deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 13:23:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' of https://github.com/MicrosoftDocs/windows-docs-pr into wufbr-faq-7760853

Browse Source
This commit is contained in:
Meghan Stewart
2023-04-25 11:23:47 -07:00
parent ae64de7102 ba046962e7
commit 7209bebdd4
304 changed files with 4720 additions and 8093 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/deployment/TOC.yml
View File

@ -212,6 +212,8 @@
items:
- name: Windows Update for Business reports workbook
href: update/wufb-reports-workbook.md
- name: Delivery Optimization data in reports
href: update/wufb-reports-do.md
- name: Software updates in the Microsoft 365 admin center
href: update/wufb-reports-admin-center.md
- name: Use Windows Update for Business reports data

22
windows/deployment/do/includes/waas-delivery-optimization-monitor.md
View File

@ -28,8 +28,8 @@ ms.localizationpriority: medium
| TotalBytesDownloaded | The number of bytes from any source downloaded so far |
| PercentPeerCaching |The percentage of bytes downloaded from peers versus over HTTP |
| BytesFromPeers | Total bytes downloaded from peer devices (sum of bytes downloaded from LAN, Group, and Internet Peers) |
| BytesfromHTTP | Total number of bytes received over HTTP. This represents all HTTP sources, which includes BytesFromCacheServer |
| Status | Current state of the operation. Possible values are: **Downloading** (download in progress); **Complete** (download completed, but is not uploading yet); **Caching** (download completed successfully and is ready to upload or uploading); **Paused** (download/upload paused by caller) |
| BytesfromHTTP | Total number of bytes received over HTTP. This metric represents all HTTP sources, which includes BytesFromCacheServer |
| Status | Current state of the operation. Possible values are: **Downloading** (download in progress); **Complete** (download completed, but isn't uploading yet); **Caching** (download completed successfully and is ready to upload or uploading); **Paused** (download/upload paused by caller) |
| Priority | Priority of the download; values are **foreground** or **background** |
| BytesFromCacheServer | Total number of bytes received from cache server (MCC) |
| BytesFromLanPeers | Total number of bytes received from peers found on the LAN |
@ -98,9 +98,19 @@ Using the `-Verbose` option returns additional information:
- Bytes from CDN (the number of bytes received over HTTP)
- Average number of peer connections per download
**Starting in Windows 10, version 2004**, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of the connected peers.
**Starting in Windows 10, version 2004**, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo`, which returns a real-time list of potential peers per file, including which peers are successfully connected and the total bytes sent or received from each peer.
Starting in Windows 10, version 1803, `Get-DeliveryOptimizationPerfSnapThisMonth` returns data similar to that from `Get-DeliveryOptimizationPerfSnap` but limited to the current calendar month.
| Key | Value |
| --- | --- |
| IP | Peer device IP address |
| PeerType | The type of peer used (LAN/Group/Internet/LinkLocal), determined by the Delivery Optimization Service, except for the LinkLocal option, which uses the DNS-SD protocol. |
| ConnectionEstablished | True/False to indicate if peer is connected |
| BytesSent | Bytes sent to/from the peer on the current connection |
| BytesReceived | Bytes received to/from the peer on the current connection |
| UploadRateBytes | Average value of upload rates on the current connection, over the past 20 seconds |
| DownloadRateBytes | Average value of download rates on the current connection, over the past 20 seconds |
Starting in Windows 10, version 1803, `Get-DeliveryOptimizationPerfSnapThisMonth` returns data similar to data from `Get-DeliveryOptimizationPerfSnap` but limited to the current calendar month.
#### Manage the Delivery Optimization cache
@ -110,7 +120,7 @@ Starting in Windows 10, version 1803, `Get-DeliveryOptimizationPerfSnapThisMonth
`set-DeliveryOptimizationStatus -ExpireOn [date time] -FileID [FileID]` extends expiration for a single specific file in the cache.
You can now "pin" files to keep them persistent in the cache. You can only do this with files that are downloaded in modes 1, 2, or 3.
You can now "pin" files to keep them persistent in the cache, only with files that are downloaded in modes 1, 2, or 3.
`set-DeliveryOptimizationStatus -Pin [True] -File ID [FileID]` keeps a specific file in the cache such that it won't be deleted until the expiration date and time (which you set with `set-DeliveryOptimizationStatus -ExpireOn [date time] -FileID [FileID]`). The file is also excluded from the cache quota calculation.
@ -155,6 +165,6 @@ Using the `-ListConnections` option returns these details about peers:
`Get-DeliveryOptimizationLog [-Path <etl file path, supports wildcards>] [-Flush]`
If `Path` is not specified, this cmdlet reads all logs from the DoSvc log directory, which requires administrator permissions. If `Flush` is specified, the cmdlet stops DoSvc before reading logs.
If `Path` isn't specified, this cmdlet reads all logs from the DoSvc log directory, which requires administrator permissions. If `Flush` is specified, the cmdlet stops DoSvc before reading logs.
Log entries are written to the PowerShell pipeline as objects. To dump logs to a text file, run `Get-DeliveryOptimizationLog | Set-Content <output file>` or something similar.

16
windows/deployment/do/waas-delivery-optimization-faq.yml
View File

@ -1,7 +1,7 @@
### YamlMime:FAQ
metadata:
title: Delivery Optimization Frequently Asked Questions
description: The following is a list of frequently asked questions for Delivery Optimization.
description: List of frequently asked questions for Delivery Optimization.
ms.reviewer: mstewart
ms.prod: windows-client
author: cmknox
@ -12,7 +12,7 @@ metadata:
- highpri
- tier3
ms.topic: faq
ms.date: 08/04/2022
ms.date: 04/17/2023
title: Delivery Optimization Frequently Asked Questions
summary: |
**Applies to**
@ -29,7 +29,7 @@ sections:
answer: |
Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service will register and open this port on the device. The port must be set to accept inbound traffic through your firewall. If you don't allow inbound traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download by using HTTP or HTTPS traffic over port 80 (such as for default Windows Update data).
Delivery Optimization will use Teredo to create peer groups, which include devices across NATs (or any form of internal subnet that uses gateways or firewalls between subnets). For this to work, you must allow inbound TCP/IP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up.
Delivery Optimization will use Teredo to create peer groups, which include devices across NATs (or any form of internal subnet that uses gateways or firewalls between subnets). To enable this scenario, you must allow inbound TCP/IP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up.
Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80.
@ -70,7 +70,7 @@ sections:
If the connection is identified as a VPN, Delivery Optimization will suspend uploads to other peers. However, you can allow uploads over a VPN by using the [Enable Peer Caching while the device connects via VPN](../do/waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) policy.
If you have defined a boundary group in Configuration Manager for VPN IP ranges, you can set the [DownloadMode](../do/waas-delivery-optimization-reference.md#download-mode) policy to 0 for that boundary group, to ensure that there will be no peer-to-peer activity over the VPN. When the device is not connected using a VPN, it can still use peer-to-peer with the default of LAN.
If you have defined a boundary group in Configuration Manager for VPN IP ranges, you can set the [DownloadMode](../do/waas-delivery-optimization-reference.md#download-mode) policy to 0 for that boundary group, to ensure that there will be no peer-to-peer activity over the VPN. When the device isn't connected using a VPN, it can still use peer-to-peer with the default of LAN.
With split tunneling, make sure to allow direct access to these endpoints:
@ -99,3 +99,11 @@ sections:
> [!NOTE]
> If you use public IP addresses instead of private in LAN mode, the bytes downloaded from or uploaded to LAN peers with public IP addresses might be reported as coming from Internet peers.
- question: How are downloads initiated by Delivery Optimization?
answer: |
Delivery Optimization only starts when an application or service that's integrated with Delivery Optimization starts a download. For example, the Microsoft Edge browser. For more information about Delivery Optimization callers, see [Types of download content supported by Delivery Optimization](waas-delivery-optimization.md#types-of-download-content-supported-by-delivery-optimization).
- question: How does Delivery Optimization determine which content is available for peering?
answer: |
Delivery Optimization uses the cache content on the device to determine what's available for peering. For the upload source device, there's a limited number (4) of slots for cached content that's available for peering at a given time. Delivery Optimization contains logic that rotates the cached content in those slots.

2
windows/deployment/do/waas-delivery-optimization-setup.md
View File

@ -152,7 +152,7 @@ Try these steps:
4. If the number of peers is zero and **[DODownloadMode](waas-delivery-optimization-reference.md#download-mode)** is 1, ensure that both devices are using the same public IP address to reach the internet (you can easily do this by opening a browser window and do a search for “what is my IP”). In the case where devices aren't reporting the same public IP address, configure **[DODownloadMode](waas-delivery-optimization-reference.md#download-mode)** to 2 (Group) and use a custom **[DOGroupID (Guid)](waas-delivery-optimization-reference.md#group-id)**, to fix this.
> [!NOTE]
> Starting in Windows 10, version 2004, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of the connected peers.
> Starting in Windows 10, version 2004, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of potential peers per file, including which peers are successfully connected and the total bytes sent or received from each peer.
### Clients aren't able to connect to peers offered by the cloud service

3
windows/deployment/docfx.json
View File

@ -57,7 +57,8 @@
"claydetels19",
"jborsecnik",
"tiburd",
"garycentric"
"garycentric",
"beccarobins"
],
"searchScope": ["Windows 10"]
},

2
windows/deployment/update/waas-configure-wufb.md
View File

@ -221,7 +221,7 @@ The features that are turned off by default from servicing updates will be enabl
| Policy | Sets registry key under HKLM\Software |
| --- | --- |
| GPO for Windows 11, version 22H2 with [kb5022845](https://support.microsoft.com/en-us/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage end user experience > **Enable features introduced via servicing that are off by default**| \Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversInQualityUpdate |
| GPO for Windows 11, version 22H2 with [kb5022845](https://support.microsoft.com/en-us/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage end user experience > **Enable features introduced via servicing that are off by default**| \Policies\Microsoft\Windows\WindowsUpdate\AllowTemporaryEnterpriseFeatureControl |
| MDM for Windows 11, version 22H2 with [kb5022845](https://support.microsoft.com/en-us/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**[AllowTemporaryEnterpriseFeatureControl](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowtemporaryenterprisefeaturecontrol)** | \Microsoft\PolicyManager\default\Update\AllowTemporaryEnterpriseFeatureControl |

166
windows/deployment/update/wufb-reports-do.md Normal file
View File

@ -0,0 +1,166 @@
---
title: Delivery Optimization data in Windows Update for Business reports
manager: aaroncz
description: Provides information about Delivery Optimization data in Windows Update for Business reports
ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.topic: article
ms.date: 04/12/2023
ms.technology: itpro-updates
---
# Delivery Optimization data in Windows Update for Business reports
<!--7715481-->
***(Applies to: Windows 11 & Windows 10)***
[Delivery Optimization](../do/waas-delivery-optimization.md) (DO) is a Windows feature that can be used to reduce bandwidth consumption by sharing the work of downloading updates among multiple devices in your environment. You can use DO with many other deployment methods, but it's a cloud-managed solution, and access to the DO cloud services is a requirement.
Windows Update for Business reports provides Delivery Optimization information in the following places:
- The Windows Update for Business reports [workbook](wufb-reports-workbook.md)
- [UCDOAggregatedStatus](wufb-reports-schema-ucdoaggregatedstatus.md)
- [UCDOStatus](wufb-reports-schema-ucdostatus.md)
Windows Update for Business reports doesn't include Delivery Optimization data for Windows Insider devices.
## Delivery Optimization terms
Windows Update for Business reports uses the following Delivery Optimization terms:
- **Peer**: A device in the solution
- **Peering 'ON'** - Devices where DO peer-to-peer is enabled in one of the following modes:
- LAN (1)
- Group (2)
- Internet (3)
- **Peering 'OFF'**: Devices where DO peer-to-peer is disabled, set to one of the following modes:
- HTTP Only (0)
- Simple Mode (99)
- Bypass (100), deprecated in Windows 11
- **Bandwidth savings**: The percentage of bandwidth that was downloaded from alternate sources (Peers or Microsoft Connected Cache (MCC) out of the total amount of data downloaded.
- If bandwidth savings are <= 60%, a *Warning* icon is displayed
- When bandwidth savings are <10%, an *Error* icon is displayed.
- **Configurations**: Based on the DownloadMode configuration set via MDM, Group Policy, or end-user via the user interface.
- **P2P Device Count**: The device count is determined by the number of devices configured to use peering.
- **Microsoft Connected Cache (MCC)**: Microsoft Connected Cache is a software-only caching solution that delivers Microsoft content. For more information, see [Microsoft Connected Cache overview](../do/waas-microsoft-connected-cache.md).
- **MCC Device Count**: The device count is determined by the number of devices that have received bytes from the cache server, for supported content types.
- **Total # of Devices**: The total number of devices with activity in last 28 days.
- **LAN Bytes**: Bytes delivered from LAN peers.
- **Group Bytes**: Bytes from Group peers. If a device is using Group DownloadMode, Delivery Optimization will first look for peers on the LAN and then in the Group. Therefore, if bytes are delivered from LAN peers, they'll be calculated in 'LAN Bytes'.
- **CDN Bytes**: Bytes delivered from Content Delivery Network (CDN).
- **City**: City is determined based on the location of the device where the maximum amount of data is downloaded.
- **Country**: Country is determined based on the location of the device where the maximum amount of data is downloaded.
- **ISP**: ISP is determined based on the ISP delivering the maximum bytes to the device.
## Calculations for Delivery Optimization
There are several calculated values that appear on the Delivery Optimization report. Listed below each calculation is the table that's used for it:
**Efficiency (%) Calculations**:
- Bandwidth Savings (BW SAV%) = 100 * (BytesFromPeers + BytesFromGroupPeers + BytesFromCache) /
(BytesFromPeers + BytesFromGroupPeers+BytesFromCDN + BytesFromCache)
- [UCDOAggregatedStatus](wufb-reports-schema-ucdostatus.md) table
- % P2P Efficiency = 100 * (BytesFromPeers + BytesFromGroupPeers) / (BytesFromPeers + BytesFromGroupPeers+BytesFromCDN+BytesFromCache)
- [UCDOStatus](wufb-reports-schema-ucdostatus.md) table
- % MCC Efficiency = 100 * BytesFromCache / (BytesFromPeers + BytesFromGroupPeers+BytesFromCDN+BytesFromCache)
- [UCDOStatus](wufb-reports-schema-ucdostatus.md) table
**Bytes Calculations**:
- TotalBytes = BytesFromCDN + BytesFromEnterpriseCache + BytesFromPeers + BytesFromGroupPeers
- [UCDOAggregatedStatus](wufb-reports-schema-ucdostatus.md) table
- BytesFromCDN = BytesFromCDN
- [UCDOAggregatedStatus](wufb-reports-schema-ucdostatus.md) table
- BytesFromPeers = BytesFromLAN
- [UCDOAggregatedStatus](wufb-reports-schema-ucdoaggregatedstatus.md) table
- BytesFromGroupPeers = BytesFromGroupPeers
- [UCDOAggregatedStatus](wufb-reports-schema-ucdoaggregatedstatus.md) table
- BytesFromCache = BytesFromCache
- [UCDOAggregatedStatus](wufb-reports-schema-ucdoaggregatedstatus.md) table
**Volume Calculations**:
- Volume by P2P = BytesFromPeers + BytesFromGroupPeers
- [UCDOStatus](wufb-reports-schema-ucdostatus.md) table
- Volume by MCC = BytesFromCache
- [UCDOStatus](wufb-reports-schema-ucdostatus.md) table
- Volume by CDN = BytesFrom CDN
- [UCDOStatus](wufb-reports-schema-ucdostatus.md) table
## Mapping GroupID
In the **Efficiency By Group** subsection, the **GroupID** is displayed as an encoded SHA256 hash. You can create a mapping of decoded to encoded GroupIDs using the following PowerShell example:
```powershell
$text = "<myEncodedGroupID>" ;
$hashObj = [System.Security.Cryptography.HashAlgorithm]::Create('sha256') ; $dig = $hashObj.ComputeHash([System.Text.Encoding]::Unicode.GetBytes($text)) ; $digB64 = [System.Convert]::ToBase64String($dig) ; Write-Host "$text ==> $digB64"
```
In addition, you can see both the encoded and decoded GroupIDs in the Delivery Optimization logs.
```powershell
Get-DeliveryOptimizationLog -Flush | Set-Content C:\dosvc.log
```
The below two lines are together in verbose logs:
```text
2023-02-15T12:33:11.3811337Z 1514 1F4 {CGlobalConfigManager::GetGroupId} Using groupID = **<myEncodedGroupId>**
2023-02-15T12:33:11.3811432Z 1514 1F4 {CGlobalConfigManager::GetGroupId} Hashed groupID = **<myDecodedGroupId>**
```
## Sample queries
You can use the data in [UCDOAggregatedStatus](wufb-reports-schema-ucdoaggregatedstatus.md)
and [UCDOStatus](wufb-reports-schema-ucdostatus.md) to create your own queries. Create your custom queries using [Kusto Query Language (KQL)](/azure/data-explorer/kusto/query/), but note that Windows Update for Business reports uses Azure Monitor, so some operators aren't supported. The KQL documentation specifies which operators aren't supported by Azure Monitor or if they have different functionality. For more information about KQL in Azure Monitor, see [Log queries in Azure Monitor](/azure/azure-monitor/logs/log-query-overview). The following queries are examples of how you can use the data:
### Example UCDOAggregatedStatus table query
The following query is used to display the total bandwidth savings % value:
```kusto
UCDOAggregatedStatus| where TimeGenerated == _SnapshotTime
| extend LocalSourceBytes = BytesFromCache + BytesFromGroupPeers + BytesFromPeers
| summarize LocalSources_BWSAV = round((sum(0.0 + LocalSourceBytes)/ sum(LocalSourceBytes+BytesFromCDN)) * 100.0 ,2)
| extend Title = "BW SAV%" , SubTitle = "Local Sources"
```
### Example UCDOStatus table query
The following query is used to display the Top 10 GroupIDs:
```kusto
UCDOStatus | where TimeGenerated == _SnapshotTime
| summarize sum(BytesFromCDN) , sum(BytesFromGroupPeers) , sum(BytesFromPeers) , sum(BytesFromCache) ,
DeviceCount = count_distinct(GlobalDeviceId) by GroupID | top 10 by DeviceCount desc
| extend TotalBytes = (sum_BytesFromPeers + sum_BytesFromGroupPeers+sum_BytesFromCDN+sum_BytesFromCache)
| extend P2PPercentage = ((0.0 + sum_BytesFromPeers + sum_BytesFromGroupPeers)/TotalBytes ) * 100.0
| extend MCCPercentage = ((0.0 + sum_BytesFromCache)/ TotalBytes) * 100.0 ,
VolumeBytesFromPeers = sum_BytesFromPeers + sum_BytesFromGroupPeers
| extend VolumeBytesFromMCC = sum_BytesFromCache , VolumeByCDN = sum_BytesFromCDN
| project GroupID , P2PPercentage , MCCPercentage , VolumeBytesFromPeers , VolumeBytesFromMCC ,VolumeByCDN , DeviceCount
```
## Frequency Asked Questions
- **What time period does the Delivery Optimization data include?**
Data is generated/aggregated for the last 28 days for active devices.
- **Data is showing as 'Unknown', what does that mean?**
You may see data in the report listed as 'Unknown'. This status indicates that the Delivery Optimization DownloadMode setting is either invalid or empty.
- **How are the 'Top 10' groups identified?**
The top groups are represented by the number of devices in a particular group, for any of the four group types (GroupID, City, Country, and ISP).
- **The GroupIDs don't look familiar, why are they different?**
The GroupID values are encoded for data protection telemetry requirements. You can find more information in the 'Mapping GroupIDs' section above.
- **How can I see data for device in the office vs. out of the office?**
Today, we don't have a distinction for data that was downloaded by location.
- **What does the data in UCDOStatus table represent?**
A row in UCDOStatus represents data downloaded by a combination of a single device ID (AzureADDeviceId) by content type (ContentType).
- **What does the data in UCDOAggregatedStatus table represent?**
A row in UCDOAggregatedStatus represents data summarized at the tenant level (AzureADTenantID) for each content type (ContentType).

5
windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
View File

@ -6,7 +6,7 @@ ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.topic: reference
ms.date: 06/06/2022
ms.date: 04/24/2023
ms.technology: itpro-updates
---
@ -37,7 +37,7 @@ Update Event that combines the latest client-based data with the latest service-
| **SourceSystem** | [string](/azure/kusto/query/scalar-data-types/string)| `Azure`| |
| **TargetBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `10.0.18363.836` | The full build of the content this DeviceUpdateEvent is tracking. For Windows 10 updates, this value would correspond to the full build (10.0.14393.385). |
| **TargetBuildNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `18363` | Integer of the Major portion of Build. |
| **TargetKBNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `4524570` | KB Article. |
| **TargetKBNumber** | [string](/azure/kusto/query/scalar-data-types/string) | `KB4524570` | KB Article. |
| **TargetRevisionNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `836` | Integer or the minor (or revision) portion of the build. |
| **TargetVersion** | [int](/azure/kusto/query/scalar-data-types/int) | `1909` | The target operating system version, such as 1909. |
| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. |
@ -50,3 +50,4 @@ Update Event that combines the latest client-based data with the latest service-
| **UpdateManufacturer** | [string](/azure/kusto/query/scalar-data-types/string) | `Microsoft` | Manufacturer of update. Microsoft for feature or quality updates, for drivers the name of driver manufacturer. |
| **UpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the update |
| **UpdateSource** | [string](/azure/kusto/query/scalar-data-types/string) | `UUP` | The source of the update such as UUP, MUv6, Media |

4
windows/deployment/update/wufb-reports-workbook.md
View File

@ -6,7 +6,7 @@ ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.topic: article
ms.date: 11/15/2022
ms.date: 04/12/2023
ms.technology: itpro-updates
---
@ -173,7 +173,7 @@ The **Device status** group for driver updates contains the following items:
## <a name="bkmk_do"></a> Delivery Optimization
The **Delivery Optimization** tab provides a summarized view of bandwidth efficiencies. This new revised report also includes [Microsoft Connected Cache](/windows/deployment/do/waas-microsoft-connected-cache) information.
The **Delivery Optimization** tab provides a summarized view of bandwidth efficiencies. This new revised report also includes [Microsoft Connected Cache](/windows/deployment/do/waas-microsoft-connected-cache) information. For more information, see [Delivery Optimization data in Windows Update for Business reports](/windows/deployment/update/waas-delivery-optimization).
At the top of the report, tiles display the following information:

2
windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
View File

@ -48,7 +48,7 @@ See the following detailed workflow diagram. The diagram covers the Windows Auto
| **Step 4: Check prerequisites** | The Windows Autopatch prerequisite function makes an Intune Graph API call to sequentially validate device readiness attributes required for the registration process. For detailed information, see the [Detailed prerequisite check workflow diagram](#detailed-prerequisite-check-workflow-diagram) section. The service checks the following device readiness attributes, and/or prerequisites:<ol><li>**Serial number, model, and manufacturer.**</li><ol><li>Checks if the serial number already exists in the Windows Autopatchs managed device database.</li></ol><li>**If the device is Intune-managed or not.**</li><ol><li>Windows Autopatch looks to see **if the Azure AD device ID has an Intune device ID associated with it**.</li><ol><li>If **yes**, it means this device is enrolled into Intune.</li><li>If **not**, it means the device isn't enrolled into Intune, hence it can't be managed by the Windows Autopatch service.</li></ol><li>**If the device is not managed by Intune**, the Windows Autopatch service can't gather device attributes such as operating system version, Intune enrollment date, device name and other attributes. When this happens, the Windows Autopatch service uses the Azure AD device attributes gathered and saved to its memory in **step 3a**.</li><ol><li>Once it has the device attributes gathered from Azure AD in **step 3a**, the device is flagged with the **Prerequisite failed** status, then added to the **Not registered** tab so the IT admin can review the reason(s) the device wasn't registered into Windows Autopatch. The IT admin will remediate these devices. In this case, the IT admin should check why the device wasnt enrolled into Intune.</li><li>A common reason is when the Azure AD device ID is stale, it doesnt have an Intune device ID associated with it anymore. To remediate, [clean up any stale Azure AD device records from your tenant](windows-autopatch-register-devices.md#clean-up-dual-state-of-hybrid-azure-ad-joined-and-azure-registered-devices-in-your-azure-ad-tenant).</li></ol><li>**If the device is managed by Intune**, the Windows Autopatch prerequisite check function continues to the next prerequisite check, which evaluates whether the device has checked into Intune in the last 28 days.</li></ol><li>**If the device is a Windows device or not.**</li><ol><li>Windows Autopatch looks to see if the device is a Windows and corporate-owned device.</li><ol><li>**If yes**, it means this device can be registered with the service because it's a Windows corporate-owned device.</li><li>**If not**, it means the device is a non-Windows device, or it's a Windows device but it's a personal device.</li></ol></ol><li>**Windows Autopatch checks the Windows SKU family**. The SKU must be either:</li><ol><li>**Enterprise**</li><li>**Pro**</li><li>**Pro Workstation**</li></ol><li>**If the device meets the operating system requirements**, Windows Autopatch checks whether the device is either:</li><ol><li>**Only managed by Intune.**</li><ol><li>If the device is only managed by Intune, the device is marked as Passed all prerequisites.</li></ol><li>**Co-managed by both Configuration Manager and Intune.**</li><ol><li>If the device is co-managed by both Configuration Manager and Intune, an additional prerequisite check is evaluated to determine if the device satisfies the co-management-enabled workloads required by Windows Autopatch to manage devices in a co-managed state. The required co-management workloads evaluated in this step are:</li><ol><li>**Windows Updates Policies**</li><li>**Device Configuration**</li><li>**Office Click to Run**</li></ol><li>If Windows Autopatch determines that one of these workloads isnt enabled on the device, the service marks the device as **Prerequisite failed** and moves the device to the **Not registered** tab.</li></ol></ol></ol>|
| **Step 5: Calculate deployment ring assignment** | Once the device passes all prerequisites described in **step #4**, Windows Autopatch starts its deployment ring assignment calculation. The following logic is used to calculate the Windows Autopatch deployment ring assignment:<ol><li>If the Windows Autopatch tenants existing managed device size is **≤ 200**, the deployment ring assignment is **First (5%)**, **Fast (15%)**, remaining devices go to the **Broad ring (80%)**.</li><li>If the Windows Autopatch tenants existing managed device size is **>200**, the deployment ring assignment will be **First (1%)**, **Fast (9%)**, remaining devices go to the **Broad ring (90%)**.</li></ol> |
| **Step 6: Assign devices to a deployment ring group** | Once the deployment ring calculation is done, Windows Autopatch assigns devices to one of the following deployment ring groups:<ol><li>**Modern Workplace Devices-Windows Autopatch-First**</li><ol><li>The Windows Autopatch device registration process doesnt automatically assign devices to the Test ring represented by the Azure AD group (Modern Workplace Devices-Windows Autopatch-Test). Its important that you assign devices to the Test ring to validate the update deployments before the updates are deployed to a broader population of devices.</li></ol><li>**Modern Workplace Devices-Windows Autopatch-Fast**</li><li>**Modern Workplace Devices-Windows Autopatch-Broad**</li></ol> |
| **Step 7: Assign devices to an Azure AD group** | Windows Autopatch also assigns devices to the following Azure AD groups when certain conditions apply:<ol><li>**Modern Workplace Devices - All**</li><ol><li>This group has all devices managed by Windows Autopatch.</li></ol><li>When registering **Windows 10 devices**, use **Modern Workplace Devices Dynamic - Windows 10**</li><ol><li>This group has all devices managed by Windows Autopatch and that have Windows 10 installed.</li></ol><li>When registering **Windows 11 devices**, use **Modern Workplace Devices Dynamic - Windows 11**</li><ol><li>This group has all devices managed by Windows Autopatch and that have Windows 11 installed.</li></ol><li>When registering **virtual devices**, use **Modern Workplace Devices - Virtual Machine**</li><ol><li>This group has all virtual devices managed by Windows Autopatch.</li></ol> |
| **Step 7: Assign devices to an Azure AD group** | Windows Autopatch also assigns devices to the following Azure AD groups when certain conditions apply:<ol><li>**Modern Workplace Devices - All**</li><ol><li>This group has all devices managed by Windows Autopatch.</li></ol><li>**Modern Workplace Devices - Virtual Machine**</li><ol><li>This group has all **virtual devices** managed by Windows Autopatch.</li></ol> |
| **Step 8: Post-device registration** | In post-device registration, three actions occur:<ol><li>Windows Autopatch adds devices to its managed database.</li><li>Flags devices as **Active** in the **Ready** tab.</li><li>The Azure AD device ID of the device successfully registered is added into the Microsoft Cloud Managed Desktop Extensions allowlist. Windows Autopatch installs the Microsoft Cloud Managed Desktop Extension agent once devices are registered, so the agent can communicate back to the Microsoft Cloud Managed Desktop Extension service.</li><ol><li>The agent is the **Modern Workplace - Autopatch Client setup** PowerShell script that was created during the Windows Autopatch tenant enrollment process. The script is executed once devices are successfully registered into the Windows Autopatch service.</li></ol> |
| **Step 9: Review device registration status** | IT admins review the device registration status in both the **Ready** and **Not registered** tabs.<ol><li>If the device was **successfully registered**, the device shows up in the **Ready** tab.</li><li>If **not**, the device shows up in the **Not registered** tab.</li></ol> |
| **Step 10: End of registration workflow** | This is the end of the Windows Autopatch device registration workflow. |

6
windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
View File

@ -1,7 +1,7 @@
---
title: Register your devices
description: This article details how to register devices in Autopatch
ms.date: 02/03/2023
ms.date: 04/24/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: how-to
@ -83,8 +83,8 @@ To be eligible for Windows Autopatch management, devices must meet a minimum set
> [!NOTE]
> Windows Autopatch doesn't support device emulators that don't generate the serial number, model and manufacturer information. Devices that use a non-supported device emulator fail the **Intune or Cloud-Attached** prerequisite check. Additionally, devices with duplicated serial numbers will fail to register with Windows Autopatch.
> [!NOTE]
> Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Additionally, Windows Autopatch can only manage Windows quality updates for devices that haven't reached the LTSC's [end of servicing date](/windows/release-health/release-information#enterprise-and-iot-enterprise-ltsbltsc-editions).
> [!IMPORTANT]
> Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use [LTSC media](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) or the [Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager) for Windows devices that are part of the LTSC.
For more information, see [Windows Autopatch Prerequisites](../prepare/windows-autopatch-prerequisites.md).

3
windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md
View File

@ -39,9 +39,6 @@ If you have a **Premier** or **Unified** support contract, when you submit a new
Depending on your support contract, the following severity options are available:
> [!NOTE]
> Selecting either severity **A** or **Critical** issue limits you to a phone support case. This is the fastest support option.
| Support contract | Severity options |
| ----- | ----- |
| Premier | Severity A, B or C |

6
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview.md
View File

@ -1,7 +1,7 @@
---
title: Windows quality updates
description: This article explains how Windows quality updates are managed in Autopatch
ms.date: 02/17/2023
ms.date: 04/24/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: conceptual
@ -33,8 +33,8 @@ For a device to be eligible for Windows quality updates as a part of Windows Aut
| Mobile device management (MDM) policy conflict | Devices must not have deployed any policies that would prevent device management. For more information, see [Conflicting and unsupported policies](../references/windows-autopatch-windows-update-unsupported-policies.md). |
| Group policy conflict | Devices must not have group policies deployed which would prevent device management. For more information, see [Group policy](../references/windows-autopatch-windows-update-unsupported-policies.md#group-policy-and-other-policy-managers) |
> [!NOTE]
> Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Additionally, Windows Autopatch can only manage Windows quality updates for devices that haven't reached the LTSC's [end of servicing date](/windows/release-health/release-information#enterprise-and-iot-enterprise-ltsbltsc-editions).
> [!IMPORTANT]
> Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use [LTSC media](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) or the [Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager) for Windows devices that are part of the LTSC.
## Windows quality update releases

6
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-update.md
View File

@ -53,9 +53,11 @@ However, if an update has already started for a particular deployment ring, Wind
#### Scheduled install
> [!NOTE]
> This feature isn't suitable for business critical workloads because Windows Autopatch cannot guarantee that devices will always update and restart in the specified time.<p>If you select the Schedule install cadence type, the devices in that ring wont be counted towards the [Windows quality update service level objective](../operate/windows-autopatch-windows-quality-update-overview.md#service-level-objective).</p>
>If you select the Schedule install cadence type, the devices in that ring wont be counted towards the [Windows quality update service level objective](../operate/windows-autopatch-windows-quality-update-overview.md#service-level-objective).
While the Windows Autopatch default options will meet the majority of the needs for regular users with corporate devices, we understand there are devices that run critical activities and can only receive Windows Updates at specific times. The **Scheduled install** cadence type will prevent forced restarts and interruptions to critical business activities for end users, thereby minimizing disruptions. Upon selecting the **Scheduled install** cadence type, any previously set deadlines and grace periods will be removed. The expectation is that devices would only update and restart according to the time specified.
While the Windows Autopatch default options will meet the majority of the needs for regular users with corporate devices, we understand there are devices that run critical activities and can only receive Windows Updates at specific times. The **Scheduled install** cadence type will minimize disruptions by preventing forced restarts and interruptions to critical business activities for end users. Upon selecting the **Scheduled install** cadence type, any previously set deadlines and grace periods will be removed. Devices will only update and restart according to the time specified.
If other applications force a device to restart outside of the specified time and a Windows Update is pending a restart, the Windows Update will complete its installation at this time. For this reason, ensure that you consider your update and restart scenarios for devices running business critical activities, or restart sensitive workloads before using the Scheduled Install option.
> [!NOTE]
> The compliance deadline and grace period for Windows quality updates won't be configured for the Scheduled Install cadence type.

2
windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
View File

@ -96,7 +96,7 @@ sections:
- Rollback: For more information about Microsoft 365 Apps for enterprise, see [Update controls for Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#microsoft-365-apps-for-enterprise-update-controls).
- question: Can I permanently pause a Windows feature update deployment?
answer: |
Yes. Windows Autopatch provides a [permanent pause of either a feature update deployment](../operate/windows-autopatch-windows-feature-update-overview.md#pausing-and-resuming-a-release).
Yes. Windows Autopatch provides a [permanent pause of a feature update deployment](../operate/windows-autopatch-windows-feature-update-overview.md#pausing-and-resuming-a-release).
- question: Will Windows quality updates be released more quickly after vulnerabilities are identified, or what is the regular cadence of updates?
answer: |
For zero-day threats, Autopatch will have an [expedited release cadence](../operate/windows-autopatch-windows-quality-update-overview.md#expedited-releases). For normal updates Autopatch, uses a [regular release cadence](../operate/windows-autopatch-wqu-overview.md#windows-quality-update-releases) starting with devices in the Test ring and completing with general rollout to the Broad ring.

6
windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
View File

@ -1,7 +1,7 @@
---
title: Prerequisites
description: This article details the prerequisites needed for Windows Autopatch
ms.date: 02/17/2023
ms.date: 04/24/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: conceptual
@ -50,8 +50,8 @@ The following Windows OS 10 editions, 1809+ builds and architecture are supporte
- Windows 10 (1809+)/11 Enterprise
- Windows 10 (1809+)/11 Pro for Workstations
> [!NOTE]
> Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Additionally, Windows Autopatch can only manage Windows quality updates for devices that haven't reached the LTSC's [end of servicing date](/windows/release-health/release-information#enterprise-and-iot-enterprise-ltsbltsc-editions).
> [!IMPORTANT]
> Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use [LTSC media](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) or the [Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager) for Windows devices that are part of the LTSC.
## Configuration Manager co-management requirements

3
windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
View File

@ -45,7 +45,8 @@ The following groups target Windows Autopatch configurations to devices and mana
| ----- | ----- |
| Modern Workplace-All | AllModernWorkplaceusers |
| Modern Workplace - Windows 11 Pre-Release Test Devices | DevicegroupforWindows11Pre-Releasetesting. |
| Modern Workplace Devices-All | AllModernWorkplacedevices |
| Modern Workplace Devices-All | AllAutopatchdevices |
| Modern Workplace Devices-Virtual Machine | All Autopatch virtual devices |
| Modern Workplace Devices-Windows Autopatch-Test | Deployment ring for testing update deployments prior production rollout |
| Modern Workplace Devices-Windows Autopatch-First | First production deployment ring for early adopters |
| Modern Workplace Devices-Windows Autopatch-Fast | Fast deployment ring for quick rollout and adoption |

4
windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
View File

@ -1,7 +1,7 @@
---
title: What's new 2023
description: This article lists the 2023 feature releases and any corresponding Message center post numbers.
ms.date: 04/04/2023
ms.date: 04/18/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: whats-new
@ -24,6 +24,8 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
| Message center post number | Description |
| ----- | ----- |
| [MC542842](https://admin.microsoft.com/adminportal/home#/MessageCenter) | April 2023 Windows Autopatch baseline configuration update |
| [MC538728](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Update: Windows Autopatch quality updates release communication |
| [MC536881](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Take action: Review Windows Autopatch Tenant management blade for potential action required to prevent inactive status |
## March 2023