From 59cffdf58cfce98e9cfee516bbeef6d4a4e480b7 Mon Sep 17 00:00:00 2001 From: Andre Della Monica Date: Fri, 5 May 2023 01:28:19 -0500 Subject: [PATCH 1/7] More changes --- ...utopatch-groups-manage-autopatch-groups.md | 49 +++++++++++++++++-- ...s-manage-windows-feature-update-release.md | 2 +- 2 files changed, 47 insertions(+), 4 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md index e1c138aaca..64da09bf0a 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md @@ -1,7 +1,7 @@ --- title: Manage Windows Autopatch groups description: This article explains how to manage Autopatch groups -ms.date: 05/03/2023 +ms.date: 05/05/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: how-to @@ -46,7 +46,7 @@ Before you start managing Autopatch groups, ensure you’ve met the following pr - Windows Autopatch – Ring2 - Windows Autopatch – Ring3 - Windows Autopatch – Last -- Additionally, **don't** modify the Azure AD group ownership of any of the groups above otherwise, Autopatch groups device registration process won't be able to add devices into these groups. +- Additionally, **don't** modify the Azure AD group ownership of any of the groups above otherwise, Autopatch groups device registration process won't be able to add devices into these groups. If the ownership is modified, you must add the **Modern Workplace Management** Service Principal as the owner of these groups. - For more information, see [assign an owner of member of a group in Azure AD](/azure/active-directory/privileged-identity-management/groups-assign-member-owner#assign-an-owner-or-member-of-a-group) on how to remediate Azure Azure AD group ownership. - Make sure you have [app-only auth turned on in your Windows Autopatch tenant](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions). Otherwise, the Autopatch groups functionality won’t work properly. Autopatch uses app-only auth to: - Read device attributes to successfully register devices. @@ -123,7 +123,11 @@ You **can’t** delete the Default Autopatch group. However, you can delete a Cu > [!CAUTION] > You can’t delete a Custom Autopatch group when it’s being used as part of one or more active or paused feature update releases. However, you can delete a Custom Autopatch group when the release for either Windows quality or feature updates have either the **Scheduled** or **Paused** statuses. -## Manage device conflict scenarios when Autopatch groups +## Manage device conflict scenarios when using Autopatch groups + +> [!IMPORTANT] +> The Windows Autopatch groups functionaliy is in **public preview**. This feature is being actively developed and not all device conflict detection and resolution scenarios are working as expected. +> See Known issues for more details on what's currently available and what's coming next for this scenario. Overlap in device membership is a common scenario when working with device-based Azure AD groups since sometimes dynamic queries can be large in scope or the same assigned device membership can be used across different Azure AD groups. @@ -171,3 +175,42 @@ When you create or edit the Custom or Default Autopatch group, Windows Autopatch #### Device conflict post device registration Autopatch groups will keep monitoring for all device conflict scenarios listed in the [Manage device conflict scenarios when using Autopatch groups](#manage-device-conflict-scenarios-when-autopatch-groups) section even after devices were successfully registered with the service. + +## Known issues +This section lists recent known issues with Autopatch groups during its public preview. + +### Device conflict scenarios when using Autopatch groups +- **Status: Active** +- **Date: 05/05/2023** + +The Windows Autopatch team is aware that all device conflict scenarios listed below are only being currently evaluated during the device registration process to make sure devices are properly registered with the service, and not evaluated post device registration. The device conflict scenarios are: + +- Default to custom AG device conflict detection and resolution. +- Device conflict detection and resolution within an Autopatch group. +- Custom to custom Autopatch group device conflict detection. + +The Windows Autopatch team is currently developing detection and resolution for the device conflict scenarios above, and plan to make them available in production still during the public preview timeframe. + +### Autopatch group Azure AD group remediator +- **Status: Active** +- **Date: 05/05/2023** + +The Windows Autopatch team is aware that the Windows Autopatch service is not automatically restoring the Azure AD groups that get created during the Autopatch groups creation/editing process. This means that if deleted or renamed, the following Azure AD groups that belong to the default Autopatch group and other Azure AD groups that get created with custom Autopatch groups will not be automatically remediated on your behalf yet: + +- Windows Autopatch – Test +- Windows Autopatch – Ring1 +- Windows Autopatch – Ring2 +- Windows Autopatch – Ring3 +- Windows Autopatch – Last + +The Windows Autopatch team is currently developing the Autopatch group Azure AD group remediator feature and plan to make it available in production still during the public preview timeframe. + +> [!NOTE] +> The Autopatch group remediator will not cover remediation of the service-based deployment rings: +> +> - Modern Workplace Devices-Windows Autopatch-Test +> - Modern Workplace Devices-Windows Autopatch-First +> - Modern Workplace Devices-Windows Autopatch-Fast +> - Modern Workplace Devices-Windows Autopatch-Broad +> +> Use the [Policy health feature](../operate/windows-autopatch-policy-health-and-remediation.md) to restore these groups, if needed. See [restore Windows update policies](../operate/windows-autopatch-policy-health-and-remediation.md#restore-windows-update-policies) for more information. diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md index 5552fe0c6d..fab7bbabbc 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md @@ -1,7 +1,7 @@ --- title: Manage Windows feature update releases description: This article explains how you can manage Windows feature updates with Autopatch groups -ms.date: 05/01/2023 +ms.date: 05/05/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: conceptual From 532bc740aabc4dda58c976ded2176b4d90624b8f Mon Sep 17 00:00:00 2001 From: Andre Della Monica Date: Fri, 5 May 2023 01:37:18 -0500 Subject: [PATCH 2/7] More changes --- .../windows-autopatch-groups-manage-autopatch-groups.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md index 64da09bf0a..989650e09e 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md @@ -127,7 +127,7 @@ You **can’t** delete the Default Autopatch group. However, you can delete a Cu > [!IMPORTANT] > The Windows Autopatch groups functionaliy is in **public preview**. This feature is being actively developed and not all device conflict detection and resolution scenarios are working as expected. -> See Known issues for more details on what's currently available and what's coming next for this scenario. +> See [Known issues](#known-issues) for more details on what to expect for this scenario during the public preview. Overlap in device membership is a common scenario when working with device-based Azure AD groups since sometimes dynamic queries can be large in scope or the same assigned device membership can be used across different Azure AD groups. @@ -181,7 +181,6 @@ This section lists recent known issues with Autopatch groups during its public p ### Device conflict scenarios when using Autopatch groups - **Status: Active** -- **Date: 05/05/2023** The Windows Autopatch team is aware that all device conflict scenarios listed below are only being currently evaluated during the device registration process to make sure devices are properly registered with the service, and not evaluated post device registration. The device conflict scenarios are: @@ -193,7 +192,6 @@ The Windows Autopatch team is currently developing detection and resolution for ### Autopatch group Azure AD group remediator - **Status: Active** -- **Date: 05/05/2023** The Windows Autopatch team is aware that the Windows Autopatch service is not automatically restoring the Azure AD groups that get created during the Autopatch groups creation/editing process. This means that if deleted or renamed, the following Azure AD groups that belong to the default Autopatch group and other Azure AD groups that get created with custom Autopatch groups will not be automatically remediated on your behalf yet: From 815be4340f827aa62ed5450c43aa73e42e31a2de Mon Sep 17 00:00:00 2001 From: Andre Della Monica Date: Fri, 5 May 2023 01:45:54 -0500 Subject: [PATCH 3/7] More changes --- .../deploy/windows-autopatch-groups-manage-autopatch-groups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md index 989650e09e..9928029705 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md @@ -47,7 +47,7 @@ Before you start managing Autopatch groups, ensure you’ve met the following pr - Windows Autopatch – Ring3 - Windows Autopatch – Last - Additionally, **don't** modify the Azure AD group ownership of any of the groups above otherwise, Autopatch groups device registration process won't be able to add devices into these groups. If the ownership is modified, you must add the **Modern Workplace Management** Service Principal as the owner of these groups. - - For more information, see [assign an owner of member of a group in Azure AD](/azure/active-directory/privileged-identity-management/groups-assign-member-owner#assign-an-owner-or-member-of-a-group) on how to remediate Azure Azure AD group ownership. + - For more information, see [assign an owner or member of a group in Azure AD](/azure/active-directory/privileged-identity-management/groups-assign-member-owner#assign-an-owner-or-member-of-a-group) for steps on how to add owners to Azure Azure AD groups. - Make sure you have [app-only auth turned on in your Windows Autopatch tenant](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions). Otherwise, the Autopatch groups functionality won’t work properly. Autopatch uses app-only auth to: - Read device attributes to successfully register devices. - Manage all configurations related to the operation of the service. From d8b1ea7df8601cd71c977054773a940d8ad928ff Mon Sep 17 00:00:00 2001 From: Andre Della Monica Date: Fri, 5 May 2023 01:47:55 -0500 Subject: [PATCH 4/7] More changes --- .../deploy/windows-autopatch-groups-manage-autopatch-groups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md index 9928029705..e0f6384c21 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md @@ -211,4 +211,4 @@ The Windows Autopatch team is currently developing the Autopatch group Azure AD > - Modern Workplace Devices-Windows Autopatch-Fast > - Modern Workplace Devices-Windows Autopatch-Broad > -> Use the [Policy health feature](../operate/windows-autopatch-policy-health-and-remediation.md) to restore these groups, if needed. See [restore Windows update policies](../operate/windows-autopatch-policy-health-and-remediation.md#restore-windows-update-policies) for more information. +> Use the [Policy health feature](../operate/windows-autopatch-policy-health-and-remediation.md) to restore these groups, if needed. See [restore deployment groups](../operate/windows-autopatch-policy-health-and-remediation.md#restore-deployment-groups) for more information. From 6df9a82894afbdcc91487e998bf4c427c330dcc6 Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Fri, 5 May 2023 08:16:02 -0700 Subject: [PATCH 5/7] Update windows-autopatch-groups-manage-autopatch-groups.md --- ...utopatch-groups-manage-autopatch-groups.md | 21 +++++++++---------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md index e0f6384c21..f92ad1edb8 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md @@ -127,7 +127,7 @@ You **can’t** delete the Default Autopatch group. However, you can delete a Cu > [!IMPORTANT] > The Windows Autopatch groups functionaliy is in **public preview**. This feature is being actively developed and not all device conflict detection and resolution scenarios are working as expected. -> See [Known issues](#known-issues) for more details on what to expect for this scenario during the public preview. +> Fore more information on what to expect for this scenario during public preview, see [Known issues](#known-issues). Overlap in device membership is a common scenario when working with device-based Azure AD groups since sometimes dynamic queries can be large in scope or the same assigned device membership can be used across different Azure AD groups. @@ -174,26 +174,25 @@ When you create or edit the Custom or Default Autopatch group, Windows Autopatch #### Device conflict post device registration -Autopatch groups will keep monitoring for all device conflict scenarios listed in the [Manage device conflict scenarios when using Autopatch groups](#manage-device-conflict-scenarios-when-autopatch-groups) section even after devices were successfully registered with the service. +Autopatch groups will keep monitoring for all device conflict scenarios listed in the [Manage device conflict scenarios when using Autopatch groups](../deploy/windows-autopatch-groups-.md#manage-device-conflict-scenarios-when-using-autopatch-groups) section even after devices were successfully registered with the service. ## Known issues + This section lists recent known issues with Autopatch groups during its public preview. ### Device conflict scenarios when using Autopatch groups - **Status: Active** -The Windows Autopatch team is aware that all device conflict scenarios listed below are only being currently evaluated during the device registration process to make sure devices are properly registered with the service, and not evaluated post device registration. The device conflict scenarios are: +The Windows Autopatch team is aware that all device conflict scenarios listed below are currently being evaluated during the device registration process to make sure devices are properly registered with the service, and not evaluated post-device registration. The Windows Autopatch team is currently developing detection and resolution for the followin device conflict scenarios, and plan to make them available during public preview. -- Default to custom AG device conflict detection and resolution. +- Default to Custom Autopatch device conflict detection and resolution. - Device conflict detection and resolution within an Autopatch group. -- Custom to custom Autopatch group device conflict detection. - -The Windows Autopatch team is currently developing detection and resolution for the device conflict scenarios above, and plan to make them available in production still during the public preview timeframe. +- Custom to Cstom Autopatch group device conflict detection. ### Autopatch group Azure AD group remediator - **Status: Active** -The Windows Autopatch team is aware that the Windows Autopatch service is not automatically restoring the Azure AD groups that get created during the Autopatch groups creation/editing process. This means that if deleted or renamed, the following Azure AD groups that belong to the default Autopatch group and other Azure AD groups that get created with custom Autopatch groups will not be automatically remediated on your behalf yet: +The Windows Autopatch team is aware that the Windows Autopatch service isn't automatically restoring the Azure AD groups that get created during the Autopatch groups creation/editing process. If the following Azure AD groups, that belong to the Default Autopatch group and other Azure AD groups that get created with Custom Autopatch groups, are deleted or renamed, they won't be automatically remediated on your behalf yet: - Windows Autopatch – Test - Windows Autopatch – Ring1 @@ -201,14 +200,14 @@ The Windows Autopatch team is aware that the Windows Autopatch service is not au - Windows Autopatch – Ring3 - Windows Autopatch – Last -The Windows Autopatch team is currently developing the Autopatch group Azure AD group remediator feature and plan to make it available in production still during the public preview timeframe. +The Windows Autopatch team is currently developing the Autopatch group Azure AD group remediator feature and plan to make it available during public preview. > [!NOTE] -> The Autopatch group remediator will not cover remediation of the service-based deployment rings: +> The Autopatch group remediator won't remediate the service-based deployment rings: > > - Modern Workplace Devices-Windows Autopatch-Test > - Modern Workplace Devices-Windows Autopatch-First > - Modern Workplace Devices-Windows Autopatch-Fast > - Modern Workplace Devices-Windows Autopatch-Broad > -> Use the [Policy health feature](../operate/windows-autopatch-policy-health-and-remediation.md) to restore these groups, if needed. See [restore deployment groups](../operate/windows-autopatch-policy-health-and-remediation.md#restore-deployment-groups) for more information. +> Use the [Policy health feature](../operate/windows-autopatch-policy-health-and-remediation.md) to restore these groups, if needed. For more information, see [restore deployment groups](../operate/windows-autopatch-policy-health-and-remediation.md#restore-deployment-groups). From d9dd1e93e63a1912ea2ead52aa188965ce6ebbde Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Fri, 5 May 2023 08:18:01 -0700 Subject: [PATCH 6/7] Update windows-autopatch-groups-manage-autopatch-groups.md --- .../windows-autopatch-groups-manage-autopatch-groups.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md index f92ad1edb8..9dc869daac 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md @@ -178,9 +178,10 @@ Autopatch groups will keep monitoring for all device conflict scenarios listed i ## Known issues -This section lists recent known issues with Autopatch groups during its public preview. +This section lists known issues with Autopatch groups during its public preview. ### Device conflict scenarios when using Autopatch groups + - **Status: Active** The Windows Autopatch team is aware that all device conflict scenarios listed below are currently being evaluated during the device registration process to make sure devices are properly registered with the service, and not evaluated post-device registration. The Windows Autopatch team is currently developing detection and resolution for the followin device conflict scenarios, and plan to make them available during public preview. @@ -190,6 +191,7 @@ The Windows Autopatch team is aware that all device conflict scenarios listed be - Custom to Cstom Autopatch group device conflict detection. ### Autopatch group Azure AD group remediator + - **Status: Active** The Windows Autopatch team is aware that the Windows Autopatch service isn't automatically restoring the Azure AD groups that get created during the Autopatch groups creation/editing process. If the following Azure AD groups, that belong to the Default Autopatch group and other Azure AD groups that get created with Custom Autopatch groups, are deleted or renamed, they won't be automatically remediated on your behalf yet: From 9d4e0e5021f06403c2ead56f4e791d1b26f0d28b Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Fri, 5 May 2023 08:20:57 -0700 Subject: [PATCH 7/7] Update windows-autopatch-groups-manage-autopatch-groups.md --- .../deploy/windows-autopatch-groups-manage-autopatch-groups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md index 9dc869daac..2eed6eee26 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md @@ -174,7 +174,7 @@ When you create or edit the Custom or Default Autopatch group, Windows Autopatch #### Device conflict post device registration -Autopatch groups will keep monitoring for all device conflict scenarios listed in the [Manage device conflict scenarios when using Autopatch groups](../deploy/windows-autopatch-groups-.md#manage-device-conflict-scenarios-when-using-autopatch-groups) section even after devices were successfully registered with the service. +Autopatch groups will keep monitoring for all device conflict scenarios listed in the [Manage device conflict scenarios when using Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#manage-device-conflict-scenarios-when-using-autopatch-groups) section even after devices were successfully registered with the service. ## Known issues