mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 10:23:37 +00:00
fix merge conflict
This commit is contained in:
Aaron Czechowski
@ -10,7 +10,7 @@ ms.author: mstewart
|
||||
appliesto:
|
||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||
ms.date: 08/28/2023
|
||||
ms.date: 08/15/2024
|
||||
---
|
||||
|
||||
# Windows Update security
|
||||
|
||||
@ -42,14 +42,13 @@
|
||||
href: deploy/windows-autopatch-register-devices.md
|
||||
- name: Windows Autopatch groups overview
|
||||
href: deploy/windows-autopatch-groups-overview.md
|
||||
items:
|
||||
- name: Manage Windows Autopatch groups
|
||||
href: deploy/windows-autopatch-groups-manage-autopatch-groups.md
|
||||
- name: Post-device registration readiness checks
|
||||
href: deploy/windows-autopatch-post-reg-readiness-checks.md
|
||||
- name: Manage
|
||||
href:
|
||||
items:
|
||||
- name: Manage Windows Autopatch groups
|
||||
href: manage/windows-autopatch-manage-autopatch-groups.md
|
||||
- name: Customize Windows Update settings
|
||||
href: manage/windows-autopatch-customize-windows-update-settings.md
|
||||
- name: Windows feature updates
|
||||
|
||||
@ -46,7 +46,7 @@ See the following detailed workflow diagram. The diagram covers the Windows Auto
|
||||
| Step | Description |
|
||||
| ----- | ----- |
|
||||
| **Step 1: Identify devices** | IT admin identifies devices to be managed by the Windows Autopatch service. |
|
||||
| **Step 2: Add devices** | IT admin adds devices through Direct membership or nests other Microsoft Entra ID assigned or dynamic groups into the **Windows Autopatch Device Registration** Microsoft Entra ID assigned group when using adding existing device-based Microsoft Entra groups while [creating](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group)/[editing](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) Custom Autopatch groups, or [editing](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) the Default Autopatch group</li></ul> |
|
||||
| **Step 2: Add devices** | IT admin adds devices through Direct membership or nests other Microsoft Entra ID assigned or dynamic groups into the **Windows Autopatch Device Registration** Microsoft Entra ID assigned group when using adding existing device-based Microsoft Entra groups while [creating](../manage/windows-autopatch-manage-autopatch-groups.md#create-a-custom-autopatch-group)/[editing](../manage/windows-autopatch-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) Custom Autopatch groups, or [editing](../manage/windows-autopatch-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) the Default Autopatch group</li></ul> |
|
||||
| **Step 3: Discover devices** | The Windows Autopatch Discover Devices function discovers devices (hourly) that were previously added by the IT admin into the **Windows Autopatch Device Registration** Microsoft Entra ID assigned group or from Microsoft Entra groups used with Autopatch groups in **step #2**. The Microsoft Entra device ID is used by Windows Autopatch to query device attributes in both Microsoft Intune and Microsoft Entra ID when registering devices into its service.<ol><li>Once devices are discovered from the Microsoft Entra group, the same function gathers additional device attributes and saves it into its memory during the discovery operation. The following device attributes are gathered from Microsoft Entra ID in this step:</li><ol><li>**AzureADDeviceID**</li><li>**OperatingSystem**</li><li>**DisplayName (Device name)**</li><li>**AccountEnabled**</li><li>**RegistrationDateTime**</li><li>**ApproximateLastSignInDateTime**</li></ol><li>In this same step, the Windows Autopatch discover devices function calls another function, the device prerequisite check function. The device prerequisite check function evaluates software-based device-level prerequisites to comply with Windows Autopatch device readiness requirements before registration.</li></ol> |
|
||||
| **Step 4: Check prerequisites** | The Windows Autopatch prerequisite function makes an Intune Graph API call to sequentially validate device readiness attributes required for the registration process. For detailed information, see the [Detailed prerequisite check workflow diagram](#detailed-prerequisite-check-workflow-diagram) section. The service checks the following device readiness attributes, and/or prerequisites:<ol><li>**If the device is Intune-managed or not.**</li><ol><li>Windows Autopatch looks to see **if the Microsoft Entra device ID has an Intune device ID associated with it**.</li><ol><li>If **yes**, it means this device is enrolled into Intune.</li><li>If **not**, it means the device isn't enrolled into Intune, hence it can't be managed by the Windows Autopatch service.</li></ol><li>**If the device is not managed by Intune**, the Windows Autopatch service can't gather device attributes such as operating system version, Intune enrollment date, device name and other attributes. When this happens, the Windows Autopatch service uses the Microsoft Entra device attributes gathered and saved to its memory in **step 3a**.</li><ol><li>Once it has the device attributes gathered from Microsoft Entra ID in **step 3a**, the device is flagged with the **Prerequisite failed** status, then added to the **Not registered** tab so the IT admin can review the reason(s) the device wasn't registered into Windows Autopatch. The IT admin will remediate these devices. In this case, the IT admin should check why the device wasn't enrolled into Intune.</li><li>A common reason is when the Microsoft Entra device ID is stale, it doesn't have an Intune device ID associated with it anymore. To remediate, [clean up any stale Microsoft Entra device records from your tenant](windows-autopatch-register-devices.md#clean-up-dual-state-of-hybrid-azure-ad-joined-and-azure-registered-devices-in-your-azure-ad-tenant).</li></ol><li>**If the device is managed by Intune**, the Windows Autopatch prerequisite check function continues to the next prerequisite check, which evaluates whether the device has checked into Intune in the last 28 days.</li></ol><li>**If the device is a Windows device or not.**</li><ol><li>Windows Autopatch looks to see if the device is a Windows and corporate-owned device.</li><ol><li>**If yes**, it means this device can be registered with the service because it's a Windows corporate-owned device.</li><li>**If not**, it means the device is a non-Windows device, or it's a Windows device but it's a personal device.</li></ol></ol><li>**Windows Autopatch checks the Windows SKU family**. The SKU must be either:</li><ol><li>**Enterprise**</li><li>**Pro**</li><li>**Pro Workstation**</li></ol><li>**If the device meets the operating system requirements**, Windows Autopatch checks whether the device is either:</li><ol><li>**Only managed by Intune.**</li><ol><li>If the device is only managed by Intune, the device is marked as Passed all prerequisites.</li></ol><li>**Co-managed by both Configuration Manager and Intune.**</li><ol><li>If the device is co-managed by both Configuration Manager and Intune, an additional prerequisite check is evaluated to determine if the device satisfies the co-management-enabled workloads required by Windows Autopatch to manage devices in a co-managed state. The required co-management workloads evaluated in this step are:</li><ol><li>**Windows Updates Policies**</li><li>**Device Configuration**</li><li>**Office Click to Run**</li></ol><li>If Windows Autopatch determines that one of these workloads isn't enabled on the device, the service marks the device as **Prerequisite failed** and moves the device to the **Not registered** tab.</li></ol></ol></ol>|
|
||||
| **Step 5: Calculate deployment ring assignment** | Once the device passes all prerequisites described in **step #4**, Windows Autopatch starts its deployment ring assignment calculation. The following logic is used to calculate the Windows Autopatch deployment ring assignment:<ol><li>If the Windows Autopatch tenant's existing managed device size is **≤ 200**, the deployment ring assignment is **First (5%)**, **Fast (15%)**, remaining devices go to the **Broad ring (80%)**.</li><li>If the Windows Autopatch tenant's existing managed device size is **>200**, the deployment ring assignment will be **First (1%)**, **Fast (9%)**, remaining devices go to the **Broad ring (90%)**.</li></ol> |
|
||||
|
||||
@ -190,7 +190,7 @@ The following are the Microsoft Entra ID assigned groups that represent the soft
|
||||
|
||||
### About device registration
|
||||
|
||||
Autopatch groups register devices with the Windows Autopatch service when you either [create](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group) or [edit a Custom Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group), and/or when you [edit the Default Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) to use your existing Microsoft Entra groups instead of the Windows Autopatch Device Registration group provided by the service.
|
||||
Autopatch groups register devices with the Windows Autopatch service when you either [create](../manage/windows-autopatch-manage-autopatch-groups.md#create-a-custom-autopatch-group) or [edit a Custom Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group), and/or when you [edit the Default Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) to use your existing Microsoft Entra groups instead of the Windows Autopatch Device Registration group provided by the service.
|
||||
|
||||
## Common ways to use Autopatch groups
|
||||
|
||||
|
||||
@ -35,7 +35,7 @@ When you either create/edit a [Custom Autopatch group](../deploy/windows-autopat
|
||||
|
||||
If devices aren't registered, Autopatch groups starts the device registration process by using your existing device-based Microsoft Entra groups instead of the Windows Autopatch Device Registration group.
|
||||
|
||||
For more information, see [create Custom Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group) and [edit Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) to register devices using the Autopatch groups device registration method.
|
||||
For more information, see [create Custom Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md#create-a-custom-autopatch-group) and [edit Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) to register devices using the Autopatch groups device registration method.
|
||||
|
||||
<a name='supported-scenarios-when-nesting-other-azure-ad-groups'></a>
|
||||
|
||||
|
||||
@ -180,4 +180,4 @@ When you create or edit the Custom or Default Autopatch group, Windows Autopatch
|
||||
|
||||
#### Device conflict post device registration
|
||||
|
||||
Autopatch groups will keep monitoring for all device conflict scenarios listed in the [Manage device conflict scenarios when using Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#manage-device-conflict-scenarios-when-using-autopatch-groups) section even after devices were successfully registered with the service.
|
||||
Autopatch groups will keep monitoring for all device conflict scenarios listed in the [Manage device conflict scenarios when using Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md#manage-device-conflict-scenarios-when-using-autopatch-groups) section even after devices were successfully registered with the service.
|
||||
@ -98,8 +98,8 @@ There are two scenarios that the Global release is used:
|
||||
|
||||
| Scenario | Description |
|
||||
| ----- | ----- |
|
||||
| Scenario #1 | You assign Microsoft Entra groups to be used with the deployment ring (Last) or you add additional deployment rings when you customize the [Default Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group).<p>A global Windows feature update policy is automatically assigned behind the scenes to the newly added deployment rings or when you assigned Microsoft Entra groups to the deployment ring (Last) in the Default Autopatch group.</p> |
|
||||
| Scenario #2 | You create new [Custom Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group).<p>The global Windows feature policy is automatically assigned behind the scenes to all deployment rings as part of the Custom Autopatch groups you create.</p> |
|
||||
| Scenario #1 | You assign Microsoft Entra groups to be used with the deployment ring (Last) or you add additional deployment rings when you customize the [Default Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group).<p>A global Windows feature update policy is automatically assigned behind the scenes to the newly added deployment rings or when you assigned Microsoft Entra groups to the deployment ring (Last) in the Default Autopatch group.</p> |
|
||||
| Scenario #2 | You create new [Custom Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md#create-a-custom-autopatch-group).<p>The global Windows feature policy is automatically assigned behind the scenes to all deployment rings as part of the Custom Autopatch groups you create.</p> |
|
||||
|
||||
> [!NOTE]
|
||||
> Global releases don't show up in the Windows feature updates release management blade.
|
||||
@ -124,7 +124,7 @@ The differences in between the global and the default Windows feature update pol
|
||||
|
||||
| Default Windows feature update policy | Global Windows feature update policy |
|
||||
| ----- | ----- |
|
||||
| <ul><li>Set by default with the Default Autopatch group and assigned to Test, Ring1, Ring2, Ring3. The default policy isn't automatically assigned to the Last ring in the Default Autopatch group.</li><li>The Windows Autopatch service keeps its minimum Windows OS version updated following the recommendation of minimum Windows OS version [currently serviced by the Windows servicing channels](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2).</li></ul> | <ul><li>Set by default and assigned to all new deployment rings added as part of the Default Autopatch group customization.</li><li>Set by default and assigned to all deployment rings created as part of Custom Autopatch groups.</li></ul>
|
||||
| <ul><li>Set by default with the Default Autopatch group and assigned to Test, Ring1, Ring2, Ring3. The default policy isn't automatically assigned to the Last ring in the Default Autopatch group.</li><li>The Windows Autopatch service keeps its minimum Windows OS version updated following the recommendation of minimum Windows OS version [currently serviced by the Windows servicing channels](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2).</li></ul> | <ul><li>Set by default and assigned to all new deployment rings added as part of the Default Autopatch group customization.</li><li>Set by default and assigned to all deployment rings created as part of Custom Autopatch groups.</li></ul> |
|
||||
|
||||
### Custom release
|
||||
|
||||
|
||||
@ -79,7 +79,7 @@ sections:
|
||||
No. Don't change, edit, add to, or remove any of the configurations. Doing so might cause unintended configuration conflicts and impact the Windows Autopatch service. For more information about policies and configurations, see [Changes made at tenant enrollment](/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant).
|
||||
- question: How can I represent our organizational structure with our own deployment cadence?
|
||||
answer: |
|
||||
[Windows Autopatch groups](../deploy/windows-autopatch-groups-overview.md) helps you manage updates in a way that makes sense for your businesses. For more information, see [Windows Autopatch groups overview](../deploy/windows-autopatch-groups-overview.md) and [Manage Windows Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md).
|
||||
[Windows Autopatch groups](../deploy/windows-autopatch-groups-overview.md) helps you manage updates in a way that makes sense for your businesses. For more information, see [Windows Autopatch groups overview](../deploy/windows-autopatch-groups-overview.md) and [Manage Windows Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md).
|
||||
- name: Update management
|
||||
questions:
|
||||
- question: What systems does Windows Autopatch update?
|
||||
|
||||
@ -63,7 +63,7 @@ Microsoft remains committed to the security of your data and the [accessibility]
|
||||
| Area | Description |
|
||||
| ----- | ----- |
|
||||
| Prepare | The following articles describe the mandatory steps to prepare and enroll your tenant into Windows Autopatch:<ul><li>[Prerequisites](../prepare/windows-autopatch-prerequisites.md)</li><li>[Configure your network](../prepare/windows-autopatch-configure-network.md)</li><li>[Enroll your tenant](../prepare/windows-autopatch-enroll-tenant.md)</li><li>[Fix issues found by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md)</li><li>[Roles and responsibilities](../overview/windows-autopatch-roles-responsibilities.md)</ul> |
|
||||
| Deploy | Once you've enrolled your tenant, this section instructs you to:<ul><li>[Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><li>[Register your devices](../deploy/windows-autopatch-register-devices.md)</li><li>[Manage Windows Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md)</li></ul> |
|
||||
| Deploy | Once you've enrolled your tenant, this section instructs you to:<ul><li>[Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><li>[Register your devices](../deploy/windows-autopatch-register-devices.md)</li><li>[Manage Windows Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md)</li></ul> |
|
||||
| Operate | This section includes the following information about your day-to-day life with the service:<ul><li>[Update management](../operate/windows-autopatch-groups-update-management.md)</li><li>[Windows quality and feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md)</li><li>[Maintain your Windows Autopatch environment](../operate/windows-autopatch-maintain-environment.md)</li><li>[Submit a support request](../operate/windows-autopatch-support-request.md)</li><li>[Exclude a device](../operate/windows-autopatch-exclude-device.md)</li></ul>
|
||||
| References | This section includes the following articles:<ul><li>[Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md)<li>[Windows update policies](../references/windows-autopatch-windows-update-unsupported-policies.md)</li><li>[Microsoft 365 Apps for enterprise update policies](../references/windows-autopatch-microsoft-365-policies.md)</li></ul> |
|
||||
|
||||
|
||||
@ -58,7 +58,7 @@ For more information and assistance with preparing for your Windows Autopatch de
|
||||
| Remediate registration issues<ul><li>[For devices displayed in the **Not ready** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade)</li><li>[For devices displayed in the **Not registered** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade)</li><li>[For devices with conflicting configurations](../references/windows-autopatch-conflicting-configurations.md)</li></ul> | :heavy_check_mark: | :x: |
|
||||
| Populate the Test and Last deployment ring membership<ul><li>[Default Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)</li><li>[Custom Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
|
||||
| [Manually override device assignments to deployment rings](../operate/windows-autopatch-update-management.md#moving-devices-in-between-deployment-rings) | :heavy_check_mark: | :x: |
|
||||
| Review device conflict scenarios<ul><li>[Device conflict in deployment rings within an Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-in-deployment-rings-within-an-autopatch-group)</li><li>[Device conflict across different Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-across-different-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
|
||||
| Review device conflict scenarios<ul><li>[Device conflict in deployment rings within an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#device-conflict-in-deployment-rings-within-an-autopatch-group)</li><li>[Device conflict across different Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md#device-conflict-across-different-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
|
||||
| Communicate to end-users, help desk and stakeholders | :heavy_check_mark: | :x: |
|
||||
|
||||
## Manage
|
||||
@ -68,8 +68,8 @@ For more information and assistance with preparing for your Windows Autopatch de
|
||||
| [Maintain contacts in the Microsoft Intune admin center](../deploy/windows-autopatch-admin-contacts.md) | :heavy_check_mark: | :x: |
|
||||
| [Maintain and manage the Windows Autopatch service configuration](../monitor/windows-autopatch-maintain-environment.md) | :x: | :heavy_check_mark: |
|
||||
| [Maintain customer configuration to align with the Windows Autopatch service configuration](../monitor/windows-autopatch-maintain-environment.md) | :heavy_check_mark: | :x: |
|
||||
| Resolve service remediated device conflict scenarios<ul><li>[Device conflict in deployment rings within an Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-in-deployment-rings-within-an-autopatch-group)</li><li>[Default to Custom Autopatch group device conflict](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#default-to-custom-autopatch-group-device-conflict)</li></ul> | :x: | :heavy_check_mark: |
|
||||
| Resolve remediated device conflict scenarios<ul><li>[Custom to Custom Autopatch group device conflict](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#custom-to-custom-autopatch-group-device-conflict)</li><li>[Device conflict prior to device registration](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-prior-to-device-registration)</li></ul> | :heavy_check_mark: | :x: |
|
||||
| Resolve service remediated device conflict scenarios<ul><li>[Device conflict in deployment rings within an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#device-conflict-in-deployment-rings-within-an-autopatch-group)</li><li>[Default to Custom Autopatch group device conflict](../manage/windows-autopatch-manage-autopatch-groups.md#default-to-custom-autopatch-group-device-conflict)</li></ul> | :x: | :heavy_check_mark: |
|
||||
| Resolve remediated device conflict scenarios<ul><li>[Custom to Custom Autopatch group device conflict](../manage/windows-autopatch-manage-autopatch-groups.md#custom-to-custom-autopatch-group-device-conflict)</li><li>[Device conflict prior to device registration](../manage/windows-autopatch-manage-autopatch-groups.md#device-conflict-prior-to-device-registration)</li></ul> | :heavy_check_mark: | :x: |
|
||||
| Maintain the Test and Last deployment ring membership<ul><li>[Default Windows Autopatch deployment rings](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)</li><li>[Custom Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
|
||||
| Monitor [Windows update signals](../manage/windows-autopatch-windows-quality-update-signals.md) for safe update release<ul><li>[Pre-release signals](../manage/windows-autopatch-windows-quality-update-signals.md#pre-release-signals)</li><li>[Early signals](../manage/windows-autopatch-windows-quality-update-signals.md#early-signals)</li><li>[Device reliability signals](../manage/windows-autopatch-windows-quality-update-signals.md#device-reliability-signals)</li></ul> | :x: | :heavy_check_mark: |
|
||||
| Test specific [business update scenarios](../manage/windows-autopatch-windows-quality-update-signals.md) | :heavy_check_mark: | :x: |
|
||||
|
||||
@ -100,7 +100,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
|
||||
| ----- | ----- |
|
||||
| [Roles and responsibilities](../overview/windows-autopatch-roles-responsibilities.md) | Updated article to include Windows Autopatch groups |
|
||||
| [Windows Autopatch groups overview](../deploy/windows-autopatch-groups-overview.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
|
||||
| [Manage Windows Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
|
||||
| [Manage Windows Autopatch groups](../manage/windows-autopatch-manage-autopatch-groups.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
|
||||
| [Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
|
||||
| [Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
|
||||
| [Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
|
||||
|
||||
@ -99,7 +99,9 @@
|
||||
"operating-system-security/data-protection/**/*.md": "paolomatarazzo",
|
||||
"operating-system-security/data-protection/**/*.yml": "paolomatarazzo",
|
||||
"operating-system-security/network-security/**/*.md": "paolomatarazzo",
|
||||
"operating-system-security/network-security/**/*.yml": "paolomatarazzo"
|
||||
"operating-system-security/network-security/**/*.yml": "paolomatarazzo",
|
||||
"security-foundations/certification/**/*.md": "mike-grimm",
|
||||
"security-foundations/certification/**/*.yml": "mike-grimm"
|
||||
},
|
||||
"ms.author": {
|
||||
"application-security//**/*.md": "vinpa",
|
||||
@ -119,7 +121,9 @@
|
||||
"operating-system-security/data-protection/**/*.md": "paoloma",
|
||||
"operating-system-security/data-protection/**/*.yml": "paoloma",
|
||||
"operating-system-security/network-security/**/*.md": "paoloma",
|
||||
"operating-system-security/network-security/**/*.yml": "paoloma"
|
||||
"operating-system-security/network-security/**/*.yml": "paoloma",
|
||||
"security-foundations/certification/**/*.md": "mgrimm",
|
||||
"security-foundations/certification/**/*.yml": "mgrimm"
|
||||
},
|
||||
"appliesto": {
|
||||
"application-security//**/*.md": [
|
||||
@ -233,7 +237,8 @@
|
||||
"operating-system-security/data-protection/personal-data-encryption/*.md": "rhonnegowda",
|
||||
"operating-system-security/device-management/windows-security-configuration-framework/*.md": "jmunck",
|
||||
"operating-system-security/network-security/vpn/*.md": "pesmith",
|
||||
"operating-system-security/network-security/windows-firewall/*.md": "nganguly"
|
||||
"operating-system-security/network-security/windows-firewall/*.md": "nganguly",
|
||||
"security-foundations/certification/**/*.md": "paoloma"
|
||||
},
|
||||
"ms.collection": {
|
||||
"book/*.md": "tier3",
|
||||
@ -242,6 +247,7 @@
|
||||
"information-protection/tpm/*.md": "tier1",
|
||||
"operating-system-security/data-protection/bitlocker/*.md": "tier1",
|
||||
"operating-system-security/data-protection/personal-data-encryption/*.md": "tier1",
|
||||
"security-foundations/certification/**/*.md": "tier3",
|
||||
"threat-protection/auditing/*.md": "tier3"
|
||||
},
|
||||
"ROBOTS": {
|
||||
|
||||
@ -3,10 +3,6 @@ title: Windows FIPS 140 validation
|
||||
description: Learn how Microsoft products and cryptographic modules follow the U.S. Federal government standard FIPS 140.
|
||||
ms.date: 2/1/2024
|
||||
ms.topic: reference
|
||||
ms.author: v-rodurff
|
||||
author: msrobertd
|
||||
ms.reviewer: paoloma
|
||||
ms.collection: tier3
|
||||
---
|
||||
|
||||
# Windows FIPS 140 validation
|
||||
|
||||
@ -3,10 +3,6 @@ title: Common Criteria certifications for previous Windows releases
|
||||
description: Learn about the completed Common Criteria certifications for previous Windows releases.
|
||||
ms.date: 2/1/2024
|
||||
ms.topic: reference
|
||||
ms.author: v-rodurff
|
||||
author: msrobertd
|
||||
ms.reviewer: paoloma
|
||||
ms.collection: tier3
|
||||
---
|
||||
|
||||
# Common Criteria certifications for previous Windows releases
|
||||
|
||||
@ -3,10 +3,6 @@ title: Common Criteria certifications for Windows Server 2022, 2019, and 2016
|
||||
description: Learn about the completed Common Criteria certifications for Windows Server 2022, 2019, and 2016.
|
||||
ms.date: 2/1/2024
|
||||
ms.topic: reference
|
||||
ms.author: v-rodurff
|
||||
author: msrobertd
|
||||
ms.reviewer: paoloma
|
||||
ms.collection: tier3
|
||||
---
|
||||
|
||||
# Windows Server 2022, 2019, and 2016 Common Criteria certifications
|
||||
|
||||
@ -3,10 +3,6 @@ title: Common Criteria certifications for previous Windows Server releases
|
||||
description: Learn about the completed Common Criteria certifications for previous Windows Server releases.
|
||||
ms.date: 2/1/2024
|
||||
ms.topic: reference
|
||||
ms.author: v-rodurff
|
||||
author: msrobertd
|
||||
ms.reviewer: paoloma
|
||||
ms.collection: tier3
|
||||
---
|
||||
|
||||
# Common Criteria certifications for previous Windows Server releases
|
||||
|
||||
@ -3,10 +3,6 @@ title: Common Criteria certifications for Windows Server semi-annual releases
|
||||
description: Learn about the completed Common Criteria certifications for Windows Server semi-annual releases.
|
||||
ms.date: 2/1/2024
|
||||
ms.topic: reference
|
||||
ms.author: v-rodurff
|
||||
author: msrobertd
|
||||
ms.reviewer: paoloma
|
||||
ms.collection: tier3
|
||||
---
|
||||
|
||||
# Windows Server semi-annual Common Criteria certifications
|
||||
|
||||
@ -3,10 +3,6 @@ title: Common Criteria certifications for Windows 10
|
||||
description: Learn about the completed Common Criteria certifications for Windows 10.
|
||||
ms.date: 2/1/2024
|
||||
ms.topic: reference
|
||||
ms.author: v-rodurff
|
||||
author: msrobertd
|
||||
ms.reviewer: paoloma
|
||||
ms.collection: tier3
|
||||
---
|
||||
|
||||
# Windows 10 Common Criteria certifications
|
||||
|
||||
@ -3,10 +3,6 @@ title: Common Criteria certifications for Windows 11
|
||||
description: Learn about the completed Common Criteria certifications for Windows 11.
|
||||
ms.date: 2/1/2024
|
||||
ms.topic: reference
|
||||
ms.author: v-rodurff
|
||||
author: msrobertd
|
||||
ms.reviewer: paoloma
|
||||
ms.collection: tier3
|
||||
---
|
||||
|
||||
# Windows 11 Common Criteria certifications
|
||||
|
||||
@ -3,11 +3,8 @@ title: FIPS 140 validated modules for other products
|
||||
description: This topic lists the completed FIPS 140 cryptographic module validations for products other than Windows and Windows Server that leverage the Windows cryptographic modules.
|
||||
ms.date: 2/1/2024
|
||||
ms.topic: reference
|
||||
ms.author: v-rodurff
|
||||
author: msrobertd
|
||||
ms.reviewer: paoloma
|
||||
ms.collection: tier3
|
||||
---
|
||||
|
||||
# FIPS 140 validated modules in other products
|
||||
|
||||
The following tables list the completed FIPS 140 validations in products other than Windows and Windows Server that leverage the Windows cryptographic modules. The linked Security Policy document for each module provides details on the module capabilities and the policies the operator must follow to use the module in its FIPS approved mode of operation. For details on the FIPS approved algorithms used by each module, including CAVP algorithm certificates, see the module's linked Security Policy document or CMVP module certificate.
|
||||
|
||||
@ -3,11 +3,8 @@ title: FIPS 140 validated modules for previous Windows versions
|
||||
description: This topic lists the completed FIPS 140 cryptographic module validations for versions of Windows prior to Windows 10.
|
||||
ms.date: 2/1/2024
|
||||
ms.topic: reference
|
||||
ms.author: v-rodurff
|
||||
author: msrobertd
|
||||
ms.reviewer: paoloma
|
||||
ms.collection: tier3
|
||||
---
|
||||
|
||||
# FIPS 140 validated modules in previous Windows versions
|
||||
|
||||
The following tables list the completed FIPS 140 validations of cryptographic modules used in versions of Windows prior to Windows 10, organized by major release of the operating system. The linked Security Policy document for each module provides details on the module capabilities and the policies the operator must follow to use the module in its FIPS approved mode of operation. For information on using the overall operating system in its FIPS approved mode, see [Use Windows in a FIPS approved mode of operation](../fips-140-validation.md#use-windows-in-a-fips-approved-mode-of-operation). For details on the FIPS approved algorithms used by each module, including CAVP algorithm certificates, see the module's linked Security Policy document or CMVP module certificate.
|
||||
|
||||
@ -3,10 +3,6 @@ title: FIPS 140 validated modules for Windows Server 2016
|
||||
description: This topic lists the completed FIPS 140 cryptographic module validations for Windows Server 2016.
|
||||
ms.date: 2/1/2024
|
||||
ms.topic: reference
|
||||
ms.author: v-rodurff
|
||||
author: msrobertd
|
||||
ms.reviewer: paoloma
|
||||
ms.collection: tier3
|
||||
---
|
||||
# FIPS 140 validated modules in Windows Server 2016
|
||||
|
||||
|
||||
@ -3,11 +3,8 @@ title: FIPS 140 validated modules for Windows Server 2019
|
||||
description: This topic lists the completed FIPS 140 cryptographic module validations for Windows Server 2019.
|
||||
ms.date: 4/5/2024
|
||||
ms.topic: reference
|
||||
ms.author: v-rodurff
|
||||
author: msrobertd
|
||||
ms.reviewer: paoloma
|
||||
ms.collection: tier3
|
||||
---
|
||||
|
||||
# FIPS 140 validated modules in Windows Server 2019
|
||||
|
||||
The following tables list the completed FIPS 140 validations of cryptographic modules used in Windows Server 2019, organized by major release of the operating system. The linked Security Policy document for each module provides details on the module capabilities and the policies the operator must follow to use the module in its FIPS approved mode of operation. For information on using the overall operating system in its FIPS approved mode, see [Use Windows in a FIPS approved mode of operation](../fips-140-validation.md#use-windows-in-a-fips-approved-mode-of-operation). For details on the FIPS approved algorithms used by each module, see its linked Security Policy document or module certificate.
|
||||
|
||||
@ -3,10 +3,6 @@ title: FIPS 140 validated modules for previous Windows Server versions
|
||||
description: This topic lists the completed FIPS 140 cryptographic module validations for versions of Windows Server prior to Windows Server 2016.
|
||||
ms.date: 2/1/2024
|
||||
ms.topic: reference
|
||||
ms.author: v-rodurff
|
||||
author: msrobertd
|
||||
ms.reviewer: paoloma
|
||||
ms.collection: tier3
|
||||
---
|
||||
|
||||
# FIPS 140 validated modules in previous Windows Server versions
|
||||
|
||||
@ -3,10 +3,6 @@ title: FIPS 140 validated modules for Windows Server Semi-Annual Releases
|
||||
description: This topic lists the completed FIPS 140 cryptographic module validations for Windows Server semi-annual releases.
|
||||
ms.date: 2/1/2024
|
||||
ms.topic: reference
|
||||
ms.author: v-rodurff
|
||||
author: msrobertd
|
||||
ms.reviewer: paoloma
|
||||
ms.collection: tier3
|
||||
---
|
||||
|
||||
# FIPS 140 validated modules in Windows Server semi-annual releases
|
||||
|
||||
@ -3,10 +3,6 @@ title: FIPS 140 validated modules for Windows 10
|
||||
description: This topic lists the completed FIPS 140 cryptographic module validations for Windows 10.
|
||||
ms.date: 2/1/2024
|
||||
ms.topic: reference
|
||||
ms.author: v-rodurff
|
||||
author: msrobertd
|
||||
ms.reviewer: paoloma
|
||||
ms.collection: tier3
|
||||
---
|
||||
|
||||
# FIPS 140 validated modules for Windows 10
|
||||
|
||||
@ -3,10 +3,6 @@ title: FIPS 140 validated modules for Windows 11
|
||||
description: This topic lists the completed FIPS 140 cryptographic module validations for Windows 11.
|
||||
ms.date: 2/1/2024
|
||||
ms.topic: reference
|
||||
ms.author: v-rodurff
|
||||
author: msrobertd
|
||||
ms.reviewer: paoloma
|
||||
ms.collection: tier3
|
||||
---
|
||||
|
||||
# FIPS 140 validated modules for Windows 11
|
||||
|
||||
@ -3,10 +3,6 @@ title: Windows Common Criteria certifications
|
||||
description: Learn how Microsoft products are certified under the Common Criteria for Information Technology Security Evaluation program.
|
||||
ms.date: 2/1/2024
|
||||
ms.topic: reference
|
||||
ms.author: v-rodurff
|
||||
author: msrobertd
|
||||
ms.reviewer: paoloma
|
||||
ms.collection: tier3
|
||||
---
|
||||
|
||||
# Common Criteria certifications
|
||||
|
||||
@ -105,7 +105,7 @@ The features in this article are no longer being actively developed, and might b
|
||||
|IIS Digest Authentication | We recommend that users use alternative authentication methods.| 1709 |
|
||||
|RSA/AES Encryption for IIS | We recommend that users use CNG encryption provider. | 1709 |
|
||||
|Screen saver functionality in Themes | Disabled in Themes. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 |
|
||||
|Sync your settings (updated: July, 30, 2024) | Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. As part of this change, we will stop supporting the Device Syncing Settings and App Data report. All other **Sync your settings** options and the Enterprise State Roaming feature will continue to work provided your clients are running an up-to-date version of: </br> - Windows 11 </br> - Windows 10, version 21H2, or later | 1709 |
|
||||
|Sync your settings (updated: July, 30, 2024) | Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. As part of this change, we will stop supporting the Device Syncing Settings and App Data report. All other **Sync your settings** options will continue to work provided your clients are running an up-to-date version of: </br> - Windows 11 </br> - Windows 10, version 21H2, or later | 1709 |
|
||||
|System Image Backup (SIB) Solution|This feature is also known as the **Backup and Restore (Windows 7)** legacy control panel. For full-disk backup solutions, look for a third-party product from another software publisher. You can also use [OneDrive](/onedrive/) to sync data files with Microsoft 365.| 1709 |
|
||||
|TLS RC4 Ciphers |To be disabled by default. For more information, see [TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016](/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server)| 1709 |
|
||||
|Trusted Platform Module (TPM) Owner Password Management |This functionality within TPM.msc will be migrated to a new user interface.| 1709 |
|
||||
|
||||
Reference in New Issue
Block a user