From 8dcfa37ade97e254ba7b0d525185277d1b0ed1d9 Mon Sep 17 00:00:00 2001 From: ansonhsho Date: Fri, 24 Jun 2022 07:44:05 -0700 Subject: [PATCH 1/7] Update to include SE customizations settings Updated wallpaper and lock screen image customization settings based on Carlos Brito's suggestions --- education/windows/windows-11-se-settings-list.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/education/windows/windows-11-se-settings-list.md b/education/windows/windows-11-se-settings-list.md index 0e70e1cad2..2415619fce 100644 --- a/education/windows/windows-11-se-settings-list.md +++ b/education/windows/windows-11-se-settings-list.md @@ -45,7 +45,9 @@ The following table lists and describes the settings that can be changed by admi | Block external extensions | Default: Blocked

In Microsoft Edge, users can't install external extensions.

[BlockExternalExtensions](/DeployEdge/microsoft-edge-policies#blockexternalextensions)| | Configure new tab page | Default: `Office.com`

In Microsoft Edge, the new tab page defaults to `office.com`.

[Configure the new tab page URL](/DeployEdge/microsoft-edge-policies#configure-the-new-tab-page-url)| | Configure homepage | Default: `Office.com`

In Microsoft Edge, the homepage defaults to `office.com`.

[HomepageIsNewTabPage](/DeployEdge/microsoft-edge-policies#homepageisnewtabpage)| -| Prevent SmartScreen prompt override | Default: Enabled

In Microsoft Edge, users can't override Windows Defender SmartScreen warnings.

[PreventSmartScreenPromptOverride](/DeployEdge/microsoft-edge-policies#preventsmartscreenpromptoverride)| +| Prevent SmartScreen prompt override | Default: Enabled

In Microsoft Edge, users can't override Windows Defender SmartScreen warnings.

[PreventSmartScreenPromptOverride](/DeployEdge/microsoft-edge-policies#preventsmartscreenpromptoverride)|\ +| Wallpaper Image Customization | Default:

Specify a jpg, jpeg or png image to be used as Desktop Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.

[DesktopImageUrl](/windows/client-management/mdm/personalization-csp)| +| Lock Screen Image Customization | Default:

Specify a jpg, jpeg or png image to be used as Lock Screen Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.

[LockScreenImageUrl](/windows/client-management/mdm/personalization-csp)| ## Settings that can't be changed From efb9f3d5ec6c179a9abae71959552611a9f9494e Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 24 Jun 2022 09:57:06 -0700 Subject: [PATCH 2/7] fix syntax error and cleanup syntax --- .../windows/windows-11-se-settings-list.md | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/education/windows/windows-11-se-settings-list.md b/education/windows/windows-11-se-settings-list.md index 2415619fce..2db2717126 100644 --- a/education/windows/windows-11-se-settings-list.md +++ b/education/windows/windows-11-se-settings-list.md @@ -30,24 +30,24 @@ The following table lists and describes the settings that can be changed by admi | Setting | Description | | --- | --- | -| Block manual unenrollment | Default: Blocked

Users can't unenroll their devices from device management services.

[Experience/AllowManualMDMUnenrollment CSP](/windows/client-management/mdm/policy-csp-experience#experience-allowmanualmdmunenrollment)| -| Allow option to Show Network | Default: Allowed

Gives users the option to see the **Show Network** folder in File Explorer. | -| Allow option to Show This PC | Default: Allowed

Gives user the option to see the **Show This PC** folder in File Explorer. | -| Set Allowed Folder location | Default folders: Documents, Desktop, Pictures, and Downloads

Gives user access to these folders. | -| Set Allowed Storage Locations | Default: Blocks Local Drives and Network Drives

Blocks user access to these storage locations. | -| Allow News and Interests | Default: Hide

Hides Widgets. | -| Disable advertising ID | Default: Disabled

Blocks apps from using usage data to tailor advertisements.

[Privacy/DisableAdvertisingId CSP](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | -| Visible settings pages | Default:

| -| Enable App Install Control | Default: Turned On

Users can’t download apps from the internet.

[SmartScreen/EnableAppInstallControl CSP](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol)| -| Configure Storage Sense Cloud Content Dehydration Threshold | Default: 30 days

If a file hasn’t been opened in 30 days, it becomes an online-only file. Online-only files can be opened when there's an internet connection. When an online-only file is opened on a device, it downloads and becomes locally available on that device. The file is available until it's unopened for the specified number of days, and becomes online-only again.

[Storage/ConfigStorageSenseCloudContentDehydrationThreshold CSP](/windows/client-management/mdm/policy-csp-storage#storage-configstoragesensecloudcontentdehydrationthreshold) | -| Allow Telemetry | Default: Required Telemetry Only

Sends only basic device info, including quality-related data, app compatibility, and similar data to keep the device secure and up-to-date.

[System/AllowTelemetry CSP](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | -| Allow Experimentation | Default: Disabled

Microsoft can't experiment with the product to study user preferences or device behavior.

[System/AllowExperimentation CSP](/windows/client-management/mdm/policy-csp-system#system-allowexperimentation) | -| Block external extensions | Default: Blocked

In Microsoft Edge, users can't install external extensions.

[BlockExternalExtensions](/DeployEdge/microsoft-edge-policies#blockexternalextensions)| -| Configure new tab page | Default: `Office.com`

In Microsoft Edge, the new tab page defaults to `office.com`.

[Configure the new tab page URL](/DeployEdge/microsoft-edge-policies#configure-the-new-tab-page-url)| -| Configure homepage | Default: `Office.com`

In Microsoft Edge, the homepage defaults to `office.com`.

[HomepageIsNewTabPage](/DeployEdge/microsoft-edge-policies#homepageisnewtabpage)| -| Prevent SmartScreen prompt override | Default: Enabled

In Microsoft Edge, users can't override Windows Defender SmartScreen warnings.

[PreventSmartScreenPromptOverride](/DeployEdge/microsoft-edge-policies#preventsmartscreenpromptoverride)|\ -| Wallpaper Image Customization | Default:

Specify a jpg, jpeg or png image to be used as Desktop Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.

[DesktopImageUrl](/windows/client-management/mdm/personalization-csp)| -| Lock Screen Image Customization | Default:

Specify a jpg, jpeg or png image to be used as Lock Screen Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.

[LockScreenImageUrl](/windows/client-management/mdm/personalization-csp)| +| Block manual unenrollment | Default: Blocked

Users can't unenroll their devices from device management services.

[Experience/AllowManualMDMUnenrollment CSP](/windows/client-management/mdm/policy-csp-experience#experience-allowmanualmdmunenrollment) | +| Allow option to Show Network | Default: Allowed

Gives users the option to see the **Show Network** folder in File Explorer. | +| Allow option to Show This PC | Default: Allowed

Gives user the option to see the **Show This PC** folder in File Explorer. | +| Set Allowed Folder location | Default folders: Documents, Desktop, Pictures, and Downloads

Gives user access to these folders. | +| Set Allowed Storage Locations | Default: Blocks Local Drives and Network Drives

Blocks user access to these storage locations. | +| Allow News and Interests | Default: Hide

Hides Widgets. | +| Disable advertising ID | Default: Disabled

Blocks apps from using usage data to tailor advertisements.

[Privacy/DisableAdvertisingId CSP](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | +| Visible settings pages | Default:

| +| Enable App Install Control | Default: Turned On

Users can't download apps from the internet.

[SmartScreen/EnableAppInstallControl CSP](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol)| +| Configure Storage Sense Cloud Content Dehydration Threshold | Default: 30 days

If a file hasn't been opened in 30 days, it becomes an online-only file. Online-only files can be opened when there's an internet connection. When an online-only file is opened on a device, it downloads and becomes locally available on that device. The file is available until it's unopened for the specified number of days, and becomes online-only again.

[Storage/ConfigStorageSenseCloudContentDehydrationThreshold CSP](/windows/client-management/mdm/policy-csp-storage#storage-configstoragesensecloudcontentdehydrationthreshold) | +| Allow Telemetry | Default: Required Telemetry Only

Sends only basic device info, including quality-related data, app compatibility, and similar data to keep the device secure and up-to-date.

[System/AllowTelemetry CSP](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | +| Allow Experimentation | Default: Disabled

Microsoft can't experiment with the product to study user preferences or device behavior.

[System/AllowExperimentation CSP](/windows/client-management/mdm/policy-csp-system#system-allowexperimentation) | +| Block external extensions | Default: Blocked

In Microsoft Edge, users can't install external extensions.

[BlockExternalExtensions](/DeployEdge/microsoft-edge-policies#blockexternalextensions) | +| Configure new tab page | Default: `Office.com`

In Microsoft Edge, the new tab page defaults to `office.com`.

[Configure the new tab page URL](/DeployEdge/microsoft-edge-policies#configure-the-new-tab-page-url) | +| Configure homepage | Default: `Office.com`

In Microsoft Edge, the homepage defaults to `office.com`.

[HomepageIsNewTabPage](/DeployEdge/microsoft-edge-policies#homepageisnewtabpage) | +| Prevent SmartScreen prompt override | Default: Enabled

In Microsoft Edge, users can't override Windows Defender SmartScreen warnings.

[PreventSmartScreenPromptOverride](/DeployEdge/microsoft-edge-policies#preventsmartscreenpromptoverride) | +| Wallpaper Image Customization | Default:

Specify a jpg, jpeg or png image to be used as Desktop Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.

[DesktopImageUrl](/windows/client-management/mdm/personalization-csp) | +| Lock Screen Image Customization | Default:

Specify a jpg, jpeg or png image to be used as Lock Screen Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.

[LockScreenImageUrl](/windows/client-management/mdm/personalization-csp) | ## Settings that can't be changed From b32e0ad39af86be61f743423fbb05645fb5be3c1 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 24 Jun 2022 10:32:41 -0700 Subject: [PATCH 3/7] style tweaks --- education/windows/windows-11-se-settings-list.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/education/windows/windows-11-se-settings-list.md b/education/windows/windows-11-se-settings-list.md index 2db2717126..b2b9df5de8 100644 --- a/education/windows/windows-11-se-settings-list.md +++ b/education/windows/windows-11-se-settings-list.md @@ -34,20 +34,20 @@ The following table lists and describes the settings that can be changed by admi | Allow option to Show Network | Default: Allowed

Gives users the option to see the **Show Network** folder in File Explorer. | | Allow option to Show This PC | Default: Allowed

Gives user the option to see the **Show This PC** folder in File Explorer. | | Set Allowed Folder location | Default folders: Documents, Desktop, Pictures, and Downloads

Gives user access to these folders. | -| Set Allowed Storage Locations | Default: Blocks Local Drives and Network Drives

Blocks user access to these storage locations. | -| Allow News and Interests | Default: Hide

Hides Widgets. | +| Set Allowed Storage Locations | Default: Blocks local drives and network drives

Blocks user access to these storage locations. | +| Allow News and Interests | Default: Hide

Hides widgets. | | Disable advertising ID | Default: Disabled

Blocks apps from using usage data to tailor advertisements.

[Privacy/DisableAdvertisingId CSP](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | | Visible settings pages | Default:

| -| Enable App Install Control | Default: Turned On

Users can't download apps from the internet.

[SmartScreen/EnableAppInstallControl CSP](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol)| -| Configure Storage Sense Cloud Content Dehydration Threshold | Default: 30 days

If a file hasn't been opened in 30 days, it becomes an online-only file. Online-only files can be opened when there's an internet connection. When an online-only file is opened on a device, it downloads and becomes locally available on that device. The file is available until it's unopened for the specified number of days, and becomes online-only again.

[Storage/ConfigStorageSenseCloudContentDehydrationThreshold CSP](/windows/client-management/mdm/policy-csp-storage#storage-configstoragesensecloudcontentdehydrationthreshold) | +| Enable App Install Control | Default: Turned On

Users can't download apps from the internet.

[SmartScreen/EnableAppInstallControl CSP](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol)| +| Configure Storage Sense Cloud Content Dehydration Threshold | Default: 30 days

If a file hasn't been opened in 30 days, it becomes an online-only file. Online-only files can be opened when there's an internet connection. When an online-only file is opened on a device, it downloads and becomes locally available on that device. The file is available until it's unopened for the specified number of days, and becomes online-only again.

[Storage/ConfigStorageSenseCloudContentDehydrationThreshold CSP](/windows/client-management/mdm/policy-csp-storage#storage-configstoragesensecloudcontentdehydrationthreshold) | | Allow Telemetry | Default: Required Telemetry Only

Sends only basic device info, including quality-related data, app compatibility, and similar data to keep the device secure and up-to-date.

[System/AllowTelemetry CSP](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | | Allow Experimentation | Default: Disabled

Microsoft can't experiment with the product to study user preferences or device behavior.

[System/AllowExperimentation CSP](/windows/client-management/mdm/policy-csp-system#system-allowexperimentation) | | Block external extensions | Default: Blocked

In Microsoft Edge, users can't install external extensions.

[BlockExternalExtensions](/DeployEdge/microsoft-edge-policies#blockexternalextensions) | -| Configure new tab page | Default: `Office.com`

In Microsoft Edge, the new tab page defaults to `office.com`.

[Configure the new tab page URL](/DeployEdge/microsoft-edge-policies#configure-the-new-tab-page-url) | -| Configure homepage | Default: `Office.com`

In Microsoft Edge, the homepage defaults to `office.com`.

[HomepageIsNewTabPage](/DeployEdge/microsoft-edge-policies#homepageisnewtabpage) | +| Configure new tab page | Default: `Office.com`

In Microsoft Edge, the new tab page defaults to `Office.com`.

[Configure the new tab page URL](/DeployEdge/microsoft-edge-policies#configure-the-new-tab-page-url) | +| Configure homepage | Default: `Office.com`

In Microsoft Edge, the homepage defaults to `Office.com`.

[HomepageIsNewTabPage](/DeployEdge/microsoft-edge-policies#homepageisnewtabpage) | | Prevent SmartScreen prompt override | Default: Enabled

In Microsoft Edge, users can't override Windows Defender SmartScreen warnings.

[PreventSmartScreenPromptOverride](/DeployEdge/microsoft-edge-policies#preventsmartscreenpromptoverride) | -| Wallpaper Image Customization | Default:

Specify a jpg, jpeg or png image to be used as Desktop Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.

[DesktopImageUrl](/windows/client-management/mdm/personalization-csp) | -| Lock Screen Image Customization | Default:

Specify a jpg, jpeg or png image to be used as Lock Screen Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.

[LockScreenImageUrl](/windows/client-management/mdm/personalization-csp) | +| Wallpaper Image Customization | Default:

Specify a jpg, jpeg, or png image to be used as the desktop image. This setting can take an http or https URL to a remote image to be downloaded, a file URL to a local image.

[DesktopImageUrl](/windows/client-management/mdm/personalization-csp) | +| Lock Screen Image Customization | Default:

Specify a jpg, jpeg, or png image to be used as lock screen image. This setting can take an http or https URL to a remote image to be downloaded, a file URL to a local image.

[LockScreenImageUrl](/windows/client-management/mdm/personalization-csp) | ## Settings that can't be changed From b9b341580b84c6aa808a5d490ee958023060b2cc Mon Sep 17 00:00:00 2001 From: Andre Della Monica Date: Fri, 24 Jun 2022 15:42:12 -0500 Subject: [PATCH 4/7] Updates to Dual state AAD records --- .../windows-autopatch-register-devices.md | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index f23ef5f8ec..99fecd54da 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -1,13 +1,13 @@ --- title: Register your devices description: This article details how to register devices in Autopatch -ms.date: 06/15/2022 +ms.date: 06/24/2022 ms.prod: w11 ms.technology: windows ms.topic: how-to ms.localizationpriority: medium -author: tiaraquan -ms.author: tiaraquan +author: andredm7 +ms.author: andredm7 manager: dougeby msreviewer: andredm7 --- @@ -50,6 +50,17 @@ Azure AD groups synced up from: > [!TIP] > You can also use the **Discover Devices** button in either the Ready or Not ready tab to discover devices from the Windows Autopatch Device Registration Azure AD group on demand. +### Cleaning up dual state of Hybrid Azure AD joined and Azure registered devices in your Azure AD tenant + +[Azure AD dual state](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan#handling-devices-with-azure-ad-registered-state) happens when a device is initially connected to Azure AD as an [Azure AD Registered](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-register) device, but then as you enable Hybrid Azure AD join, the same device is connected twice to Azure AD but now as a [Hybrid Azure AD device](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-join-hybrid). + +When dual state happens, you end up having two Azure AD device records with different join types for the same device. in this case, the Hybrid Azure AD device record takes precedence over the Azure AD registered device record for any type of authentication in Azure AD, which makes the Azure AD registered device record stale. + +It's recommended to detect and clean up stale devices in Azure AD before registering devices with Windows Autopatch, see [How To: Manage state devices in Azure AD](https://docs.microsoft.com/azure/active-directory/devices/manage-stale-devices). + +> [!WARNING] +> If you don't clean up stale devices in Azure AD before registering devices with Windows Autopatch, you might end up seeing devices failing to meet the pre-requisite check **Intune or Cloud-Attached (Device must be either Intune-managed or Co-managed)** in the **Not ready** tab as it's expected that these Azure AD stale devices are not enrolled into the Intune service anymore. + ## Prerequisites for device registration To be eligible for Windows Autopatch management, devices must meet a minimum set of required software-based prerequisites: @@ -57,7 +68,7 @@ To be eligible for Windows Autopatch management, devices must meet a minimum set - [Supported Windows 10/11 Enterprise and Professional edition versions](/windows/release-health/supported-versions-windows-client) - Either [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) (personal devices aren't supported). - Managed by Microsoft Endpoint Manager. - - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) or [Co-management](../prepare/windows-autopatch-prerequisites.md#co-management-requirements). + - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) or [Configuration Manager Co-management](../prepare/windows-autopatch-prerequisites.md#co-management-requirements). - [Switch Microsoft Endpoint Manager-Configuration Manager Co-management workloads to Microsoft Endpoint Manager-Intune](/mem/configmgr/comanage/how-to-switch-workloads) (either set to Pilot Intune or Intune). This includes the following workloads: - Windows updates policies - Device configuration @@ -82,7 +93,6 @@ Windows Autopatch introduces a new user interface to help IT admins detect and t A role defines the set of permissions granted to users assigned to that role. You can use one of the following built-in roles in Windows Autopatch to register devices: - Azure AD Global Administrator -- Service Support Administrator - Intune Service Administrator - Modern Workplace Intune Administrator From 7f0bcf5c061cc73e4e98bf866407ad0484626312 Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Fri, 24 Jun 2022 13:50:40 -0700 Subject: [PATCH 5/7] Update windows-autopatch-register-devices.md Reviewed for grammar/style --- .../deploy/windows-autopatch-register-devices.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index 99fecd54da..2257dda4ce 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -50,16 +50,16 @@ Azure AD groups synced up from: > [!TIP] > You can also use the **Discover Devices** button in either the Ready or Not ready tab to discover devices from the Windows Autopatch Device Registration Azure AD group on demand. -### Cleaning up dual state of Hybrid Azure AD joined and Azure registered devices in your Azure AD tenant +### Clean up dual state of Hybrid Azure AD joined and Azure registered devices in your Azure AD tenant -[Azure AD dual state](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan#handling-devices-with-azure-ad-registered-state) happens when a device is initially connected to Azure AD as an [Azure AD Registered](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-register) device, but then as you enable Hybrid Azure AD join, the same device is connected twice to Azure AD but now as a [Hybrid Azure AD device](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-join-hybrid). +[Azure AD dual state](/azure/active-directory/devices/hybrid-azuread-join-plan#handling-devices-with-azure-ad-registered-state) happens when a device is initially connected to Azure AD as an [Azure AD Registered](/azure/active-directory/devices/concept-azure-ad-register) device. However, when you enable Hybrid Azure AD join, the same device is connected twice to Azure AD but as a [Hybrid Azure AD device](/azure/active-directory/devices/concept-azure-ad-join-hybrid). -When dual state happens, you end up having two Azure AD device records with different join types for the same device. in this case, the Hybrid Azure AD device record takes precedence over the Azure AD registered device record for any type of authentication in Azure AD, which makes the Azure AD registered device record stale. +In dual state, you end up having two Azure AD device records with different join types for the same device. In this case, the Hybrid Azure AD device record takes precedence over the Azure AD registered device record for any type of authentication in Azure AD, which makes the Azure AD registered device record stale. -It's recommended to detect and clean up stale devices in Azure AD before registering devices with Windows Autopatch, see [How To: Manage state devices in Azure AD](https://docs.microsoft.com/azure/active-directory/devices/manage-stale-devices). +It's recommended to detect and clean up stale devices in Azure AD before registering devices with Windows Autopatch, see [How To: Manage state devices in Azure AD](/azure/active-directory/devices/manage-stale-devices). > [!WARNING] -> If you don't clean up stale devices in Azure AD before registering devices with Windows Autopatch, you might end up seeing devices failing to meet the pre-requisite check **Intune or Cloud-Attached (Device must be either Intune-managed or Co-managed)** in the **Not ready** tab as it's expected that these Azure AD stale devices are not enrolled into the Intune service anymore. +> If you don't clean up stale devices in Azure AD before registering devices with Windows Autopatch, you might end up seeing devices failing to meet the **Intune or Cloud-Attached (Device must be either Intune-managed or Co-managed)** pre-requisite check in the **Not ready** tab because it's expected that these stale Azure AD devices are not enrolled into the Intune service anymore. ## Prerequisites for device registration From f7669ecbe8708607a99618cbd2e964805186467e Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Fri, 24 Jun 2022 13:51:57 -0700 Subject: [PATCH 6/7] Update windows-autopatch-register-devices.md --- .../deploy/windows-autopatch-register-devices.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index 2257dda4ce..d9c598be61 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -6,8 +6,8 @@ ms.prod: w11 ms.technology: windows ms.topic: how-to ms.localizationpriority: medium -author: andredm7 -ms.author: andredm7 +author: tiaraquan +ms.author: tiaraquan manager: dougeby msreviewer: andredm7 --- From 35ac007e4a6423017e5cece46e20724f0be71018 Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Fri, 24 Jun 2022 13:54:49 -0700 Subject: [PATCH 7/7] Update windows-autopatch-register-devices.md --- .../deploy/windows-autopatch-register-devices.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index d9c598be61..a522a08253 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -52,9 +52,9 @@ Azure AD groups synced up from: ### Clean up dual state of Hybrid Azure AD joined and Azure registered devices in your Azure AD tenant -[Azure AD dual state](/azure/active-directory/devices/hybrid-azuread-join-plan#handling-devices-with-azure-ad-registered-state) happens when a device is initially connected to Azure AD as an [Azure AD Registered](/azure/active-directory/devices/concept-azure-ad-register) device. However, when you enable Hybrid Azure AD join, the same device is connected twice to Azure AD but as a [Hybrid Azure AD device](/azure/active-directory/devices/concept-azure-ad-join-hybrid). +An [Azure AD dual state](/azure/active-directory/devices/hybrid-azuread-join-plan#handling-devices-with-azure-ad-registered-state) occurs when a device is initially connected to Azure AD as an [Azure AD Registered](/azure/active-directory/devices/concept-azure-ad-register) device. However, when you enable Hybrid Azure AD join, the same device is connected twice to Azure AD but as a [Hybrid Azure AD device](/azure/active-directory/devices/concept-azure-ad-join-hybrid). -In dual state, you end up having two Azure AD device records with different join types for the same device. In this case, the Hybrid Azure AD device record takes precedence over the Azure AD registered device record for any type of authentication in Azure AD, which makes the Azure AD registered device record stale. +In the dual state, you end up having two Azure AD device records with different join types for the same device. In this case, the Hybrid Azure AD device record takes precedence over the Azure AD registered device record for any type of authentication in Azure AD, which makes the Azure AD registered device record stale. It's recommended to detect and clean up stale devices in Azure AD before registering devices with Windows Autopatch, see [How To: Manage state devices in Azure AD](/azure/active-directory/devices/manage-stale-devices).