More articles for GA.

windows/deployment/windows-autopatch/TOC.yml

@@ -17,8 +17,9 @@
           href: prepare/windows-autopatch-configure-network.md
         - name: Enroll your tenant
           href: prepare/windows-autopatch-enroll-tenant.md
-        - name: Fix issues found by the Readiness assessment tool
+          items:
-          href: prepare/windows-autopatch-fix-issues.md
+            - name: Fix issues found by the Readiness assessment tool
+              href: prepare/windows-autopatch-fix-issues.md
     - name: Deploy
       href: deploy/index.md
       items:
@@ -32,17 +33,23 @@
         - name: Update management
           href: operate/windows-autopatch-update-management.md
           items:
-            - name: Windows quality updates
+            - name: Windows updates
-              href: operate/windows-autopatch-wqu-overview.md
+              href:
               items:
-                - name: Windows quality end user experience
+                - name: Windows quality updates
-                  href: operate/windows-autopatch-wqu-end-user-exp.md
+                  href: operate/windows-autopatch-wqu-overview.md
-                - name: Windows quality update signals
+                  items:
-                  href: operate/windows-autopatch-wqu-signals.md
+                    - name: Windows quality end user experience
-                - name: Windows quality update communications
+                      href: operate/windows-autopatch-wqu-end-user-exp.md
+                    - name: Windows quality update signals
+                      href: operate/windows-autopatch-wqu-signals.md
+                - name: Windows feature updates
+                  href: operate/windows-autopatch-fu-overview.md
+                  items:
+                    - name: Windows feature end user experience
+                      href: operate/windows-autopatch-fu-end-user-exp.md
+                - name: Windows quality and feature update communications
                   href: operate/windows-autopatch-wqu-communications.md
-                - name: Conflicting and unsupported policies
-                  href: operate/windows-autopatch-wqu-unsupported-policies.md
             - name: Microsoft 365 Apps for enterprise
               href: operate/windows-autopatch-microsoft-365-apps-enterprise.md
             - name: Microsoft Edge
@@ -51,14 +58,21 @@
               href: operate/windows-autopatch-teams.md
         - name: Deregister a device
           href: operate/windows-autopatch-deregister-devices.md
+        - name: Un-enroll your tenant
+          href: operate/windows-autopatch-unenroll-tenant.md
         - name: Submit a support request
           href: operate/windows-autopatch-support-request.md
     - name: Reference
       href:
       items:
+        - name: Update policies
+          href:
+          items:
+            - name: Windows update policies
+              href: operate/windows-autopatch-wqu-unsupported-policies.md
+            - name: Microsoft 365 Apps for enterprise update policies
+              href: references/windows-autopatch-microsoft-365-policies.md
         - name: Privacy
           href: references/windows-autopatch-privacy.md
         - name: Windows Autopatch preview addendum
           href: references/windows-autopatch-preview-addendum.md
-
-

windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md

@@ -14,9 +14,6 @@ msreviewer: hathind
 
 # Add and verify admin contacts
 
-> [!IMPORTANT]
-> The Admin contacts blade isn't available during public preview. However, we'll use the admin contacts provided by you during public preview onboarding.
-
 There are several ways that Windows Autopatch service communicates with customers. To streamline communication and ensure we're checking with the right people when you [submit a support request](../operate/windows-autopatch-support-request.md), you must provide a set of admin contacts when you onboard with Windows Autopatch.
 
 > [!IMPORTANT]

windows/deployment/windows-autopatch/operate/index.md

@@ -14,12 +14,14 @@ msreviewer: hathind
 
 # Operating with Windows Autopatch
 
-This section includes information about Windows Autopatch update management, types of updates managed by Windows Autopatch, and how to contact the Windows Autopatch Service Engineering Team:
+This section includes information about Windows Autopatch update management, types of updates managed by Windows Autopatch, how to contact the Windows Autopatch Service Engineering Team, and un-enrolling your tenant:
 
 - [Update management](windows-autopatch-update-management.md)
 - [Windows quality updates](windows-autopatch-wqu-overview.md)
+- [Windows feature updates](windows-autopatch-fu-overview.md)
 - [Microsoft 365 Apps for enterprise updates](windows-autopatch-microsoft-365-apps-enterprise.md)
 - [Microsoft Edge updates](windows-autopatch-edge.md)
 - [Microsoft Teams updates](windows-autopatch-teams.md)
 - [Deregister devices](windows-autopatch-deregister-devices.md)
 - [Submit a support request](windows-autopatch-support-request.md)
+- [Un-enroll your tenant](windows-autopatch-unenroll-tenant.md)

windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md

@@ -0,0 +1,73 @@
+---
+title: End user experience
+description:  This article explains the Windows feature update end user experience
+ms.date: 07/11/2022
+ms.prod: w11
+ms.technology: windows
+ms.topic: conceptual
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+msreviewer: hathind
+---
+
+# End user experience
+
+Windows Autopatch aims to deploy updates predictably while minimizing the effect to end users by preventing reboots during business hours.
+
+## User notifications  
+
+In this section we'll review what an end user would see in the following three scenarios:
+
+1. Typical update experience
+2. Feature update deadline forces an update
+3. Feature update grace period
+
+> [!NOTE]
+> Windows Autopatch doesn't yet support feature updates without notifying end users.
+
+### Typical update experience
+
+In this example, we'll be discussing a device in the First ring. The Autopatch service updates the First ring’s DSS policy to target the next version of Windows 30 days after the start of the release. When the policy is applied to the device, the device will download the update, and notify end users that the new version of Windows is ready to install. The end user can either:
+
+1. Restart immediately to install the updates
+1. Schedule the installation, or
+1. Snooze (the device will attempt to install outside of active hours.)
+
+In the following example, the user schedules the restart and is notified 15 minutes prior to the scheduled restart time. The user can reschedule, if necessary, but isn't able to reschedule past the deadline.
+
+:::image type="content" source="../media/windows-feature-typical-update-experience.png" alt-text="Typical Windows feature update experience":::
+
+### Feature update deadline forces an update
+
+The following example builds on the scenario outlined in the typical user experience, but the user ignores the notification and selects snooze. Further notifications are received, which the user ignores. The device is also unable to install the updates outside of active hours.
+
+The deadline specified in the update policy is five days. Therefore, once this deadline is passed, the device will ignore the active hours and force a restart to complete the installation. The user will receive a 15-minute warning, after which, the device will install the update and restart.
+
+:::image type="content" source="../media/windows-feature-force-update.png" alt-text="Force Windows feature update":::
+
+### Feature update grace period
+
+In the following example, the user is on holiday and the device is offline beyond the feature update deadline. The user then returns to work and the device is turned back on.
+
+Since the deadline has already passed, the device is granted a two-day grace period to install the update and restart. The user will be notified of a pending installation and given options to choose from. Once the two-day grace period has expired, the user is forced to restart with a 15-minute warning notification.
+
+:::image type="content" source="../media/windows-feature-update-grace-period.png" alt-text="Window feature update grace period":::
+
+## Servicing window
+
+Windows Autopatch understands the importance of not disrupting end users but also updating the devices quickly. To achieve this goal, updates are automatically downloaded and installed at an optimal time determined by the device. Device restarts occur outside of active hours until the deadline is reached. By default, active hours are configured dynamically based on device usage patterns. If you wish to specify active hours for your organization, you can do so by deploying both the following policies:
+
+| Policy | Description |
+| ----- | ----- |
+| [Active hours start](/windows/client-management/mdm/policy-csp-update#update-activehoursstart) | This policy controls the start of the protected window where devices won't restart. Supported values are from zero through to 23. Zero is 12∶00AM, representing the hours of the day in local time on that device. |
+| [Active hours end](/windows/client-management/mdm/policy-csp-update#update-activehoursend) | This policy controls the end of the protected window where devices won't restart. Supported values are from zero through to 23. Zero is 12∶00AM, representing the hours of the day in local time on that device. This value can be no more than 12 hours after the time set in active hours start. |
+
+> [!IMPORTANT]
+> Both policies must be deployed for them to work as expected.
+
+A device won't restart during active hours unless it has passed the date specified by the update deadline policy. Once the device has passed the deadline policy, the device will update as soon as possible.
+
+> [!IMPORTANT]
+> If your devices must be updated at a specific date or time, they aren't suitable for Windows Autopatch. Allowing you to choose specific dates to update devices would disrupt the rollout schedule and prevent us from delivering the service level objective. The use of any of the following CSPs on a managed device will render it ineligible for management: <ul><li>[Update/ScheduledInstallDay](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday)</li><li>[Update/ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek)</li><li>[Update/ScheduledInstallFirstWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek)</li><li>[Update/ScheduledInstallFourthWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek)</li><li>[Update/ScheduledInstallSecondWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek)</li><li>[Update/ScheduledInstallThirdWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek)</li><li>[Update/ScheduledInstallTime](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime)</li></ul>

windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md

@@ -0,0 +1,106 @@
+---
+title: Windows feature updates
+description:  This article explains how Windows feature updates are managed in Autopatch
+ms.date: 07/11/2022
+ms.prod: w11
+ms.technology: windows
+ms.topic: conceptual
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+msreviewer: hathind
+---
+
+# Windows feature updates
+
+## Service level objective
+
+Windows Autopatch aims to keep at least 99% of eligible devices on a supported version of Windows so that they can continue receiving Windows feature updates.
+
+## Device eligibility
+
+For a device to be eligible for Windows feature updates as a part of Windows Autopatch it must meet the following criteria:
+
+| Criteria | Description |
+| ----- | ----- |
+| Activity | Devices must have at least six hours of usage, with at least two hours being continuous since the start of the update. |
+| Intune sync | Devices must have checked with Intune within the last five days. |
+| Storage space | Devices must have more than one GB (GigaBytes) of free storage space. |
+| Deployed | Windows Autopatch doesn't update devices that haven't yet been deployed. |
+| Internet connectivity | Devices must have a steady internet connection, and access to Windows [update endpoints](../prepare/windows-autopatch-configure-network.md). |
+| Windows edition | Devices must be on a Windows edition supported by Windows Autopatch. For more information, see [Prerequisites](../prepare/windows-autopatch-prerequisites.md). |
+| Mobile device management (MDM) policy conflict | Devices must not have deployed any policies that would prevent device management. For more information, see [Conflicting and unsupported policies](../operate/windows-autopatch-wqu-unsupported-policies.md). |
+| Group policy conflict | Devices must not have group policies deployed which would prevent device management. For more information, see [Group policy](windows-autopatch-wqu-unsupported-policies.md#group-policy) |
+
+## Windows feature update releases
+
+When the service decides to move to a new version of Windows, the following update schedule is indicative of the minimum amount of time between rings during a rollout.
+
+The final release schedule is communicated prior to release and may vary a little from the following schedule to account for business weeks or other scheduling considerations. For example, Autopatch may decide to release to the Fast Ring after 62 days instead of 60, if 60 days after the release start was a weekend.  
+
+| Ring | Timeline |
+| ----- | ----- |
+| Test | Release start |
+| First | Release start + 30 days |
+| Fast | Release start + 60 days |
+| Broad | Release start + 90 days |
+
+:::image type="content" source="../media/windows-feature-release-process-timeline.png" alt-text="Windows feature release timeline":::
+
+## New devices to Windows Autopatch
+
+If a device is enrolled and it's below Autopatch's currently targeted Windows feature update, that device will update to the service's target version within five days of meeting eligibility criteria.  
+
+If a device is enrolled and it's on, or above the currently targeted Windows feature update, there won't be any change to that device.  
+
+## Feature update configuration
+
+When releasing a feature update, there are two policies that are configured by the service to create the update schedule described in the previous section. You’ll see four of each of the following policies in your tenant, one for each ring:  
+
+- **Modern Workplace DSS Policy**: This policy is used to control the target version of Windows.  
+- **Modern Workplace Update Policy**: This policy is used to control deferrals and deadlines for feature and quality updates.  
+
+| Ring | Target version (DSS) Policy | Feature update deferral | Feature update deadline | Feature update grace period |
+| ----- | ----- | ----- | ----- | ----- |
+| Test | 21H2 | 0 | 5 | 0 |
+| First | 21H2 | 0 | 5 | 0 |
+| Fast | 21H2 | 0 | 5 | 2 |
+| Broad | 21H2 | 0 | 5 | 2 |
+
+> [!NOTE]
+> Customers are not able to select a target version for their tenant.
+
+During a release, the service modifies the Modern Workplace DSS policy to change the target version for a specific ring in Intune. That change is deployed to devices and updates the devices prior to the update deadline.  
+
+To understand how devices will react to the change in the Modern Workplace DSS policy, it's important to understand how deferral, deadline, and grace periods effect devices.
+
+| Policy | Description |
+| ----- | ----- |
+| [Deferrals](/windows/client-management/mdm/policy-csp-update#update-deferqualityupdatesperiodindays) | The deferral policy determines how many days after a release the feature update is offered to a device. The service maximizes control over feature updates by creating individual DSS policies for each ring and modifying the ring's DSS policy to change the target update version. Therefore, the feature update deferral policy for all rings is set to zero days so that a change in the DSS policy is released as soon as possible.   |
+| [Deadlines](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays)    | Before the deadline, restarts can be scheduled by users or automatically scheduled outside of active hours. After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule. The deadline for a specific device is set to be the specified number of days after the update is offered to the device.  |
+| [Grace periods](/windows/client-management/mdm/policy-csp-update#update-configuredeadlinegraceperiod) | This policy specifies a minimum number of days after an update is downloaded until the device is automatically restarted. This policy overrides the deadline policy so that if a user comes back from vacation, it prevents the device from forcing a restart to complete the update as soon as it comes online.  |
+
+> [!IMPORTANT]
+> Deploying deferral, deadline, or grace period policies which conflict with Autopatch's policies will render a device ineligible for management. Also, if any update related to group policy settings are detected, the device will also be ineligible for management.
+
+## Windows 11 testing
+
+To allow customers to test Windows 11 in their environment, there's a separate DSS policy that enables you to test Windows 11 before broadly adopting within your environment. When you add devices to the **Modern Workplace - Windows 11 Pre-Release Test Devices** group they'll update to Windows 11.  
+
+> [!IMPORTANT]
+> This group is intended for testing purposes only and shouldn't be used to broadly update to Windows 11 in your environment.
+
+## Pausing and resuming a release
+
+You can pause or resume a Windows feature update from the Release management tab in Microsoft Endpoint Manager.
+
+## Rollback
+
+Windows Autopatch doesn't support the rollback of feature updates.
+
+## Incidents and outages
+
+If devices in your tenant aren't meeting the [service level objective](#service-level-objective) for Windows feature updates, Autopatch will raise an incident will be raised. The Windows Autopatch Service Engineering Team will work to bring those devices onto the latest version of Windows.
+
+If you're experiencing other issues related to Windows feature updates, [submit a support request](../operate/windows-autopatch-support-request.md).

windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md

@@ -82,24 +82,6 @@ Windows Autopatch will either:
 
 Since quality updates are bundled together into a single release in the [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview), we can't roll back only a portion of the update for Microsoft 365 Apps for enterprise.  
 
-## Conflicting and unsupported policies
-
-Deploying any of the following policies to a managed device will make that device ineligible for management since the device will prevent us from delivering the service as designed.
-
-### Update policies
-
-Window Autopatch deploys mobile device management (MDM) policies to configure Microsoft 365 Apps and requires a specific configuration. If any [Microsoft 365 Apps update settings](/deployoffice/configure-update-settings-microsoft-365-apps) are deployed which conflict with our policies, then the device won't be eligible for management.
-
-| Update setting | Value | Usage reason |
-| ----- | ----- | ----- |
-| Set updates to occur automatically | Enabled | Enable automatic updates |
-| Specify a location to look for updates | Blank | Don't use this setting since it overwrites the update branch |
-| Update branch | Monthly Enterprise | Supported branch for Windows Autopatch |
-| Specify the version of Microsoft 365 Apps to update to | Variable | Used to roll back to a previous version if an error occurs |
-| Set a deadline by when updates must be applied | 3 | Update deadline |
-| Hide update notifications from users | Turned off | Users should be notified when Microsoft 365 Apps are being updated |
-| Hide the option to turn on or off automatic Office updates | Turned on | Prevents users from disabling automatic updates |
-
 ## Compatibility with Servicing Profiles
 
 [Servicing profiles](/deployoffice/admincenter/servicing-profile) is a feature in the [Microsoft 365 Apps admin center](https://config.office.com/) that provides controlled update management of monthly Office updates, including controls for user and device targeting, scheduling, rollback, and reporting.

windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md

@@ -0,0 +1,59 @@
+---
+title: Un-enroll your tenant
+description:  This article explains what this means for your organization and what actions you must take. 
+ms.date: 07/11/2022
+ms.prod: w11
+ms.technology: windows
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+msreviewer: hathind
+---
+
+# Un-enroll your tenant
+
+If you're looking to unenroll your tenant from Windows Autopatch, this article details what this means for your organization and what actions you must take.
+
+> [!IMPORTANT]
+> You must be a Global Administrator to unenroll your tenant.
+
+Un-enrolling from Windows Autopatch requires manual actions from both you and from the Windows Autopatch Service Engineering Team. The Windows Autopatch Service Engineering Team will:  
+
+- Remove Windows Autopatch access to your tenant.
+- Deregister your devices from the Windows Autopatch service. Deregistering your devices from Windows Autopatch will not remove your devices from Intune, Azure AD or Configuration Manager. The Windows Autopatch Service Engineering Team follows the same process and principles as laid out in Deregister a device.
+- Delete all data that we have stored in the Windows Autopatch data storage.
+
+> [!NOTE]
+> We will **not** delete any of your customer or Intune data.
+
+## Microsoft's responsibilities during un-enrollment
+
+| Responsibility | Description |
+| ----- | ----- |
+| Windows Autopatch data | Windows Autopatch will delete user data that is within the Windows Autopatch service. We won’t make changes to any other data. For more information about how data is used in Windows Autopatch, see [Privacy](../references/windows-autopatch-privacy.md). |
+| Windows Autopatch cloud service accounts | Windows Autopatch will remove the cloud service accounts created during the enrollment process. The accounts are: MsAdmin, MsAdminInt and MsTest. |
+| Conditional access policy | Windows Autopatch will remove the Modern Workplace – Secure Workstation conditional access policy. |
+| Microsoft Endpoint Manager roles | Windows Autopatch will remove the Modern Workplace Intune Admin role. |
+
+## Your responsibilities after un-enrolling your tenant
+
+| Responsibility | Description |
+| ----- | ----- |
+| Licenses | You're responsible for business continuity after unenrolling from Windows Autopatch. This includes responsibility for licensing renewals and reassignment as deemed appropriate. |
+| Data | Windows Autopatch will not make changes to your data. |
+| Updates | After the Windows Autopatch service is unenrolled, we’ll no longer provide updates to your devices.  You must ensure that your devices continue to receive updates through your own policies to ensure they are secure and up to date. |
+| Optional Windows Autopatch configuration | Windows Autopatch won’t remove the configuration policies used to enable updates on your devices.  You can take the responsibilities for these policies following tenant unenrollment.  If you don’t wish to use these policies for your devices after unenrollment, you may safely delete them. |
+
+## Un-enroll from Windows Autopatch
+
+**To un-enroll from Windows Autopatch:**
+
+1. [Submit a support request](windows-autopatch-support-request.md) and request to unenroll from the Windows Autopatch service.
+1. The Windows Autopatch Service Engineering Team will communicate with your IT Administrator to confirm your intent to un-enroll from the service.  
+1. You will have 14 days to review and confirm the communication sent by the Windows Autopatch Service Engineering Team.
+1. The Windows Autopatch Service Engineering Team can proceed sooner than 14 days if your confirmation arrives sooner.
+1. The Windows Autopatch Service Engineering Team will proceed with the removal of all items listed under [Microsoft responsibilities during un-enrollment](#microsofts-responsibilities-during-un-enrollment).
+1. The Windows Autopatch Service Engineering Team will inform you when un-enrollment is complete.
+1. You’re responsible for the items listed under [Your responsibilities after un-enrolling your tenant](#your-responsibilities-after-un-enrolling-your-tenant).

windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md

@@ -1,7 +1,7 @@
 ---
-title: What is Windows Autopatch? (preview)
+title: What is Windows Autopatch?
 description:  Details what the service is and shortcuts to articles
-ms.date: 05/30/2022
+ms.date: 07/11/2022
 ms.prod: w11
 ms.technology: windows
 ms.topic: conceptual
@@ -12,10 +12,7 @@ manager: dougeby
 msreviewer: hathind
 ---
 
-# What is Windows Autopatch? (preview)
+# What is Windows Autopatch?
-
-> [!IMPORTANT]
-> **Windows Autopatch is in public preview**. It's actively being developed and may not be complete. You can test and use these features in production environments and [provide feedback](https://go.microsoft.com/fwlink/?linkid=2195593) or start a discussion in our [Windows Autopatch Tech Community](https://aka.ms/Community/WindowsAutopatch).
 
 Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization.
 

windows/deployment/windows-autopatch/prepare/index.md

@@ -19,4 +19,4 @@ The following articles describe the steps you must take to onboard with Windows
 1. [Review the prerequisites](windows-autopatch-prerequisites.md)
 1. [Configure your network](windows-autopatch-configure-network.md)
 1. [Enroll your tenant](windows-autopatch-enroll-tenant.md)
-1. [Fix issues found in the Readiness assessment tool](windows-autopatch-fix-issues.md)
+    1. [Fix issues found in the Readiness assessment tool](windows-autopatch-fix-issues.md)

windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md

@@ -0,0 +1,33 @@
+---
+title: Microsoft 365 Apps for enterprise update policies
+description:  This article explains the Microsoft 365 Apps for enterprise policies in Windows Autopatch
+ms.date: 07/11/2022
+ms.prod: w11
+ms.technology: windows
+ms.topic: conceptual
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+msreviewer: hathind
+---
+
+# Microsoft 365 Apps for enterprise update policies
+
+## Conflicting and unsupported policies
+
+Deploying any of the following policies to a managed device will make that device ineligible for management since the device will prevent us from delivering the service as designed.
+
+### Update policies
+
+Window Autopatch deploys mobile device management (MDM) policies to configure Microsoft 365 Apps and requires a specific configuration. If any [Microsoft 365 Apps update settings](/deployoffice/configure-update-settings-microsoft-365-apps) are deployed which conflict with our policies, then the device won't be eligible for management.
+
+| Update setting | Value | Usage reason |
+| ----- | ----- | ----- |
+| Set updates to occur automatically | Enabled | Enable automatic updates |
+| Specify a location to look for updates | Blank | Don't use this setting since it overwrites the update branch |
+| Update branch | Monthly Enterprise | Supported branch for Windows Autopatch |
+| Specify the version of Microsoft 365 Apps to update to | Variable | Used to roll back to a previous version if an error occurs |
+| Set a deadline by when updates must be applied | 3 | Update deadline |
+| Hide update notifications from users | Turned off | Users should be notified when Microsoft 365 Apps are being updated |
+| Hide the option to turn on or off automatic Office updates | Turned on | Prevents users from disabling automatic updates |