Update windows-autopatch-update-management.md

Reviewed.
2025-06-19 12:23:37 +00:00 · 2022-08-05 20:48:56 -07:00
parent aa0bc31fd3
commit a4b05ba765
1 changed files with 26 additions and 22 deletions
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md
@ -1,7 +1,7 @@
 ---
-title: Update management
+title: Software update management
 description:  This article provides an overview of how updates are handled in Autopatch
-ms.date: 08/05/2022
+ms.date: 08/08/2022
 ms.prod: w11
 ms.technology: windows
 ms.topic: overview
@ -12,7 +12,7 @@ manager: dougeby
 msreviewer: andredm7
 ---
-# Software updates management
+# Software update management
 Keeping your devices up to date is a balance of speed and stability. Windows Autopatch connects all devices to a modern cloud-based infrastructure to manage updates on your behalf.
@ -31,21 +31,19 @@ Keeping your devices up to date is a balance of speed and stability. Windows Aut
 During the [tenant enrollment process](../prepare/windows-autopatch-enroll-tenant.md), Windows Autopatch creates four Azure AD assigned groups that are used to segment devices into its deployment rings:
-1. **Modern Workplace Devices-Windows Autopatch-Test**
+| Ring | Description |
-	1. Deployment ring for testing update deployments prior production rollout.
+| ----- | ----- |
-2. **Modern Workplace Devices-Windows Autopatch-First**
+| **Modern Workplace Devices-Windows Autopatch-Test** | Deployment ring for testing update deployments prior production rollout.|
-	1. First production deployment ring for early adopters.
+| **Modern Workplace Devices-Windows Autopatch-First** | First production deployment ring for early adopters.|
-3. **Modern Workplace Devices-Windows Autopatch-Fast**
+| **Modern Workplace Devices-Windows Autopatch-Fast** | Fast deployment ring for quick rollout and adoption. |
-	1. Fast deployment ring for quick rollout and adoption.
+| **Modern Workplace Devices-Windows Autopatch-Broad** | Final deployment ring for broad rollout into the organization. |
 4. **Modern Workplace Devices-Windows Autopatch-Broad**
 	1. Final deployment ring for broad rollout into the organization.
 Each deployment ring has a different set of update deployment policies to control the updates rollout.
 > [!IMPORTANT]
-> Windows Autopatch device registration does not assign devices to its test deployment ring (**Modern Workplace Devices-Windows Autopatch-Test**). This is intended to prevent having mission critical devices or devices that are used by executives in the organization from receiving early software update deployments.
+> Windows Autopatch device registration doesn't assign devices to its test deployment ring (**Modern Workplace Devices-Windows Autopatch-Test**). This is intended to prevent devices that are essential to a business from being affected or devices that are used by executives from receiving early software update deployments.
-Also, during the [device registration process](../deploy/windows-autopatch-device-registration-overview.md), Windows Autopatch assigns each device being registered to one of its deployment rings so that the service have the proper representation of the device diversity across the organization in each deployment ring. The deployment ring distribution is designed to release software update deployments to as few devices as possible to get the signals needed to make a quality evaluation of a given update deployment.
+Also, during the [device registration process](../deploy/windows-autopatch-device-registration-overview.md), Windows Autopatch assigns each device being registered to one of its deployment rings so that the service has the proper representation of the device diversity across the organization in each deployment ring. The deployment ring distribution is designed to release software update deployments to as few devices as possible to get the signals needed to make a quality evaluation of a given update deployment.
 > [!NOTE]
 > Windows Autopatch deployment rings only apply to Windows quality updates. Additionally, you can't create additional deployment rings or use your own for devices managed by the Windows Autopatch service.
@ -58,16 +56,18 @@ The Windows Autopatch deployment ring calculation happens during the [device reg
 - If the Windows Autopatch tenant’s existing managed device size is **>200**, the deployment ring assignment will be First **(1%)**, Fast **(9%)**, remaining devices go to the Broad ring **(90%)**.
-| Deployment ring | Default device balancing percentage | Description
+| Deployment ring | Default device balancing percentage | Description |
 | ----- | ----- | ----- |
-| Test | **zero** | Windows Autopatch doesn't automatically add devices to this deployment ring. You must manually add devices to the Test ring. The recommended number of devices in this ring, based upon your environment size, is as follows: <br><ul><li>**0–500** devices: minimum **one** device.</li><li>**500–5000** devices: minimum **five** devices.</li><li>**5000+** devices: minimum **50** devices.</li></ul>Devices in this group are intended for your IT Administrators and testers since changes are released here first. This release schedule provides your organization the opportunity to validate updates prior to reaching production users. |
+| Test | **zero** | Windows Autopatch doesn't automatically add devices to this deployment ring. You must manually add devices to the Test ring. The recommended number of devices in this ring, based upon your environment size, is as follows:<br><ul><li>**0–500** devices: minimum **one** device.</li><li>**500–5000** devices: minimum **five** devices.</li><li>**5000+** devices: minimum **50** devices.</li></ul>Devices in this group are intended for your IT Administrators and testers since changes are released here first. This release schedule provides your organization the opportunity to validate updates prior to reaching production users. |
 | First |  **1%** | The First ring is the first group of production users to receive a change.<p><p>This group is the first set of devices to send data to Windows Autopatch and are used to generate a health signal across all end-users. For example, Windows Autopatch can generate a statistically significant signal saying that critical errors are trending up in a specific release for all end-users, but can't be confident that it's doing so in your organization.<p><p>Since Windows Autopatch doesn't yet have sufficient data to inform a release decision, devices in this deployment ring might experience outages if there are scenarios that weren't covered during early testing in the Test ring.|
 | Fast | **9%** | The Fast ring is the second group of production users to receive changes. The signals from the First ring are considered as a part of the release process to the Broad ring.<p><p>The goal with this deployment ring is to cross the **500**-device threshold needed to generate statistically significant analysis at the tenant level. These extra devices allow Windows Autopatch to consider the effect of a release on the rest of your devices and evaluate if a targeted action for your tenant is needed.</p> |
 | Broad | Either **80%** or **90%** | The Broad ring is the last group of users to receive software update deployments. Since it contains most of the devices registered with Windows Autopatch, it favors stability over speed in an software update deployment.|
 ## Moving devices in between deployment rings
-If you want to move separate devices to different deployment rings, after Windows Autopatch's deployment ring assignment, you can repeat the following steps for one or more devices from the **Ready** tab:
+If you want to move separate devices to different deployment rings, after Windows Autopatch's deployment ring assignment, you can repeat the following steps for one or more devices from the **Ready** tab.
 **To move devices in between deployment rings:**
 1. In Microsoft Endpoint Manager, select **Devices** in the left pane.
 2. In the **Windows Autopatch** section, select **Devices**.
@ -83,13 +83,17 @@ When the assignment is complete, the **Ring assigned by** column changes to **Ad
 ## Automated deployment ring remediation functions
-Windows Autopatch monitors device membership in its deployment rings (all but the **Modern Workplace Devices-Windows Autopatch-Test**) to provide automated deployment ring remediation functions to mitigate the risk of not having its managed devices being part of one of its deployment rings.
+Windows Autopatch monitors device membership in its deployment rings, except for the **Modern Workplace Devices-Windows Autopatch-Test** ring, to provide automated deployment ring remediation functions to mitigate the risk of not having its managed devices being part of one of its deployment rings. These automated functions help mitigate risk of potentially having devices in a vulnerable state, and exposed to security threats in case they're not receiving update deployments due to either:
 These automated functions help mitigate risk of potentially having devices in a vulnerable state, and exposed to security threats in case they're not receiving update deployments due to either changes performed by the IT admin on objects created by the Windows Autopatch tenant enrollment process or in case an issue occurred which prevented devices from getting a deployment rings assigned during the [device registration process](../deploy/windows-autopatch-device-registration-overview.md).
-There are two automated deployment ring remediation functions, they work as follows:
+- Changes performed by the IT admin on objects created by the Windows Autopatch tenant enrollment process, or
 - An issue occurred which prevented devices from getting a deployment rings assigned during the [device registration process](../deploy/windows-autopatch-device-registration-overview.md).
- **Check Device Deployment Ring Membership:** Every hour, Windows Autopatch checks to see if its managed devices are not part of one of the deployment rings. When for some reason, a device is not part of a deployment ring, Windows Autopatch randomly assigns the device to one of its deployment rings (all but the **Modern Workplace Devices-Windows Autopatch-Test**).
+There are two automated deployment ring remediation functions:
- **Multi-deployment ring device remediator:** Every hour, Windows Autopatch checks to see if its managed devices are part of multiple deployment rings (all but the **Modern Workplace Devices-Windows Autopatch-Test**). When for some reason, a device is part of multiple deployment rings, Windows Autopatch randomly removes device of one or more deployment rings until the device is only part of one deployment ring.
+
 | Function | Description |
 | ----- | ----- |
 | **Check Device Deployment Ring Membership** | Every hour, Windows Autopatch checks to see if any of its managed devices aren't part of one of the deployment rings. If, for some reason, a device isn't part of a deployment ring, Windows Autopatch randomly assigns the device to one of its deployment rings (except for the **Modern Workplace Devices-Windows Autopatch-Test** ring). |
 | **Multi-deployment ring device remediator:**| Every hour, Windows Autopatch checks to see if any of its managed devices are part of multiple deployment rings (except for the **Modern Workplace Devices-Windows Autopatch-Test** ring). If, for some reason, a device is part of multiple deployment rings, Windows Autopatch randomly removes device of one or more deployment rings until the device is only part of one deployment ring.|
 > [!IMPORTANT]
-> Windows Autopatch automated deployment ring functions do not assign/remove devices to/from its test deployment ring (**Modern Workplace Devices-Windows Autopatch-Test**).
+> Windows Autopatch automated deployment ring functions doesn't assign or remove devices to or from the **Modern Workplace Devices-Windows Autopatch-Test** ring.