From f222504c2bd4c9967bda995b4217a0721bc2ef21 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 11 May 2022 12:53:31 +0530 Subject: [PATCH 01/10] DMClient-CSP Updates- new nodes This is updated as per task 5864419. Thanks! --- windows/client-management/mdm/dmclient-csp.md | 107 ++++++++++++++++++ 1 file changed, 107 insertions(+) diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 7731b4fe08..becb4453fb 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -41,6 +41,8 @@ DMClient ------------Unenroll ------------AADResourceID ------------AADDeviceID +------------AADSendDeviceToken +------------ForceAadToken ------------EnrollmentType ------------EnableOmaDmKeepAliveMessage ------------HWDevID @@ -63,6 +65,19 @@ DMClient ----------------NumberOfRemainingScheduledRetries ----------------PollOnLogin ----------------AllUsersPollOnFirstLogin +------------LinkedEnrollment +----------------Priority +----------------Enroll +----------------Unenroll +----------------EnrollStatus +----------------LastError +------------Recovery +----------------AllowRecovery +------------MultipleSession +----------------NumAllowedConcurrentUserSessionForBackgroundSync +----------------NumAllowedConcurrentUserSessionAtUserLogonSync +----------------IntervalForScheduledRetriesForUserSession +----------------NumberOfScheduledRetriesForUserSession ----Unenroll ----UpdateManagementServiceAddress ``` @@ -317,6 +332,10 @@ Device. Added in Windows 10 version 1803. For Azure AD backed enrollments, this Supported operations are Add, Delete, Get, and Replace. Value type is bool. +**Provider/*ProviderID*/ForceAadToken** + +- new + **Provider/*ProviderID*/Poll** Optional. Polling schedules must use the DMClient CSP. The Registry paths previously associated with polling using the Registry CSP are now deprecated. @@ -435,6 +454,94 @@ Optional. Boolean value that allows the IT admin to require the device to start Supported operations are Add, Get, and Replace. +**Provider/*ProviderID*/LinkedEnrollment/Priority** +This node is an integer, value is "0" or "1". + +Default is 1, meaning the MDM enrollment is the “winning” authority for conflicting policies/resources. Value 1 means MMP-C enrollment is the “winning” one. +Support operations are Get and Set. + +**Provider/*ProviderID*/LinkedEnrollment/Enroll** +This is an execution node and will trigger a silent MMP-C enrollment, using the AAD device token pulled from the AADJ’ed device. There is no user interaction needed. + +Support operation is Exec. + +**Provider/*ProviderID*/LinkedEnrollment/Unenroll** +This is an execution node and will trigger a silent MMP-C unenroll, there is no user interaction needed. On un-enrollment, all the settings/resources set by MMPC will be rolled back(rollback details will be covered later). + +Support operation is Exec. + +**Provider/*ProviderID*/LinkedEnrollment/EnrollStatus** +This node can be used to check both enroll and unenroll statuses. +This will return the enroll action status and is defined as a enum class LinkedEnrollmentStatus. The values are aas follows: + +- Undefined = 0 +- EnrollmentNotStarted = 1 +- InProgress = 2 +- Failed = 3 +- Succeeded = 4 +- UnEnrollmentQueued = 5 +- UnEnrollmentSucceeded = 8 + +Support operation is Get only. + +**Provider/*ProviderID*/LinkedEnrollment/LastError** +This specifies the Hresult to report the enrollment/unenroll results. + +**Provider/*ProviderID*/Recovery/AllowRecovery** +This node determines whether or not the client will automatically initiate a MDM Recovery operation when it detects issues with the MDM certificate. + +This node tracks the status of a Recovery request from the InitiateRecovery node. The values are as follows: + +- 0 - No Recovery request has been processed. +- 1 - Recovery is in Process. +- 2 - Recovery has finished successfully. +- 3 - Recovery has failed to start because TPM is not available. +- 4 - Recovery has failed to start because AAD keys are not protected by the TPM. +- 5 - Recovery has failed to start because the MDM keys are already protected by the TPM. +- 6 - Recovery has failed to start because the TPM is not ready for attestation. +- 7 - Recovery has failed because the client cannot authenticate to the server. +- 8 - Recovery has failed because the server has rejected the client's request. + +**Provider/*ProviderID*/MultipleSession/NumAllowedConcurrentUserSessionForBackgroundSync** +Optional. This node specifies maximum number of concurrent user sync sessions in background. Default value is 25. + +The values are : 0= none, 1= sequential, anything else= parallel. + +Supported operation is Get, Add, Replace and Delete. + +Value type is integer. Only applicable for Windows 10 multi-session. + + +**Provider/*ProviderID*/MultipleSession/NumAllowedConcurrentUserSessionAtUserLogonSync** +Optional. This node specifies maximum number of concurrent user sync sessions at User Login. Default value is 25. + +The values are : 0= none, 1= sequential, anything else= parallel. + +Supported operation is Get, Add, Replace and Delete. + +Value type is integer. Only applicable for Windows 10 multi-session. + +>[!Note] +> Max(NumAllowedConcurrentUserSession, NumAllowedConcurrentUserSessionAtUserLogon) + 1 + +**Provider/*ProviderID*/MultipleSession/IntervalForScheduledRetriesForUserSession** +Optional. This node specifies the waiting time (in minutes) for the initial set of retries as specified by the number of retries in **//Poll/NumberOfScheduledRetriesForUserSession**. + +If IntervalForScheduledRetriesForUserSession is not set, then the default value is used. The default value is 1440. If the value is set to 0, this schedule is disabled. + +This configuration is only applicable for Windows Multi-session Editions. + +Supported operations are Get and Replace. + +**Provider/*ProviderID*/MultipleSession/NumberOfScheduledRetriesForUserSession** +Optional. This node specifies the number of times the DM client should retry to connect to the server when the client is initially configured or enrolled to communicate with the server. + +If the value is set to 0 and the IntervalForScheduledRetriesForUserSession value is not 0, then the schedule will be set to repeat an infinite number of times. + +The default value is 0. This configuration is only applicable for Windows Multi-session Editions. + +Supported operations are Get and Replace. + **Provider/*ProviderID*/ConfigLock** Optional. This node enables [Config Lock](config-lock.md) feature. If enabled, policies defined in the Config Lock document will be monitored and quickly remediated when a configuration drift is detected. From 3721d40a5a00852ac380935e8f9e482590475162 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 11 May 2022 12:58:37 +0530 Subject: [PATCH 02/10] Updated --- windows/client-management/mdm/dmclient-csp.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index becb4453fb..9fc9005e9c 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -333,8 +333,9 @@ Device. Added in Windows 10 version 1803. For Azure AD backed enrollments, this Supported operations are Add, Delete, Get, and Replace. Value type is bool. **Provider/*ProviderID*/ForceAadToken** +The value type is integer/enum. -- new +The value is "1" and it means client should always send AAD device token during check-in/sync. **Provider/*ProviderID*/Poll** Optional. Polling schedules must use the DMClient CSP. The Registry paths previously associated with polling using the Registry CSP are now deprecated. From c6e4d17efb6c918b9c4a93e53f5899caa10215c7 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 11 May 2022 13:08:08 +0530 Subject: [PATCH 03/10] Update dmclient-csp.md --- windows/client-management/mdm/dmclient-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 9fc9005e9c..9cd2efa1b3 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -526,7 +526,7 @@ Value type is integer. Only applicable for Windows 10 multi-session. > Max(NumAllowedConcurrentUserSession, NumAllowedConcurrentUserSessionAtUserLogon) + 1 **Provider/*ProviderID*/MultipleSession/IntervalForScheduledRetriesForUserSession** -Optional. This node specifies the waiting time (in minutes) for the initial set of retries as specified by the number of retries in **//Poll/NumberOfScheduledRetriesForUserSession**. +Optional. This node specifies the waiting time (in minutes) for the initial set of retries as specified by the number of retries in `//Poll/NumberOfScheduledRetriesForUserSession`. If IntervalForScheduledRetriesForUserSession is not set, then the default value is used. The default value is 1440. If the value is set to 0, this schedule is disabled. From 41fe024ef56184f8c85691c1d666d895616e6ac1 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 11 May 2022 13:58:54 +0530 Subject: [PATCH 04/10] typo fix --- windows/client-management/mdm/dmclient-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 9cd2efa1b3..2137ef1806 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -461,7 +461,7 @@ This node is an integer, value is "0" or "1". Default is 1, meaning the MDM enrollment is the “winning” authority for conflicting policies/resources. Value 1 means MMP-C enrollment is the “winning” one. Support operations are Get and Set. -**Provider/*ProviderID*/LinkedEnrollment/Enroll** +**Provider/*ProviderID*/LinkedEnrollment/Enroll** This is an execution node and will trigger a silent MMP-C enrollment, using the AAD device token pulled from the AADJ’ed device. There is no user interaction needed. Support operation is Exec. From f27443bcb51e963802422912a6ecf4d14984a5ec Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 25 May 2022 10:41:14 +0530 Subject: [PATCH 05/10] Updated as per feedback --- windows/client-management/mdm/dmclient-csp.md | 30 ++++++++++++++----- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 2137ef1806..5f0e94ea62 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -73,6 +73,8 @@ DMClient ----------------LastError ------------Recovery ----------------AllowRecovery +----------------RecoveryStatus +----------------InitiateRecovery ------------MultipleSession ----------------NumAllowedConcurrentUserSessionForBackgroundSync ----------------NumAllowedConcurrentUserSessionAtUserLogonSync @@ -119,8 +121,6 @@ Supported operations are Get and Add. > Although hardware device IDs are guaranteed to be unique, there's a concern that this isn't ultimately enforceable during a DM session. The device ID could be changed through the w7 APPLICATION CSP’s **USEHWDEVID** parm by another management server. So during enterprise bootstrap and enrollment, a new device ID is specified by the enterprise server. This node is required and must be set by the server before the client certificate renewal is triggered. - - **Provider/*ProviderID*/ExchangeID** Optional. Character string that contains the unique Exchange device ID used by the Outlook account of the user the session is running against. The enterprise management server can correlate and merge records for: @@ -130,8 +130,6 @@ Optional. Character string that contains the unique Exchange device ID used by t > [!NOTE] > In some cases for the desktop, this node will return "not found" until the user sets up their email. - - Supported operation is Get. The following XML is a Get command example: @@ -163,8 +161,6 @@ Required. The character string that contains the device management server addres > [!NOTE] > When the **ManagementServerAddressList** value is set, the device ignores the value. - - The DMClient CSP will save the address to the same location as the w7 and DMS CSPs. The save ensures the management client has a single place to retrieve the current server address. The initial value for this node is the same server address value as bootstrapped using the [w7 APPLICATION configuration service provider](w7-application-csp.md). Starting in Windows 10, version 1511, this node supports multiple server addresses in the format <URL1><URL2><URL3>. If there's only a single URL, then the <> aren't required. This feature is supported on Windows client devices. @@ -491,6 +487,12 @@ This specifies the Hresult to report the enrollment/unenroll results. **Provider/*ProviderID*/Recovery/AllowRecovery** This node determines whether or not the client will automatically initiate a MDM Recovery operation when it detects issues with the MDM certificate. +Supported operations are Get, Add, Replace, Delete. + +Default value is 0 + +**Provider/*ProviderID*/Recovery/RecoveryStatus** + This node tracks the status of a Recovery request from the InitiateRecovery node. The values are as follows: - 0 - No Recovery request has been processed. @@ -503,12 +505,24 @@ This node tracks the status of a Recovery request from the InitiateRecovery node - 7 - Recovery has failed because the client cannot authenticate to the server. - 8 - Recovery has failed because the server has rejected the client's request. +Supported operation is Get only. + +**Provider/*ProviderID*/Recovery/InitiateRecovery** + +This node initiates an MDM Recovery operation on the client. + +If initiated with argument 0, it triggers MDM Recovery, no matter the state of the device. + +If initiated with argument 1, it triggers only if the MDM certificate’s private key isn’t already protected by the TPM, if there is a TPM to put the private key into, and if the TPM is ready for attestation. + +Supported operation is Exec only. + **Provider/*ProviderID*/MultipleSession/NumAllowedConcurrentUserSessionForBackgroundSync** Optional. This node specifies maximum number of concurrent user sync sessions in background. Default value is 25. The values are : 0= none, 1= sequential, anything else= parallel. -Supported operation is Get, Add, Replace and Delete. +Supported operations are Get, Add, Replace and Delete. Value type is integer. Only applicable for Windows 10 multi-session. @@ -518,7 +532,7 @@ Optional. This node specifies maximum number of concurrent user sync sessions at The values are : 0= none, 1= sequential, anything else= parallel. -Supported operation is Get, Add, Replace and Delete. +Supported operations are Get, Add, Replace and Delete. Value type is integer. Only applicable for Windows 10 multi-session. From ccfc86574372753143c47c497a0b6685f3de456b Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 26 May 2022 11:33:51 +0530 Subject: [PATCH 06/10] Update dmclient-csp.md --- windows/client-management/mdm/dmclient-csp.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index d62716ce79..d57a985a24 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -482,6 +482,7 @@ This is an execution node and will trigger a silent MMP-C unenroll, there is no Support operation is Exec. **Provider/*ProviderID*/LinkedEnrollment/EnrollStatus** + This node can be used to check both enroll and unenroll statuses. This will return the enroll action status and is defined as a enum class LinkedEnrollmentStatus. The values are aas follows: @@ -496,12 +497,14 @@ This will return the enroll action status and is defined as a enum class LinkedE Support operation is Get only. **Provider/*ProviderID*/LinkedEnrollment/LastError** + This specifies the Hresult to report the enrollment/unenroll results. **Provider/*ProviderID*/Recovery/AllowRecovery** + This node determines whether or not the client will automatically initiate a MDM Recovery operation when it detects issues with the MDM certificate. -Supported operations are Get, Add, Replace, Delete. +Supported operations are Get, Add, Replace and Delete. Default value is 0 @@ -532,11 +535,12 @@ If initiated with argument 1, it triggers only if the MDM certificate’s privat Supported operation is Exec only. **Provider/*ProviderID*/MultipleSession/NumAllowedConcurrentUserSessionForBackgroundSync** + Optional. This node specifies maximum number of concurrent user sync sessions in background. Default value is 25. The values are : 0= none, 1= sequential, anything else= parallel. -Supported operations are Get, Add, Replace and Delete. +Supported operations are Get, Add, Replace and Delete. Value type is integer. Only applicable for Windows 10 multi-session. From 8c6755bf165252a7b6e5be8ac11efbcf7b9a9037 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 26 May 2022 14:37:10 +0530 Subject: [PATCH 07/10] Feedback --- windows/client-management/mdm/dmclient-csp.md | 23 ++++++++----------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index d57a985a24..39fd09be3a 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -506,21 +506,21 @@ This node determines whether or not the client will automatically initiate a MDM Supported operations are Get, Add, Replace and Delete. -Default value is 0 +Default value is 0. **Provider/*ProviderID*/Recovery/RecoveryStatus** This node tracks the status of a Recovery request from the InitiateRecovery node. The values are as follows: -- 0 - No Recovery request has been processed. -- 1 - Recovery is in Process. -- 2 - Recovery has finished successfully. -- 3 - Recovery has failed to start because TPM is not available. -- 4 - Recovery has failed to start because AAD keys are not protected by the TPM. -- 5 - Recovery has failed to start because the MDM keys are already protected by the TPM. -- 6 - Recovery has failed to start because the TPM is not ready for attestation. -- 7 - Recovery has failed because the client cannot authenticate to the server. -- 8 - Recovery has failed because the server has rejected the client's request. +0 - No Recovery request has been processed. +1 - Recovery is in Process. +2 - Recovery has finished successfully. +3 - Recovery has failed to start because TPM is not available. +4 - Recovery has failed to start because AAD keys are not protected by the TPM. +5 - Recovery has failed to start because the MDM keys are already protected by the TPM. +6 - Recovery has failed to start because the TPM is not ready for attestation. +7 - Recovery has failed because the client cannot authenticate to the server. +8 - Recovery has failed because the server has rejected the client's request. Supported operation is Get only. @@ -554,9 +554,6 @@ Supported operations are Get, Add, Replace and Delete. Value type is integer. Only applicable for Windows 10 multi-session. ->[!Note] -> Max(NumAllowedConcurrentUserSession, NumAllowedConcurrentUserSessionAtUserLogon) + 1 - **Provider/*ProviderID*/MultipleSession/IntervalForScheduledRetriesForUserSession** Optional. This node specifies the waiting time (in minutes) for the initial set of retries as specified by the number of retries in `//Poll/NumberOfScheduledRetriesForUserSession`. From 182e1c43add3ca5e5c33cd64b8c3b4f7bf34fda7 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Thu, 26 May 2022 15:04:48 +0530 Subject: [PATCH 08/10] Update dmclient-csp.md --- windows/client-management/mdm/dmclient-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 39fd09be3a..4f5e9e65c0 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -506,7 +506,7 @@ This node determines whether or not the client will automatically initiate a MDM Supported operations are Get, Add, Replace and Delete. -Default value is 0. +The supported values for this node are 1-true (allow) and 0-false(not allow). Default value is 0. **Provider/*ProviderID*/Recovery/RecoveryStatus** From 4c089352feeee03b4eb6c2452cc30b4e5fda6974 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Mon, 30 May 2022 11:18:44 +0530 Subject: [PATCH 09/10] Fixing format --- windows/client-management/mdm/dmclient-csp.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 4f5e9e65c0..6a0e95812a 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -514,11 +514,11 @@ This node tracks the status of a Recovery request from the InitiateRecovery node 0 - No Recovery request has been processed. 1 - Recovery is in Process. -2 - Recovery has finished successfully. +2 - Recovery has finished successfully. 3 - Recovery has failed to start because TPM is not available. -4 - Recovery has failed to start because AAD keys are not protected by the TPM. -5 - Recovery has failed to start because the MDM keys are already protected by the TPM. -6 - Recovery has failed to start because the TPM is not ready for attestation. +4 - Recovery has failed to start because AAD keys are not protected by the TPM. +5 - Recovery has failed to start because the MDM keys are already protected by the TPM. +6 - Recovery has failed to start because the TPM is not ready for attestation. 7 - Recovery has failed because the client cannot authenticate to the server. 8 - Recovery has failed because the server has rejected the client's request. From ac861feda773673f657f7a8eadb6d5a666eb2e72 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 1 Jun 2022 09:51:35 -0700 Subject: [PATCH 10/10] Fixed a link, removed redundancy. --- .../windows-autopatch/overview/windows-autopatch-faq.md | 4 ++-- .../windows-autopatch/prepare/windows-autopatch-fix-issues.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.md index 3fad61cc1f..d2c0bbd292 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.md @@ -19,7 +19,7 @@ msreviewer: hathind | Question | Answer | | ----- | ----- | | What Windows versions are supported? | Windows Autopatch works with all [supported versions of Windows 10 and Windows 11 Enterprise edition](/windows/release-health/supported-versions-windows-client). | -| What is the difference between Windows Updates for Business and Windows Autopatch? | Windows Autopatch is a service that removes the need for organizations to plan and operate the update process.

Windows Autopatch moves the burden from your IT to Microsoft. Windows Autopatch uses [Windows Update for Business](/windows/deployment/update/deployment-service-overview) and other service components to update devices. Both are part of Windows Enterprise E3. | +| What is the difference between Windows Update for Business and Windows Autopatch? | Windows Autopatch is a service that removes the need for organizations to plan and operate the update process.

Windows Autopatch moves the burden from your IT to Microsoft. Windows Autopatch uses [Windows Update for Business](/windows/deployment/update/deployment-service-overview) and other service components to update devices. Both are part of Windows Enterprise E3. | | Is Windows 365 for Enterprise supported with Windows Autopatch? | Windows Autopatch supports Windows 365 for Enterprise. Windows 365 for Business isn't supported.| | Does Windows Autopatch support Windows Education (A3) or Windows Front Line Worker (F3) licensing? | Autopatch isn't available for 'A' or 'F' series licensing. | | Will Windows Autopatch support local domain join Windows 10? | Windows Autopatch doesn't support local (on-premise) domain join. Windows Autopatch supports [Hybrid AD join](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or pure [Azure AD join](/azure/active-directory/devices/concept-azure-ad-join-hybrid). | @@ -30,7 +30,7 @@ msreviewer: hathind | Question | Answer | | ----- | ----- | | What are the prerequisites for Windows Autopatch? |

  • [Supported Windows 10/11 Enterprise edition versions](/windows/release-health/supported-versions-windows-client)
  • [Azure Active Directory (Azure AD) Premium](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses)
  • [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid)
  • [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune)
  • [Co-management](/prepare/windows-autopatch-prerequisites.md#co-management-requirements)
  • [Configuration Manager version 2010 or later](/mem/configmgr/core/plan-design/changes/whats-new-in-version-2010)
  • [Switch workloads for device configuration, Windows Update and Microsoft 365 Apps from Configuration Manager to Intune](/mem/configmgr/comanage/how-to-switch-workloads) (minimum Pilot Intune)
| -| What are the licensing requirements for Windows Autopatch? |
  • Windows Autopatch is included with Window 10/11 Enterprise E3 or higher. For more information, see More about licenses.
  • [Azure AD Premium](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses) (for Co-management)
  • [Microsoft Intune](/mem/intune/fundamentals/licenses) (includes Configuration Manager 2010 or greater via co-management)
| +| What are the licensing requirements for Windows Autopatch? |
  • Windows Autopatch is included with Window 10/11 Enterprise E3 or higher. For more information, see [More about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses).
  • [Azure AD Premium](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses) (for Co-management)
  • [Microsoft Intune](/mem/intune/fundamentals/licenses) (includes Configuration Manager 2010 or greater via co-management)
| | Are there hardware requirements for Windows Autopatch? | No, Windows Autopatch doesn't require any specific hardware. However, general hardware requirements for updates are still applicable. For example, to deliver Windows 11 to your Autopatch devices they must meet [specific hardware requirements](/windows/windows-11-specifications?r=1). Windows devices must be supported by your hardware OEM. | ## Device registration diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md index 8dff734be5..9f65feb92f 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md @@ -66,7 +66,7 @@ Windows Autopatch requires the following licenses: | Result | Meaning | | ----- | ----- | -| Not ready | Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher) to be assigned to your users. Additionally, Azure Active Directory Premium, Microsoft Intune and Windows 10/11 Enterprise are required. For more information, see [more about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses). | +| Not ready | Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher) to be assigned to your users. Additionally, Azure Active Directory Premium, and Microsoft Intune are required. For more information, see [more about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses). | ### Windows Autopatch service accounts