groups-manage-windows-feature-update-release.md + - name: Microsoft 365 Apps for enterprise + href: operate/windows-autopatch-microsoft-365-apps-enterprise.md + - name: Microsoft Edge + href: operate/windows-autopatch-edge.md + - name: Microsoft Teams + href: operate/windows-autopatch-teams.md + - name: Windows quality and feature update reports + href: operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md + items: + - name: Windows quality update reports + href: items: - - name: Windows updates - href: - items: - - name: Customize Windows Update settings - href: operate/windows-autopatch-groups-windows-update.md - - name: Windows quality updates - href: operate/windows-autopatch-groups-windows-quality-update-overview.md - items: - - name: Windows quality update end user experience - href: operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md - - name: Windows quality update signals - href: operate/windows-autopatch-groups-windows-quality-update-signals.md - - name: Windows quality update communications - href: operate/windows-autopatch-groups-windows-quality-update-communications.md - - name: Windows feature updates - href: operate/windows-autopatch-groups-windows-feature-update-overview.md - items: - - name: Manage Windows feature updates - href: operate/windows-autopatch-groups-manage-windows-feature-update-release.md - - name: Windows quality and feature update reports - href: operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md + - name: Summary dashboard + href: operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md + - name: Quality update status report + href: operate/windows-autopatch-groups-windows-quality-update-status-report.md + - name: Quality update trending report + href: operate/windows-autopatch-groups-windows-quality-update-trending-report.md + - name: Windows feature update reports + href: items: - - name: Windows quality update reports - href: - items: - - name: Summary dashboard - href: operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md - - name: Quality update status report - href: operate/windows-autopatch-groups-windows-quality-update-status-report.md - - name: Quality update trending report - href: operate/windows-autopatch-groups-windows-quality-update-trending-report.md - - name: Windows feature update reports - href: - items: - - name: Summary dashboard - href: operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md - - name: Feature update status report - href: operate/windows-autopatch-groups-windows-feature-update-status-report.md - - name: Feature update trending report - href: operate/windows-autopatch-groups-windows-feature-update-trending-report.md - - name: Windows quality and feature update device alerts - href: operate/windows-autopatch-device-alerts.md - - name: Classic experience - href: - items: - - name: Software update management - href: operate/windows-autopatch-update-management.md - items: - - name: Windows updates - href: - items: - - name: Customize Windows Update settings - href: operate/windows-autopatch-windows-update.md - - name: Windows quality updates - href: operate/windows-autopatch-windows-quality-update-overview.md - items: - - name: Windows quality update end user experience - href: operate/windows-autopatch-windows-quality-update-end-user-exp.md - - name: Windows quality update signals - href: operate/windows-autopatch-windows-quality-update-signals.md - - name: Windows quality update communications - href: operate/windows-autopatch-windows-quality-update-communications.md - - name: Windows quality update reports - href: operate/windows-autopatch-windows-quality-update-reports-overview.md - items: - - name: Summary dashboard - href: operate/windows-autopatch-windows-quality-update-summary-dashboard.md - - name: All devices report - href: operate/windows-autopatch-windows-quality-update-all-devices-report.md - - name: All devices report—historical - href: operate/windows-autopatch-windows-quality-update-all-devices-historical-report.md - - name: Eligible devices report—historical - href: operate/windows-autopatch-windows-quality-update-eligible-devices-historical-report.md - - name: Ineligible devices report—historical - href: operate/windows-autopatch-windows-quality-update-ineligible-devices-historical-report.md - - name: Windows feature updates - href: operate/windows-autopatch-windows-feature-update-overview.md - items: - - name: Windows feature update end user experience - href: operate/windows-autopatch-windows-feature-update-end-user-exp.md - - name: Microsoft 365 Apps for enterprise - href: operate/windows-autopatch-microsoft-365-apps-enterprise.md - - name: Microsoft Edge - href: operate/windows-autopatch-edge.md - - name: Microsoft Teams - href: operate/windows-autopatch-teams.md + - name: Summary dashboard + href: operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md + - name: Feature update status report + href: operate/windows-autopatch-groups-windows-feature-update-status-report.md + - name: Feature update trending report + href: operate/windows-autopatch-groups-windows-feature-update-trending-report.md + - name: Windows quality and feature update device alerts + href: operate/windows-autopatch-device-alerts.md - name: Policy health and remediation href: operate/windows-autopatch-policy-health-and-remediation.md - name: Maintain the Windows Autopatch environment diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md index ef153dd2bf..8119ac3cb9 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md @@ -1,7 +1,7 @@ --- title: Device registration overview description: This article provides an overview on how to register devices in Autopatch -ms.date: 06/06/2023 +ms.date: 07/25/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: conceptual @@ -26,9 +26,7 @@ The overall device registration process is as follows: :::image type="content" source="../media/windows-autopatch-device-registration-overview.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-device-registration-overview.png"::: 1. IT admin reviews [Windows Autopatch device registration prerequisites](windows-autopatch-register-devices.md#prerequisites-for-device-registration) prior to register devices with Windows Autopatch. -2. IT admin identifies devices to be managed by Windows Autopatch through either adding: - 1. The devices into the Windows Autopatch Device Registration (classic) Azure Active Directory (AD) group. - 2. Device-based Azure AD groups as part of the [Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md) or the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md). +2. IT admin identifies devices to be managed by Windows Autopatch through either adding device-based Azure AD groups as part of the [Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md) or the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md). 3. Windows Autopatch then: 1. Performs device readiness prior registration (prerequisite checks). 2. Calculates the deployment ring distribution. @@ -48,7 +46,7 @@ See the following detailed workflow diagram. The diagram covers the Windows Auto | Step | Description | | ----- | ----- | | **Step 1: Identify devices** | IT admin identifies devices to be managed by the Windows Autopatch service. | -| **Step 2: Add devices** | IT admin adds devices through Direct membership or nests other Azure AD assigned or dynamic groups into the **Windows Autopatch Device Registration** Azure AD assigned group when using the: | +| **Step 2: Add devices** | IT admin adds devices through Direct membership or nests other Azure AD assigned or dynamic groups into the **Windows Autopatch Device Registration** Azure AD assigned group when using adding existing device-based Azure AD groups while [creating](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group)/[editing](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) Custom Autopatch groups, or [editing](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) the Default Autopatch group | | **Step 3: Discover devices** | The Windows Autopatch Discover Devices function discovers devices (hourly) that were previously added by the IT admin into the **Windows Autopatch Device Registration** Azure AD assigned group or from Azure AD groups used with Autopatch groups in **step #2**. The Azure AD device ID is used by Windows Autopatch to query device attributes in both Microsoft Intune and Azure AD when registering devices into its service.
  1. Once devices are discovered from the Azure AD group, the same function gathers additional device attributes and saves it into its memory during the discovery operation. The following device attributes are gathered from Azure AD in this step:
    1. **AzureADDeviceID**
    2. **OperatingSystem**
    3. **DisplayName (Device name)**
    4. **AccountEnabled**
    5. **RegistrationDateTime**
    6. **ApproximateLastSignInDateTime**
  2. In this same step, the Windows Autopatch discover devices function calls another function, the device prerequisite check function. The device prerequisite check function evaluates software-based device-level prerequisites to comply with Windows Autopatch device readiness requirements prior to registration.
| | **Step 4: Check prerequisites** | The Windows Autopatch prerequisite function makes an Intune Graph API call to sequentially validate device readiness attributes required for the registration process. For detailed information, see the [Detailed prerequisite check workflow diagram](#detailed-prerequisite-check-workflow-diagram) section. The service checks the following device readiness attributes, and/or prerequisites:
  1. **Serial number, model, and manufacturer.**
    1. Checks if the serial number already exists in the Windows Autopatch’s managed device database.
  2. **If the device is Intune-managed or not.**
    1. Windows Autopatch looks to see **if the Azure AD device ID has an Intune device ID associated with it**.
      1. If **yes**, it means this device is enrolled into Intune.
      2. If **not**, it means the device isn't enrolled into Intune, hence it can't be managed by the Windows Autopatch service.
    2. **If the device is not managed by Intune**, the Windows Autopatch service can't gather device attributes such as operating system version, Intune enrollment date, device name and other attributes. When this happens, the Windows Autopatch service uses the Azure AD device attributes gathered and saved to its memory in **step 3a**.
      1. Once it has the device attributes gathered from Azure AD in **step 3a**, the device is flagged with the **Prerequisite failed** status, then added to the **Not registered** tab so the IT admin can review the reason(s) the device wasn't registered into Windows Autopatch. The IT admin will remediate these devices. In this case, the IT admin should check why the device wasn’t enrolled into Intune.
      2. A common reason is when the Azure AD device ID is stale, it doesn’t have an Intune device ID associated with it anymore. To remediate, [clean up any stale Azure AD device records from your tenant](windows-autopatch-register-devices.md#clean-up-dual-state-of-hybrid-azure-ad-joined-and-azure-registered-devices-in-your-azure-ad-tenant).
    3. **If the device is managed by Intune**, the Windows Autopatch prerequisite check function continues to the next prerequisite check, which evaluates whether the device has checked into Intune in the last 28 days.
  3. **If the device is a Windows device or not.**
    1. Windows Autopatch looks to see if the device is a Windows and corporate-owned device.
      1. **If yes**, it means this device can be registered with the service because it's a Windows corporate-owned device.
      2. **If not**, it means the device is a non-Windows device, or it's a Windows device but it's a personal device.
  4. **Windows Autopatch checks the Windows SKU family**. The SKU must be either:
    1. **Enterprise**
    2. **Pro**
    3. **Pro Workstation**
  5. **If the device meets the operating system requirements**, Windows Autopatch checks whether the device is either:
    1. **Only managed by Intune.**
      1. If the device is only managed by Intune, the device is marked as Passed all prerequisites.
    2. **Co-managed by both Configuration Manager and Intune.**
      1. If the device is co-managed by both Configuration Manager and Intune, an additional prerequisite check is evaluated to determine if the device satisfies the co-management-enabled workloads required by Windows Autopatch to manage devices in a co-managed state. The required co-management workloads evaluated in this step are:
        1. **Windows Updates Policies**
        2. **Device Configuration**
        3. **Office Click to Run**
      2. If Windows Autopatch determines that one of these workloads isn’t enabled on the device, the service marks the device as **Prerequisite failed** and moves the device to the **Not registered** tab.
| | **Step 5: Calculate deployment ring assignment** | Once the device passes all prerequisites described in **step #4**, Windows Autopatch starts its deployment ring assignment calculation. The following logic is used to calculate the Windows Autopatch deployment ring assignment:
  1. If the Windows Autopatch tenant’s existing managed device size is **≤ 200**, the deployment ring assignment is **First (5%)**, **Fast (15%)**, remaining devices go to the **Broad ring (80%)**.
  2. If the Windows Autopatch tenant’s existing managed device size is **>200**, the deployment ring assignment will be **First (1%)**, **Fast (9%)**, remaining devices go to the **Broad ring (90%)**.
| diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md index d4c14da227..1a0028d573 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md @@ -1,7 +1,7 @@ --- title: Manage Windows Autopatch groups description: This article explains how to manage Autopatch groups -ms.date: 06/05/2023 +ms.date: 07/25/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: how-to @@ -15,10 +15,7 @@ ms.collection: - tier1 --- -# Manage Windows Autopatch groups (public preview) - -> [!IMPORTANT] -> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.

The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.


**To opt-in to use Windows Autopatch groups:**
  1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.
  2. Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.
  3. Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).
+# Manage Windows Autopatch groups Autopatch groups help Microsoft Cloud-Managed services meet organizations where they are in their update management journey. diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md index 15829f199b..629143e92f 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md @@ -1,7 +1,7 @@ --- title: Windows Autopatch groups overview description: This article explains what Autopatch groups are -ms.date: 05/03/2023 +ms.date: 07/20/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: conceptual @@ -15,10 +15,7 @@ ms.collection: - tier1 --- -# Windows Autopatch groups overview (public preview) - -> [!IMPORTANT] -> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.

The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.


**To opt-in to use Windows Autopatch groups:**
  1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.
  2. Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.
  3. Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).
+# Windows Autopatch groups overview As organizations move to a managed-service model where Microsoft manages update processes on their behalf, they’re challenged with having the right representation of their organizational structures followed by their own deployment cadence. Windows Autopatch groups help organizations manage updates in a way that makes sense for their businesses with no extra cost or unplanned disruptions. @@ -243,9 +240,6 @@ Autopatch groups works with the following software update workloads: - [Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md) - [Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md) -> [!IMPORTANT] -> [Microsoft Edge](../operate/windows-autopatch-edge.md) and [Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md) are supported through the (classic) service-based deployment rings. Other software update workloads aren’t currently supported. - ### Maximum number of Autopatch groups Windows Autopatch supports up to 50 Autopatch groups in your tenant. You can create up to 49 [Custom Autopatch groups](#about-custom-autopatch-groups) in addition to the [Default Autopatch group](#about-the-default-autopatch-group). Each Autopatch group supports up to 15 deployment rings. diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index 3b79bc86cb..a2734bb584 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -1,7 +1,7 @@ --- title: Register your devices description: This article details how to register devices in Autopatch -ms.date: 05/01/2023 +ms.date: 07/25/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: how-to @@ -23,49 +23,21 @@ Before Microsoft can manage your devices in Windows Autopatch, you must have dev Windows Autopatch can take over software update management control of devices that meet software-based prerequisites as soon as an IT admin decides to have their tenant managed by the service. The Windows Autopatch software update management scope includes the following software update workloads: -- Windows quality updates - - [Autopatch groups experience](../operate/windows-autopatch-groups-windows-quality-update-overview.md) - - [Classic experience](../operate/windows-autopatch-windows-quality-update-overview.md) -- Windows feature updates - - [Autopatch groups experience](../operate/windows-autopatch-groups-windows-feature-update-overview.md) - - [Classic experience](../operate/windows-autopatch-windows-feature-update-overview.md) -- The following software update workloads use the Classic experience: - - [Microsoft 365 Apps for enterprise updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md) - - [Microsoft Edge updates](../operate/windows-autopatch-edge.md) - - [Microsoft Teams updates](../operate/windows-autopatch-teams.md) +- [Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md) +- [Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md) +- [Microsoft 365 Apps for enterprise updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md) +- [Microsoft Edge updates](../operate/windows-autopatch-edge.md) +- [Microsoft Teams updates](../operate/windows-autopatch-teams.md) -### About the use of an Azure AD group to register devices +### Windows Autopatch groups device registration -Windows Autopatch provides two methods of registering devices with its service, the [Classic](#classic-device-registration-method) and the Autopatch groups device registration method. - -#### Classic device registration method - -This method is intended to help organizations that don’t require the use of [Custom Autopatch groups](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups) or additional customizations to the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) to register devices. - -You must choose what devices to manage with Windows Autopatch by adding them to the **Windows Autopatch Device Registration** Azure AD assigned group. Devices can be added using the following methods: - -- Direct membership -- Nesting other Azure AD dynamic/assigned groups -- [Bulk add/import group members](/azure/active-directory/enterprise-users/groups-bulk-import-members) - -Windows Autopatch automatically runs its discover devices function every hour to discover new devices added to this group. Once new devices are discovered, Windows Autopatch attempts to register these devices. - -You can also use the **Discover devices** button in either the Registered or Not ready tab to register devices on demand. The **Discover devices** button scans for devices to be registered in the **Windows Autopatch Device Registration** or any other Azure AD group used with either the Default or Custom Autopatch groups. - -#### Windows Autopatch groups device registration method - -> [!IMPORTANT] -> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.

The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.


**To opt-in to use Windows Autopatch groups:**
  1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.
  2. Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.
  3. Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).
- -This method is intended to help organizations that require the use of [Custom Autopatch groups](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups) or additional customizations to the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group). - -When you either create/edit a Custom Autopatch group or edit the Default Autopatch group to add or remove deployment rings, the device-based Azure AD groups you use when setting up your deployment rings are scanned to see if devices need to be registered with the Windows Autopatch service. +When you either create/edit a [Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups) or edit the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) to add or remove deployment rings, the device-based Azure AD groups you use when setting up your deployment rings are scanned to see if devices need to be registered with the Windows Autopatch service. If devices aren’t registered, Autopatch groups starts the device registration process by using your existing device-based Azure AD groups instead of the Windows Autopatch Device Registration group. For more information, see [create Custom Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group) and [edit Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) to register devices using the Autopatch groups device registration method. -##### Supported scenarios when nesting other Azure AD groups +#### Supported scenarios when nesting other Azure AD groups Windows Autopatch also supports the following Azure AD nested group scenarios: @@ -74,8 +46,6 @@ Azure AD groups synced up from: - On-premises Active Directory groups (Windows Server AD) - [Configuration Manager collections](/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_aadcollsync) -The Azure AD groups apply to both the [Classic](#classic-device-registration-method) and the [Autopatch group device registration](#windows-autopatch-groups-device-registration-method) methods. - > [!WARNING] > It isn't recommended to sync Configuration Manager collections straight to the **Windows Autopatch Device Registration** Azure AD group. Use a different Azure AD group when syncing Configuration Manager collections to Azure AD groups then you can nest this or these groups into the **Windows Autopatch Device Registration** Azure AD group. @@ -95,9 +65,6 @@ It's recommended to detect and clean up stale devices in Azure AD before registe ## Prerequisites for device registration -> [!IMPORTANT] -> The following prerequisites apply to both the [Classic](#classic-device-registration-method) and the [Autopatch groups device registration](#windows-autopatch-groups-device-registration-method) methods. - To be eligible for Windows Autopatch management, devices must meet a minimum set of required software-based prerequisites: - Windows 10 (1809+)/11 Enterprise or Professional editions (only x64 architecture). @@ -122,7 +89,7 @@ For more information, see [Windows Autopatch Prerequisites](../prepare/windows-a ## About the Registered, Not ready and Not registered tabs > [!IMPORTANT] -> Devices registered through either the [Classic](#classic-device-registration-method) or the [Autopatch groups device registration method](#windows-autopatch-groups-device-registration-method) can appear in the Registered, Not ready, or Not registered tabs. When devices successfully register with the service, the devices are listed in the Registered tab. However, even if the device(s)is successfully registered, they can be part of Not ready tab. If devices fail to register, the devices are listed in the Not registered tab. +> Registered devices can appear in the Registered, Not ready, or Not registered tabs. When devices successfully register with the service, the devices are listed in the Registered tab. However, even if the device(s)is successfully registered, they can be part of Not ready tab. If devices fail to register, the devices are listed in the Not registered tab. Windows Autopatch has three tabs within its device blade. Each tab is designed to provide a different set of device readiness statuses so the IT admin knows where to go to monitor, and fix potential device health issues. @@ -171,33 +138,6 @@ Registering your devices with Windows Autopatch does the following: For more information, see [Device registration overview](../deploy/windows-autopatch-device-registration-overview.md). -## Steps to register devices using the classic method - -> [!IMPORTANT] -> For more information, see [Create Custom Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group) and [Edit Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) on how to register devices using the Autopatch groups device registration method. - -Any device (either physical or virtual) that contains an Azure AD device ID, can be added into the **Windows Autopatch Device Registration** Azure AD group through either direct membership or by being part of another Azure AD group (either dynamic or assigned) that's nested to this group, so it can be registered with Windows Autopatch. The only exception is new Windows 365 Cloud PCs, as these virtual devices should be registered with Windows Autopatch from the Windows 365 provisioning policy. - -For more information, see [Windows Autopatch on Windows 365 Enterprise Workloads](#windows-autopatch-on-windows-365-enterprise-workloads). - -Since existing Windows 365 Cloud PCs already have an existing Azure AD device ID, these devices can be added into the **Windows Autopatch Device Registration** Azure group through either direct membership or by being part of another Azure AD group (either dynamic or assigned) that's nested to this group. - -**To register devices with Windows Autopatch using the classic method:** - -1. Go to the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). -2. Select **Devices** from the left navigation menu. -3. Under the **Windows Autopatch** section, select **Devices**. -4. Select either the **Registered** or the **Not registered** tab, then select the **Windows Autopatch Device Registration** hyperlink. The Azure Active Directory group blade opens. -5. Add either devices through direct membership, or other Azure AD dynamic or assigned groups as nested groups in the **Windows Autopatch Device Registration** group. - -> [!NOTE] -> The **Windows Autopatch Device Registration** hyperlink is in the center of the Registered tab when there's no devices registered with the Windows Autopatch service. Once you have one or more devices registered with the Windows Autopatch service, the **Windows Autopatch Device registration** hyperlink is at the top of both **Registered** and **Not registered** tabs. - -Once devices or other Azure AD groups (either dynamic or assigned) containing devices are added to the **Windows Autopatch Device Registration** group, Windows Autopatch's device discovery hourly function discovers these devices, and runs software-based prerequisite checks to try to register them with its service. - -> [!TIP] -> You can also use the **Discover Devices** button in either one of the **Registered**, **Not ready**, or **Not registered** device blade tabs to discover devices from the **Windows Autopatch Device Registration** Azure AD group on demand. On demand means you don't have to wait for Windows Autopatch to discover devices from the Azure AD group on your behalf. - ### Windows Autopatch on Windows 365 Enterprise Workloads Windows 365 Enterprise gives IT admins the option to register devices with the Windows Autopatch service as part of the Windows 365 provisioning policy creation. This option provides a seamless experience for admins and users to ensure your Cloud PCs are always up to date. When IT admins decide to manage their Windows 365 Cloud PCs with Windows Autopatch, the Windows 365 provisioning policy creation process calls Windows Autopatch device registration APIs to register devices on behalf of the IT admin. @@ -224,7 +164,7 @@ For more information, see [Create a Windows 365 Provisioning Policy](/windows-36 Windows Autopatch is available for your Azure Virtual Desktop workloads. Enterprise admins can provision their Azure Virtual Desktop workloads to be managed by Windows Autopatch using the existing device registration process. -Windows Autopatch provides the same scope of service with virtual machines as it does with [physical devices](#steps-to-register-devices-using-the-classic-method). However, Windows Autopatch defers any Azure Virtual Desktop specific support to [Azure support](#contact-support-for-device-registration-related-incidents), unless otherwise specified. +Windows Autopatch provides the same scope of service with virtual machines as it does with [physical devices](#windows-autopatch-groups-device-registration). However, Windows Autopatch defers any Azure Virtual Desktop specific support to [Azure support](#contact-support-for-device-registration-related-incidents), unless otherwise specified. #### Prerequisites @@ -242,7 +182,7 @@ The following Azure Virtual Desktop features aren’t supported: #### Deploy Autopatch on Azure Virtual Desktop -Azure Virtual Desktop workloads can be registered into Windows Autopatch by using the same method as your [physical devices](#steps-to-register-devices-using-the-classic-method). +Azure Virtual Desktop workloads can be registered into Windows Autopatch by using the same method as your [physical devices](#windows-autopatch-groups-device-registration). For ease of deployment, we recommend nesting a dynamic device group in your Autopatch device registration group. The dynamic device group would target the **Name** prefix defined in your session host, but **exclude** any Multi-Session Session Hosts. For example: diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md index edfc041070..578c700b14 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md @@ -1,7 +1,7 @@ --- title: Device alerts description: Provide notifications and information about the necessary steps to keep your devices up to date. -ms.date: 05/01/2023 +ms.date: 07/25/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: how-to @@ -15,10 +15,7 @@ ms.collection: - tier1 --- -# Device alerts (public preview) - -> [!IMPORTANT] -> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.

The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.


**To opt-in to use Windows Autopatch groups:**
  1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.
  2. Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.
  3. Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).
+# Device alerts Windows Autopatch and Windows Updates use Device alerts to provide notifications and information about the necessary steps to keep your devices up to date. In Windows Autopatch reporting, every device is provided with a section for alerts. If no alerts are listed, no action is needed. Navigate to **Reports** > **Quality update status** or **Feature update status** > **Device** > select the **Device alerts** column. The provided information will help you understand: diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md index c472f2178a..78e6cb893d 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md @@ -1,7 +1,7 @@ --- title: Manage Windows feature update releases description: This article explains how you can manage Windows feature updates with Autopatch groups -ms.date: 05/05/2023 +ms.date: 07/25/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: conceptual @@ -15,10 +15,7 @@ ms.collection: - tier1 --- -# Manage Windows feature update releases: Windows Autopatch groups experience (public preview) - -> [!IMPORTANT] -> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.

The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.


**To opt-in to use Windows Autopatch groups:**
  1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.
  2. Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.
  3. Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).
+# Manage Windows feature update releases You can create custom releases for Windows feature update deployments in Windows Autopatch. diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md index 2e4435991e..af88c8b044 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md @@ -1,7 +1,7 @@ --- title: Software update management for Autopatch groups description: This article provides an overview of how updates are handled with Autopatch groups -ms.date: 05/01/2023 +ms.date: 07/25/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: overview @@ -17,21 +17,18 @@ ms.collection: # Software update management: Windows Autopatch groups experience (public preview) -> [!IMPORTANT] -> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.

The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.


**To opt-in to use Windows Autopatch groups:**
  1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.
  2. Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.
  3. Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).
- Keeping your devices up to date is a balance of speed and stability. Windows Autopatch connects all devices to a modern cloud-based infrastructure to manage updates on your behalf. ## Software update workloads | Software update workload | Description | | ----- | ----- | -| Windows quality update | Windows Autopatch uses four deployment rings to manage Windows quality updates. For more detailed information, see: