diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md index 178c90c544..9b156ecddd 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md @@ -1,7 +1,7 @@ --- title: Microsoft 365 Apps for enterprise -description: This article explains how Microsoft 365 Apps for enterprise updates are managed in Windows Autopatch -ms.date: 08/08/2022 +description: This article explains how Windows Autopatch manages Microsoft 365 Apps for enterprise updates +ms.date: 02/28/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: conceptual @@ -30,9 +30,9 @@ For a device to be eligible for Microsoft 365 Apps for enterprise updates (both ## Update release schedule -All devices registered for Windows Autopatch will receive updates from the [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview). This practice provides your users with new features each month, and they'll receive just one update per month on a predictable release schedule. Updates are released on the second Tuesday of the month; these updates can include feature, security, and quality updates. These updates occur automatically and are pulled directly from the Office Content Delivery Network (CDN). +All devices registered for Windows Autopatch will receive updates from the [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview). This practice provides your users with new features each month, and they'll receive just one update per month on a predictable release schedule. Updates are released on the second Tuesday of the month; these updates can include feature, security, and quality updates. These updates occur automatically and pulled directly from the Office Content Delivery Network (CDN). -Unlike Windows update, the Office CDN doesn't make the update available to all devices at once. Over the course of the release, the Office CDN gradually makes the update available to the whole population of devices. Windows Autopatch doesn't control the order in which updates are offered to devices across your estate. After the update has been downloaded, there's a seven day [update deadline](/deployoffice/configure-update-settings-microsoft-365-apps) that specifies how long the user has until the user must apply the update. +Unlike Windows update, the Office CDN doesn't make the update available to all devices at once. Over the course of the release, the Office CDN gradually makes the update available to the whole population of devices. Windows Autopatch doesn't control the order in which updates are offered to devices across your estate. After the update downloads, there's a seven day [update deadline](/deployoffice/configure-update-settings-microsoft-365-apps) that specifies how long the user has until the user must apply the update. ## Deployment rings @@ -40,21 +40,21 @@ Since the Office CDN determines when devices are offered updates, Windows Autopa ## End user experience -There are two parts of the end user experience that are configured by Windows Autopatch: +Windows Autopatch configures the following end user experiences: - Behavior during updates - Office client ### Behavior during updates -Updates can only be applied when Microsoft 365 Apps aren't running. Therefore, notifications usually appear because the user is working in a Microsoft 365 App, such as Microsoft Outlook, and hasn't closed it in several days. +Updates are only applied when Microsoft 365 Apps aren't running. Therefore, notifications usually appear because the user is working in a Microsoft 365 App, such as Microsoft Outlook, and hasn't closed it in several days. -Once the device has downloaded the update, users are given notifications leading up to the deadline. They'll receive the following message in the notification area in Windows, reminding them that updates are ready to be applied. +Once the device downloads the update, users are given notifications leading up to the deadline. They'll receive the following message in the notification area in Windows, reminding them to apply the updates. *Updates ready to be applied Updates are required by your system admin are blocked by one or more apps. Office will restart at mm/dd/yyyy h:mm AM/PM to apply updates.* -Alternatively, users can select **Update now** to apply the updates. The user is then prompted to close all open Office programs. After the updates are applied, the message disappears. +Alternatively, users can select **Update now** to apply the updates. Users are prompted to close all open Office programs. After the updates are applied, the message disappears. When the deadline arrives and the updates still aren't applied, users will: @@ -67,7 +67,7 @@ When the countdown reaches 00∶00, any open Office programs are closed, and the To ensure that users are receiving automatic updates, Windows Autopatch prevents the user from opting out of automatic updates. -## Update controls +## Microsoft 365 Apps for enterprise update controls If Windows Autopatch detects issues between versions of Microsoft 365 Apps for enterprise, we might pause the update by forcing Microsoft 365 Apps to stay on a specific version. @@ -79,16 +79,53 @@ Windows Autopatch will either: > [!NOTE] > Windows Autopatch doesn't currently allow customers to force their devices to stay on a previous version or rollback to a previous version. -Since quality updates are bundled together into a single release in the [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview), we can't roll back only a portion of the update for Microsoft 365 Apps for enterprise. +Windows quality updates are bundled together into a single release in the [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview). Therefore, we can't roll back only a portion of the update for Microsoft 365 Apps for enterprise. ## Compatibility with Servicing Profiles [Servicing profiles](/deployoffice/admincenter/servicing-profile) is a feature in the [Microsoft 365 Apps admin center](https://config.office.com/) that provides controlled update management of monthly Office updates, including controls for user and device targeting, scheduling, rollback, and reporting. -A [service profile](/deployoffice/admincenter/servicing-profile#compatibility-with-other-management-tools) takes precedence over other policies, such as a Microsoft Intune policy or the Office Deployment Tool. This means that the servicing profile will affect all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it will be ineligible for Microsoft 365 App update management. +A [service profile](/deployoffice/admincenter/servicing-profile#compatibility-with-other-management-tools) takes precedence over other policies, such as a Microsoft Intune policy or the Office Deployment Tool. The servicing profile will affect all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it will be ineligible for Microsoft 365 App update management. However, the device may still be eligible for other managed updates. For more information about a device's eligibility for a given [software update workload](windows-autopatch-update-management.md#software-update-workloads), see the Device eligibility section of each respective software update workload. +## Allow or block Microsoft 365 App updates + +For organizations seeking greater control, you can allow or block Microsoft 365 App updates for Windows Autopatch-enrolled devices. When the Microsoft 365 App update setting is set to **Block**, Windows Autopatch won't provide Microsoft 365 App updates on your behalf, and your organizations will have full control over these updates. You can choose to receive updates from [channels](/deployoffice/overview-update-channels) other than the default [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview). + +**To allow or block Microsoft 365 App updates:** + +1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +2. Navigate to the **Devices** > **Release Management** > **Release settings**. +3. Go to the **Microsoft 365 apps updates** section. By default, the **Allow/Block** toggle is set to **Allow**. +4. Turn off the **Allow** toggle to opt out of Microsoft 365 App update policies. You'll see the notification: *Update in process. This setting will be unavailable until the update is complete.* +5. Once the update is complete, you’ll receive the notification: *This setting is updated.* + +> [!NOTE] +> If the notification: *This setting couldn’t be updated. Please try again or submit a support request.* appears, use the following steps:
  1. Refresh your page.
  2. Please repeat the same steps in To block Windows Autopatch Microsoft 365 apps updates.
  3. If the issue persists, [submit a support request](../operate/windows-autopatch-support-request.md).
    4. + +**To verify if the Microsoft 365 App update setting is set to Allow:** + +1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +2. Navigate to **Devices** > **Configuration profiles** > **Profiles**. +3. The following **five** profiles should be discoverable from the list of profiles: + 1. Windows Autopatch - Office Configuration + 2. Windows Autopatch - Office Update Configuration [Test] + 3. Windows Autopatch - Office Update Configuration [First] + 4. Windows Autopatch - Office Update Configuration [Fast] + 5. Windows Autopatch - Office Update Configuration [Broad] + +**To verify if the Microsoft 365 App update setting is set to Block:** + +1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +2. Navigate to **Devices** > **Configuration profiles** > **Profiles**. +3. The following **five** profiles should be removed from your list of profiles and no longer visible/active. Use the Search with the keywords “Office Configuration”. The result should return *0 profiles filtered*. + 1. Windows Autopatch - Office Configuration + 2. Windows Autopatch - Office Update Configuration [Test] + 3. Windows Autopatch - Office Update Configuration [First] + 4. Windows Autopatch - Office Update Configuration [Fast] + 5. Windows Autopatch - Office Update Configuration [Broad] + ## Incidents and outages If devices in your tenant aren't meeting the [service level objective](#service-level-objective) for Microsoft 365 Apps for enterprise updates, an incident will be raised. The Windows Autopatch Service Engineering Team will work to bring the devices back into compliance. diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml index fd6ef0d1ef..c323dd4908 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml @@ -4,7 +4,7 @@ metadata: description: Answers to frequently asked questions about Windows Autopatch. ms.prod: windows-client ms.topic: faq - ms.date: 08/26/2022 + ms.date: 02/28/2023 audience: itpro ms.localizationpriority: medium manager: dougeby @@ -93,7 +93,7 @@ sections: answer: | Autopatch relies on the following capabilities to help resolve update issues: - Pausing and resuming: If Windows Autopatch detects an issue with a Windows quality release, we may decide that it's necessary to pause that release. Once the issue is resolved, the release will be resumed. For more information, see [Pausing and resuming a Windows quality release](../operate/windows-autopatch-windows-quality-update-overview.md#pausing-and-resuming-a-release). - - Rollback: If Windows Autopatch detects issues between versions of Microsoft 365 Apps for enterprise, we might force all devices to roll back to the previous version. For more information, see [Update controls for Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#update-controls). + - Rollback: If Windows Autopatch detects issues between versions of Microsoft 365 Apps for enterprise, we might force all devices to roll back to the previous version. For more information, see [Update controls for Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#microsoft-365-apps-for-enterprise-update-controls). - question: Can I permanently pause a Windows feature update deployment? answer: | Yes. Windows Autopatch provides a [permanent pause of either a feature update deployment](../operate/windows-autopatch-windows-feature-update-overview.md#pausing-and-resuming-a-release). diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md index df3f1f9f3f..99cec5d626 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md @@ -1,7 +1,7 @@ --- title: Roles and responsibilities description: This article describes the roles and responsibilities provided by Windows Autopatch and what the customer must do -ms.date: 12/12/2022 +ms.date: 02/28/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: conceptual @@ -43,6 +43,7 @@ This article outlines your responsibilities and Windows Autopatch's responsibili | Educate users on the Windows Autopatch end user update experience | :heavy_check_mark: | :x: | | Remove your devices from existing unsupported [Windows update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies | :heavy_check_mark: | :x: | | [Turn on or off expedited Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md#expedited-releases) | :heavy_check_mark: | :x: | +| [Allow or block Microsoft 365 Apps for enterprise updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates) | :heavy_check_mark: | :x: | | [Register devices/add devices to the Windows Autopatch Device Registration group](../deploy/windows-autopatch-register-devices.md#steps-to-register-devices) | :heavy_check_mark: | :x: | | [Run the pre-registration device readiness checks](../deploy/windows-autopatch-register-devices.md#about-the-ready-not-ready-and-not-registered-tabs) | :x: | :heavy_check_mark: | | [Automatically assign devices to First, Fast & Broad deployment rings at device registration](../operate/windows-autopatch-update-management.md#deployment-ring-calculation-logic) | :x: | :heavy_check_mark: | diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md index 665be9f9af..3733426a2d 100644 --- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md +++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md @@ -1,7 +1,7 @@ --- title: What's new 2023 description: This article lists the 2023 feature releases and any corresponding Message center post numbers. -ms.date: 02/22/2023 +ms.date: 02/28/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: whats-new @@ -24,6 +24,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed. | Article | Description | | ----- | ----- | +| [Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md) | Added [Allow or block Microsoft 365 App updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates) section | | [Windows feature updates](../operate/windows-autopatch-windows-feature-update-overview.md#) | Added note about [Windows 10 Long-Term Servicing Channel (LTSC) support](../operate/windows-autopatch-windows-feature-update-overview.md#enforcing-a-minimum-windows-os-version) | | [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) | Added note about [Windows 10 Long-Term Servicing Channel (LTSC) support](../operate/windows-autopatch-windows-quality-update-overview.md#device-eligibility) | | [Register your devices](../deploy/windows-autopatch-register-devices.md) | Added note about [Windows 10 Long-Term Servicing Channel (LTSC) support](../deploy/windows-autopatch-register-devices.md#prerequisites-for-device-registration) | diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index 9780d97968..331770192b 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -72,7 +72,7 @@ The features in this article are no longer being actively developed, and might b |RSA/AES Encryption for IIS | We recommend that users use CNG encryption provider. | 1709 | |Screen saver functionality in Themes | Disabled in Themes. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 | |Sync your settings (updated: August 17, 2017) | Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. The **Sync your settings** options and the Enterprise State Roaming feature will continue to work. | 1709 | -|System Image Backup (SIB) Solution | We recommend that users use full-disk backup solutions from other vendors. | 1709 | +|System Image Backup (SIB) Solution|This feature is also known as the **Backup and Restore (Windows 7)** legacy control panel. For full-disk backup solutions, look for a third-party product from another software vendor. You can also use [OneDrive](/onedrive/) to sync data files with Microsoft 365.| 1709 | |TLS RC4 Ciphers |To be disabled by default. For more information, see [TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016](/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server)| 1709 | |Trusted Platform Module (TPM) Owner Password Management |This functionality within TPM.msc will be migrated to a new user interface.| 1709 | |Trusted Platform Module (TPM): TPM.msc and TPM Remote Management | To be replaced by a new user interface in a future release. | 1709 | @@ -84,4 +84,6 @@ The features in this article are no longer being actively developed, and might b |TLS DHE_DSS ciphers DisabledByDefault| [TLS RC4 Ciphers](/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server) will be disabled by default in this release. | 1703 | |TCPChimney | TCP Chimney Offload is no longer being developed. See [Performance Tuning Network Adapters](/windows-server/networking/technologies/network-subsystem/net-sub-performance-tuning-nics). | 1703 | |IPsec Task Offload| [IPsec Task Offload](/windows-hardware/drivers/network/task-offload) versions 1 and 2 are no longer being developed and shouldn't be used. | 1703 | -|`wusa.exe /uninstall /kb:####### /quiet`|The `wusa` tool usage to quietly uninstall an update has been deprecated. The uninstall command with `/quiet` switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.|1507
    Applies to Windows Server 2016 and Windows Server 2019.| \ No newline at end of file +|`wusa.exe /uninstall /kb:####### /quiet`|The `wusa` tool usage to quietly uninstall an update has been deprecated. The uninstall command with `/quiet` switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.|1507
    Applies to Windows Server 2016 and Windows Server 2019.| + +