deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

More updates

Browse Source
This commit is contained in:
Andre Della Monica 2023-02-01 15:32:55 -06:00
parent 3b30d2cf56
commit 90a492de59
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md
View File

@ -14,22 +14,21 @@ msreviewer: andredm7
# Windows feature updates
Microsoft provides robust modern device management (MDM) solutions such as Microsoft Intune, Windows Update for Business, Configuration Manager etc. However, the administration of these solutions to keep Windows devices up to date with the latest Windows feature releases rests on your organizations IT admins. The Windows feature update process is considered one of the most expensive and fundamental tasks by IT organizations because Windows feature updates provide:
Microsoft provides robust mobile device management (MDM) solutions such as Microsoft Intune, Windows Update for Business, Configuration Manager etc. However, the administration of these solutions to keep Windows devices up to date with the latest Windows feature releases rests on your organizations IT admins. The Windows feature update process is considered one of the most expensive and time consuming tasks for IT since it requires incremental rollout and validation.
- Fixes for security vulnerabilities and known bugs to keep Windows devices protected against advanced malicious attacks.
- Fixes known bugs to keep Windows devices protected against behavioral issues.
- New features to boost end-user productivity.
Windows Autopatch makes it easier and less expensive for you to keep your Windows devicesup to date so you can focus on running your corebusinesses while Windows Autopatch runs update management on your behalf.
## Enforcing a minimum Windows OS version
Once devices are registered with Windows Autopatch, theyre assigned to deployment rings. Each deployment ring has its Windows feature update policy assigned to them.
Once devices are registered with Windows Autopatch, theyre assigned to deployment rings. Each of the four deployment rings have its Windows feature update policy assigned to them. This is intended to minimize unexpected Windows OS upgrades once new devices register with the service.
The policies:
- Contain the minimum Windows 10 version being currently serviced by the [Windows servicing channels](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2). The current minimum OS version is **Windows 10 20H2**.
- Set a bare minimum Windows OS version required by the service once devices are registered with the service.
- Minimize unexpected Windows OS upgrades once new devices register with Windows Autopatch.
If a device is registered with Windows Autopatch, and the device is:
@ -50,17 +49,23 @@ If your tenant is enrolled with Windows Autopatch, you can see the following pol
> [!IMPORTANT]
> If youre ahead of the current minimum OS version enforced by Windows Autopatch in your organization, you can [edit Windows Autopatchs default Windows feature update policy and select your desired targeted version](/mem/intune/protect/windows-10-feature-updates#create-and-assign-feature-updates-for-windows-10-and-later-policy).
> [!NOTE]
> The four minimum Windows 10 OS version feature update policies were introduced in Windows Autopatch in the 2212 release milestone. Its creation automatically unassigns the previous four feature update policies targeting Windows 10 21H2 from all four Windows Autopatch deployment rings:<p>**Modern Workplace DSS Policy [Test]**</p><p>**Modern Workplace DSS Policy [First]**</p><p>**Modern Workplace DSS Policy [Fast]**</p><p>**Modern Workplace DSS Policy [Broad]**</p><p>Since the new feature update policies setting the minimum Windows 10 OS version are in place, the policies above can be removed from your tenant.</p>
## Test Windows 11 feature updates
You can test Windows 11 deployments by adding devices either through direct membership or by bulk importing them into the Modern Workplace - Windows 11 Pre-Release Test Devices Azure AD group. Theres a separate Windows feature update policy (**Modern Workplace DSS Policy [Windows 11]**) targeted to this Azure AD group, and its configuration is set as follows:
You can test Windows 11 deployments by adding devices either through direct membership or by bulk importing them into the **Modern Workplace - Windows 11 Pre-Release Test Devices** Azure AD group. Theres a separate Windows feature update policy (**Modern Workplace DSS Policy [Windows 11]**) targeted to this Azure AD group, and its configuration is set as follows:
| Policy name | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
| ----- | ----- | ----- | ----- | ----- | ----- | ----- |
| Modern Workplace DSS Policy [Windows 11] | Windows 11 22H2 | Make update available as soon as possible | N/A | N/A | N/A | 10/13/2025, 7:00PM |
> [!IMPORTANT]
> Windows Autopatch neither applies its deployment ring distribution, nor configure [Windows Update for Business gradual rollout settings](https://learn.microsoft.com/mem/intune/protect/windows-update-rollout-options) in the Feature update policy **Modern Workplace DSS Policy [Windows 11]**.<p>Once devices are added into the **Modern Workplace - Windows 11 Pre-Release Test Devices** Azure AD group, they can all apply the Windows 11 22H2 feature update with no gradual rollout or deployment ring capabilities.</p>
## Manage Windows feature update deployments
Windows Autopatch uses Microsoft Intunes built-in solution, which uses configuration service providers (CSPs), for pausing and resuming both [Windows quality](windows-autopatch-wqu-overview.md#pausing-and-resuming-a-release) and feature updates.
Windows Autopatch uses Microsoft Intunes built-in solution, which uses configuration service providers (CSPs), for pausing and resuming both [Windows quality and feature updates](windows-autopatch-wqu-overview.md#pausing-and-resuming-a-release).
Windows Autopatch provides a permanent pause of a Windows feature update deployment. The Windows Autopatch service automatically extends the 35 day pause limit (permanent pause) established by Microsoft Intune on your behalf. The deployment remains permanently paused until you decide to resume it.
@ -86,7 +91,7 @@ Windows Autopatch provides a permanent pause of a Windows feature update deploym
Windows Autopatch doesnt support the rollback of Windows Feature updates.
> [!CAUTION]
> Its not recommended to use [Microsoft Intunes capabilities](/mem/intune/protect/windows-10-update-rings#manage-your-windows-update-rings) to pause and rollback a Windows feature update. However, if you choose to pause, resume and/or roll back from Intune, Windows Autopatch is **not** responsible for any problems that arise from rolling back the feature update.
> Its not recommended to use [Microsoft Intunes capabilities](/mem/intune/protect/windows-10-update-rings#manage-your-windows-update-rings) to pause and rollback a Windows feature update. However, if you choose to pause, resume and/or roll back from Intune, Windows Autopatch is **not** responsible for any problems that arise from rolling back the Windows feature update.
## Contact support