mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-21 21:33:38 +00:00
Merge branch 'main' into andredm04262023
This commit is contained in:
Tiara Quan
GitHub
@ -0,0 +1,103 @@
|
||||
---
|
||||
title: Device alerts
|
||||
description: Provide notifications and information about the necessary steps to keep your devices up to date.
|
||||
ms.date: 05/01/2023
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
ms.author: tiaraquan
|
||||
manager: dougeby
|
||||
ms.reviewer: adnich
|
||||
---
|
||||
|
||||
# Device alerts (public preview)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
|
||||
|
||||
Windows Autopatch and Windows Updates use Device alerts to provide notifications and information about the necessary steps to keep your devices up to date. In Windows Autopatch reporting, every device is provided with a section for alerts. If no alerts are listed, no action is needed. Navigate to **Reports** > **Quality update status** or **Feature update status** > **Device** > select the **Device alerts** column. The provided information will help you understand:
|
||||
|
||||
- The action(s) that have either been performed by Microsoft and/or Windows Autopatch to keep the device properly updated.
|
||||
- The actions you must perform so the device can properly be updated.
|
||||
|
||||
> [!NOTE]
|
||||
> At any given point, one or both of these actions can be present in your tenant.
|
||||
|
||||
## Windows Autopatch alerts
|
||||
|
||||
Windows Autopatch alerts are alerts specific to the Windows Autopatch service. These alerts include:
|
||||
|
||||
- [Post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md)
|
||||
- [Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md)
|
||||
|
||||
## Windows quality and feature update alerts
|
||||
|
||||
These alerts represent data reported to the Windows Update service related to Windows quality and feature updates. These alerts can help identify actions that must be performed if an update doesn't apply as expected. Alerts are only provided by device that actively reports to the Windows Update service.
|
||||
|
||||
## Customer and Microsoft Actions
|
||||
|
||||
Windows Autopatch assigns alerts to either Microsoft Action or Customer Action. These assignments give a clear understanding of who has the responsibility to remediate the alert.
|
||||
|
||||
| Assignment | Description |
|
||||
| ----- | ----- |
|
||||
| Microsoft Action | Refers to the responsibility of the Windows Autopatch service to remediate. The actions are performed by Windows Autopatch automatically. |
|
||||
| Customer Action | Refers to your responsibility to carry out the appropriate action(s) to resolve the reported alert. |
|
||||
|
||||
## Alert resolutions
|
||||
|
||||
Alert resolutions are provided through the Windows Update service and provide the reason why an update didn’t perform as expected. The recommended actions are general recommendations and if additional assistance is needed, [submit a support request](../operate/windows-autopatch-support-request.md)
|
||||
|
||||
| Alert message | Description | Windows Autopatch recommendation(s) |
|
||||
| ----- | ----- | ----- |
|
||||
| `CancelledByUser` | User canceled the update | The Windows Update service has reported the update was canceled by the user.<p>It's recommended to work with the end user to allow updates to execute as scheduled.</p> |
|
||||
| `DamagedMedia` | The update file or hard drive is damaged | The Windows Update service has indicated the update payload might be damaged or corrupt. <p>It's recommended to run `Chkdsk /F` on the device with administrator privileges, then retry the update. For more information, see [chkdsk](/windows-server/administration/windows-commands/chkdsk?tabs=event-viewer).</p> |
|
||||
| `DeploymentConflict` | Device is in more than one deployment of the same update type. Only the first deployment assigned is effective. | The Windows Update service has reported a policy conflict.<p>For more information, see the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
| `DeviceRegistrationInvalidAzureADDeviceId` | The device isn't able to register or authenticate properly with Windows Update because of an invalid Azure AD Device ID. | The Windows Update service has reported a device registration issue.<p>For more information, see [Windows Autopatch post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
| `DeviceRegistrationInvalidGlobalDeviceId` | The device isn't able to register or authenticate properly with Windows Update because of an invalid Global Device ID. |The Windows Update service has reported that the MSA Service may be disabled preventing Global Device ID assignment.<p>Check that the MSA Service is running or able to run on device.</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
| `DeviceRegistrationIssue` | The device isn't able to register or authenticate properly with Windows Update. | The Windows Update service has reported a device registration issue.<p>For more information, see [Windows Autopatch post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
| `DeviceRegistrationNoTrustType` | The device isn't able to register or authenticate properly with Windows Update because it can't establish Trust. | The Windows Update service has reported a device registration issue.<p>For more information, see [Windows Autopatch post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
| `DiskFull` | The installation couldn't be completed because the Windows partition is full. | The Windows Update service has reported there's insufficient disk space to perform the update. Free up disk space on the Windows partition and retry the installation.<p>For more information, see [Free up space for Windows Updates](/windows/free-up-space-for-windows-updates-429b12ba-f514-be0b-4924-ca6d16fa1d65#:~:text=Here%E2%80%99s%20how%20to%20get%20more%20storage%20space%20on,to%20Windows%20needs%20space%20to%20update.%20More%20items).</p> |
|
||||
| `DownloadCancelled` | Windows Update couldn't download the update because the update server stopped the connection. | The Windows Update service has reported an issue with your update server. Validate your network is working and retry the download. If the alert persists, review your network configuration to make sure that this computer can access the internet.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).</p> |
|
||||
| `DownloadConnectionIssue` | Windows Update couldn't connect to the update server and the update couldn't download. | The Windows Update service has reported an issue connecting to Windows Update. Review your network configuration, and to make sure that this computer can access the internet and Windows Update Online.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
| `DownloadCredentialsIssue` | Windows Update couldn't download the file because the Background Intelligent Transfer Service (BITS) couldn't connect to the internet. A proxy server or firewall on your network might require credentials. | The Windows Update service Windows has reported it failed to connect to Windows Updates. This can often be an issue with an Application Gateway or HTTP proxy, or an issue on the client. Retry the download.<p>Review your network configuration to make sure that this computer can access the internet. Validate and/or allowlist Windows Update and Delivery Optimization endpoint.</p><p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
| `DownloadIssue` | There was an issue downloading the update. | The Windows Update service has reported it failed to connect to Windows Updates. This can often be an issue with an Application Gateway or HTTP proxy, or an issue on the client.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
| `DownloadIssueServiceDisabled` | There was a problem with the Background Intelligent Transfer Service (BITS). The BITS service or a service it depends on might be disabled. | The Windows Updates service has reported that the BITS service is disabled. In the local client services, make sure that the Background Intelligent Transfer Service is enabled. If the service isn't running, try starting it manually. For more information, see [Issues with BITS](/security-updates/WindowsUpdateServices/18127392).<p>If it will not start, check the event log for errors or [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
| `DownloadTimeout` | A timeout occurred while Windows tried to contact the update service or the server containing the update's payload. | The Windows Update service has reported it attempted to download the payload and the connection timed out.<p>Retry downloading the payload. If not successful, review your network configuration to make sure that this computer can access the internet.</p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5). |
|
||||
| `EndOfService` | The device is on a version of Windows that has passed its end of service date. | Windows Update service has reported the current version is past End of Service. Update device to a version that is currently serviced in [Feature update overview](../operate/windows-autopatch-groups-windows-feature-update-overview.md).<p>For more information on OS versioning, see [Windows 10 release information](/windows/release-health/release-information).</p> |
|
||||
| `EndOfServiceApproaching` | The device is on a version of Windows that is approaching its end of service date. | Update device to a version that is currently serviced in [Feature update overview](../operate/windows-autopatch-groups-windows-feature-update-overview.md).<p>For more information on OS versioning, see [Windows 10 release information](/windows/release-health/release-information).</p> |
|
||||
| `FailureResponseThreshold` | The failure response threshold setting was met for a deployment to which the device belongs. | The Windows Update service has reported the client has hit the Failure Response Threshold. Consider pausing the deployment and assess for issues. If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md). |
|
||||
| `FileNotFound` | The downloaded update files can't be found. The Disk Cleanup utility or a non-Microsoft software cleaning tool might have removed the files during cleanup. | Windows Update has reported that the update files couldn't be found, download the update again, and then retry the installation.<p>This can often occur with third party security products. For more information, see [Virus scanning recommendations for Enterprise computers that are running Windows or Windows Server (KB822158)](https://support.microsoft.com/topic/virus-scanning-recommendations-for-enterprise-computers-that-are-running-windows-or-windows-server-kb822158-c067a732-f24a-9079-d240-3733e39b40bc).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
| `Incompatible` | The system doesn't meet the minimum requirements to install the update. | The Windows Update service has reported the update is incompatible with this device for more details please review the `ScanResult.xml` file in the `C:\WINDOWS\PANTHER folder for "Block Type=Hard`.<p>If this is occurring on a Windows Autopatch managed device, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
| `IncompatibleArchitecture` | This update is for a different CPU architecture. | The Windows Update service has reported the update architecture doesn't match the destination architecture, make sure the target operating system architecture matches the host operating system architecture.<p>This is **not** typical for Windows Update based environments.</p><p>If this is occurring on a Windows Autopatch managed device, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
| `IncompatibleServicingChannel` | Device is in a servicing channel that is incompatible with a deployment to which the device belongs. | The Windows Update service has reported the servicing channel on the client isn't compatible with the targeted payload.<p>We recommend configuring the device's servicing channel to the [Semi-Annual Enterprise Channel](/windows-server/get-started/servicing-channels-comparison#semi-annual-channel).</p> |
|
||||
| `InstallAccessDenied` | Installer doesn't have permission to access or replace a file. The installer might have tried to replace a file that an antivirus, anti-malware, or a backup program is currently scanning. | The Windows Update service has reported it couldn't access the necessary system locations, ensure no other service has a lock or handle on the windows update client folders and retry the installation.<p>This can often occur with third party security products. For more information, see [Virus scanning recommendations for Enterprise computers that are running Windows or Windows Server (KB822158)](https://support.microsoft.com/topic/virus-scanning-recommendations-for-enterprise-computers-that-are-running-windows-or-windows-server-kb822158-c067a732-f24a-9079-d240-3733e39b40bc).</p> |
|
||||
| `InstalledCancelled` | The installation was canceled. | The Windows Update service has reported the update was canceled by the user.<p>It's recommended to work with the end user to allow updates to execute as scheduled.</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
| `InstallFileLocked` | Installer couldn't access a file that is already in use. The installer might have tried to replace a file that an antivirus, anti-malware, or backup program is currently scanning. | The Windows Update service has reported it couldn't access the necessary system locations.<p>Check the files under the `%SystemDrive%\$Windows.~bt` directory and retry the installation.</p><p>This can often occur with third party security products. For more information, see [Virus scanning recommendations for Enterprise computers that are running Windows or Windows Server (KB822158)](https://support.microsoft.com/topic/virus-scanning-recommendations-for-enterprise-computers-that-are-running-windows-or-windows-server-kb822158-c067a732-f24a-9079-d240-3733e39b40bc).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
| `InstallIssue` | There was an issue installing the update. | The Windows Update service has reported the update installation has failed.<p>If the alert persists, run "`dism /online /cleanup-image /restorehealth`" on the device with administrator privileges, then retry the update.</p><p>For more information, see [Repair a Windows Image](/windows-hardware/manufacture/desktop/repair-a-windows-image) if the command fails. A reinstall of Windows may be required.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p>|
|
||||
| `InstallIssueRedirection` | A known folder that doesn't support redirection to another drive might have been redirected to another drive. | The Windows Update service has reported that the Windows Update file location may be redirected to an invalid location. Check your Windows Installation, and retry the update.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
| `InstallMissingInfo` | Windows Update doesn't have the information it needs about the update to finish the installation. | The Windows Update service has reported that another update may have replaced the one you're trying to install. Check the update, and then try reinstalling it. |
|
||||
| `InstallOutOfMemory` | The installation couldn't be completed because Windows ran out of memory. | The Windows Update service has reported the system doesn't have sufficient system memory to perform the update.<p>Restart Windows, then try the installation again.</p><p>If it still fails, allocate more memory to the device, or increase the size of the virtual memory pagefile(s). For more information, see [How to determine the appropriate page file size for 64-bit versions of Windows](/troubleshoot/windows-client/performance/how-to-determine-the-appropriate-page-file-size-for-64-bit-versions-of-windows).</p> |
|
||||
| `InstallSetupError` | Windows Setup encountered an error while installing. | The Windows Update service has reported an error during installation.Review the last reported HEX error code in [Quality update status report](../operate/windows-autopatch-groups-windows-quality-update-status-report.md) to further investigate.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
| `PolicyConflict` | There are client policies (MDM, GP) that conflict with Windows Update settings. | The Windows Update service has reported a policy conflict. Review the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
| `PolicyConflictDeferral` | The Deferral Policy configured on the device is preventing the update from installing. | The Windows Update service has reported a policy conflict. Review the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
| `PolicyConflictPause` | Updates are paused on the device, preventing the update from installing. | The Windows Update service has reported a policy conflict. Review the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
| `PostRestartIssue` | Windows Update couldn't determine the results of installing the update. The error is usually false, and the update probably succeeded. | The Windows Update Service has reported the update you're trying to install isn't available.<p>No action is required.</p><p>If the update is still available, retry the installation.</p> |
|
||||
| `RollbackInitiated` | A rollback was started on this device, indicating a catastrophic issue occurred during the Windows Setup install process. | The Windows Update service has reported a failure with the update. Run the Setup Diagnostics Tool on the Device or review the HEX error in [Quality update status report](../operate/windows-autopatch-groups-windows-quality-update-status-report.md). **Don’t** retry the installation until the impact is understood.<p>For more information, see [SetupDiag - Windows Deployment](/windows/deployment/upgrade/setupdiag).</p> |
|
||||
| `SafeguardHold` | Update can't install because of a known Safeguard Hold. | The Windows Update Service has reported a [Safeguard Hold](/windows/deployment/update/update-compliance-feature-update-status#safeguard-holds) which applies to this device.<p>For more information about safeguards, see [Windows 10/11 release information for the affected version(s)](/windows/release-health/release-information).</p> |
|
||||
| `UnexpectedShutdown` | The installation was stopped because a Windows shutdown or restart was in progress. | The Windows Update service has reported Windows was unexpectedly restarted during the update process.<p>No action is necessary the update should retry when windows is available.</p><p>If the alert persists, ensure the device remains on during Windows installation.</p> |
|
||||
| `VersionMismatch` | Device is on a version of Windows that wasn't intended by Windows Update. | The Windows Update service has reported that the version of Windows wasn't intended.<p>Confirm whether the device is on the intended version.</p> |
|
||||
| `WindowsRepairRequired` | The current version of Windows needs to be repaired before it can be updated. | The Windows Update service has indicated that the service is in need of repair. Run the Startup Repair Tool on this device.<p>For more information, see [Windows boot issues – troubleshooting](/troubleshoot/windows-client/performance/windows-boot-issues-troubleshooting#method-1-startup-repair-tool).</p> |
|
||||
| `WUBusy` | Windows Update can't do this task because it's busy. | The Windows Update service has reported that Windows Update is busy. No action is needed. Restart Windows should and retry the installation. |
|
||||
| `WUComponentMissing` | Windows Update might be missing a component, or the update file might be damaged. | The Windows Update service has reported key components for windows update are missing.<p>Run "`dism /online /cleanup-image /restorehealth`" on the device with administrator privileges, to repair these components. Then retry the update.</p><p>For more information, see [Repair a Windows Image](/windows-hardware/manufacture/desktop/repair-a-windows-image) if the command fails. A reinstall of Windows may be required.</p> |
|
||||
| `WUDamaged` | Windows Update or the update file might be damaged. | The Windows Update service has reported key components for windows update are missing.<p>Run "`dism /online /cleanup-image /restorehealth`" on the device with administrator privileges to repair these components. Then retry the update.</p><p>For more information, see [Repair a Windows Image](/windows-hardware/manufacture/desktop/repair-a-windows-image) if the command fails. A reinstall of Windows may be required.</p> |
|
||||
| `WUDecryptionIssue` | Windows Update couldn't decrypt the encrypted update file because it couldn't find the proper key. | The Windows Update service has reported it couldn't decrypt the update payload.<p>This alert could be a network transit error and may be resolved on its own. If the alert persists, validate any network Riverbeds, Application or http proxies and retry.</p>|
|
||||
| `WUDiskError` | Windows Update encountered an error while reading or writing to the system drive. | The Windows Update service has reported an alert reading or writing to the system disk. This alert is often a client issue with the target system. We recommend running the Windows Update Troubleshooter on the device. Retry the installation.<p>For more information, see [Windows Update Troubleshooter](https://support.microsoft.com/windows/windows-update-troubleshooter-19bc41ca-ad72-ae67-af3c-89ce169755dd).</p> |
|
||||
| `WUIssue` | Windows Update couldn't understand the metadata provided by the update service. This error usually indicates a problem with the update. | The Windows Update service has reported an issue with the Update payload. This could be a transient alert.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
|
||||
|
||||
## Additional resources
|
||||
|
||||
- [Troubleshoot problems updating Windows](https://support.microsoft.com/windows/troubleshoot-problems-updating-windows-188c2b0f-10a7-d72f-65b8-32d177eb136c)
|
||||
- [How to use the PC Health Check app](https://support.microsoft.com/windows/how-to-use-the-pc-health-check-app-9c8abd9b-03ba-4e67-81ef-36f37caa7844)
|
||||
- [Windows Update Troubleshooter](https://support.microsoft.com/windows/windows-update-troubleshooter-19bc41ca-ad72-ae67-af3c-89ce169755dd)
|
||||
@ -0,0 +1,213 @@
|
||||
---
|
||||
title: Manage Windows feature update releases
|
||||
description: This article explains how you can manage Windows feature updates with Autopatch groups
|
||||
ms.date: 05/01/2023
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
ms.author: tiaraquan
|
||||
manager: dougeby
|
||||
ms.reviewer: andredm7
|
||||
---
|
||||
|
||||
# Manage Windows feature update releases: Windows Autopatch groups experience (public preview)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
|
||||
|
||||
You can create custom releases for Windows feature update deployments in Windows Autopatch.
|
||||
|
||||
## Before you begin
|
||||
|
||||
Before you start managing custom Windows feature update releases, consider the following:
|
||||
|
||||
- If you’re planning on using either the [Default or Custom Autopatch groups](../deploy/windows-autopatch-groups-overview.md#key-concepts) ensure:
|
||||
- The Default Autopatch group has all deployment rings and deployment cadences you need.
|
||||
- You have created all your Custom Autopatch groups prior to creating custom releases.
|
||||
- Review [Windows feature update prerequisites](/mem/intune/protect/windows-10-feature-updates#prerequisites).
|
||||
- Review the [Windows feature updates policy limitations](/mem/intune/protect/windows-10-feature-updates#limitations-for-feature-updates-for-windows-10-and-later-policy).
|
||||
|
||||
## About the auto-populate automation for release phases
|
||||
|
||||
By default, the deployment rings of each Autopatch group will be sequentially assigned to a phase. For example, the first deployment ring of each Autopatch group is assigned to Phase 1, and the second deployment ring of each Autopatch group is assigned to Phase 2, etc.
|
||||
|
||||
The following table explains the auto-populating assignment of your deployments rights if you have two Autopatch groups. One Autopatch group is named Finance and the other is named Marketing; each Autopatch group has four (Finance) and five (Marketing) deployment rings respectively.
|
||||
|
||||
| Phases | Finance | Marketing
|
||||
| ----- | ----- | ----- |
|
||||
| Phase 1 | Test | Test |
|
||||
| Phase 2 | Ring1 | Ring1 |
|
||||
| Phase 3 | Ring2 | Ring2 |
|
||||
| Phase 4 | Last | Ring3 |
|
||||
|
||||
If the Autopatch groups are edited after a release is created (Active status), the changes to the Autopatch group won’t be reflected unless you create a new custom release.
|
||||
|
||||
If you wish to change the auto-populating assignment of your deployment rings to release phases, you can do so by adding, removing, or editing the auto-populated phases.
|
||||
|
||||
### More information about the completion date of a phase
|
||||
|
||||
The goal completion date of a phase is calculated using the following formula:
|
||||
|
||||
`<First Deployment Date> + (<Number of gradual rollout groups> – 1) * Days in between groups (7) + Deadline for feature updates (5 days) + Grace Period (2 days).`
|
||||
|
||||
This formula is only applicable for **Deadline-driven** not for Scheduled-driven deployment cadences. For more information, see [Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md).
|
||||
|
||||
> [!IMPORTANT]
|
||||
> By default, both the **Deadline for feature updates** and the **Grace period** values are set by Windows Autopatch in every [Update rings for Windows 10 and later policy](/mem/intune/protect/windows-10-update-rings) created by Autopatch groups.
|
||||
|
||||
### How to use the Windows feature update blade
|
||||
|
||||
Use the Windows feature update blade to check in the overall status of the [default release](../operate/windows-autopatch-groups-windows-feature-update-overview.md#default-release) and the custom ones you create.
|
||||
|
||||
**To access the Windows feature update blade:**
|
||||
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Devices** from the left navigation menu.
|
||||
1. Under the **Windows Autopatch** section, select **Release management**.
|
||||
1. In the **Release management** blade, under the **Release schedule** tab, select **Windows feature updates**.
|
||||
1. In the **Windows feature updates** blade, you can see all the information about the releases. The columns are described in the following table:
|
||||
|
||||
| Status | Description |
|
||||
| ----- | ----- |
|
||||
| Release name | Name of the release |
|
||||
| Version to deploy | Version to deploy for the applicable release or phase |
|
||||
| Status | Status of the applicable release or phase:<ul><li>Scheduled</li><li>Active</li><li>Inactive</li><li>Paused</li><li>Canceled</li></ul> |
|
||||
| First deployment |<ul><li>The date the deployment for the applicable release or phase will begin.</li><li>Feature update policy for Windows 10 and later is created 24 hours prior to the first deployment date. The service automation runs twice a day at 4:00AM and 4:00PM (UTC).</li><li>Not all devices within a phase will be offered the feature update on the same date when using gradual rollout.</li></ul> |
|
||||
| Goal completion date | The date the devices within the release or phases are expected to finish updating. The completion date is calculated using the following formula:<p>`<First deployment date> + (<Number of gradual rollout groups> - 1) * Days in between groups (7) + Deadline for feature updates (5) + Grace Period (2)`</p> |
|
||||
|
||||
#### About release and phase statuses
|
||||
|
||||
##### Release statuses
|
||||
|
||||
A release is made of one or more phases. The release status is based on the calculation and consolidation of each phase status.
|
||||
|
||||
The release statuses are described in the following table:
|
||||
|
||||
| Release status | Definition | Options |
|
||||
| ----- | ----- | ----- |
|
||||
| Scheduled | Release is scheduled and not all phases have yet created its Windows feature update policies |<ul><li>Releases with the **Scheduled status** can't be canceled but can have its deployment cadence edited as not all phases have yet created its Windows feature update policies.</li><li>Autopatch groups and its deployment rings that belong to a **Scheduled** release can't be assigned to another release.</li></ul> |
|
||||
| Active | All phases in the release are active. This means all phases have reached their first deployment date, which created the Windows feature update policies. |<ul><li>Release can be paused but can't be edited or canceled since the Windows feature update policy was already created for its phases.</li><li>Autopatch groups and their deployment rings can be assigned to another release.</li></ul> |
|
||||
| Inactive | All the Autopatch groups within the release have been assigned to a new release. As a result, the Windows feature update policies were unassigned from all phases from within the release. |<ul><li>Release can be viewed as a historical record.</li><li>Releases can't be deleted, edited, or canceled.</li></ul> |
|
||||
| Paused | All phases in the release are paused. The release will remain paused until you resume it. | <ul><li>Releases with Paused status can't be edited or canceled since the Windows feature update policy was already created for its phases.</li><li>Release can be resumed.</li></ul> |
|
||||
|
||||
##### Phase statuses
|
||||
|
||||
A phase is made of one or more Autopatch group deployment rings. Each phase reports its status to its release.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> The determining factor that makes a phase status transition from **Scheduled** to **Active** is when the service automatically creates the Windows feature update policy for each Autopatch group deployment ring. Additionally, the phase status transition from **Active** to **Inactive** occurs when Windows feature update policies are unassigned from the Autopatch groups that belong to a phase. This can happen when an Autopatch group and its deployment rings are re-used as part of a new release.
|
||||
|
||||
| Phase status | Definition |
|
||||
| ----- | ----- |
|
||||
| Scheduled | The phase is scheduled but hasn’t reached its first deployment date yet. The Windows feature update policy hasn’t been created for the respective phase yet. |
|
||||
| Active | The first deployment date has been reached. The Windows feature update policy has been created for the respective phase. |
|
||||
| Inactive | All Autopatch groups within the phase were re-assigned to a new release. All Windows feature update policies were unassigned from the Autopatch groups. |
|
||||
| Paused | Phase is paused. You must resume the phase. |
|
||||
|
||||
#### Details about Windows feature update policies
|
||||
|
||||
Windows Autopatch creates one Windows feature update policy per phase using the following naming convention:
|
||||
|
||||
`Windows Autopatch – DSS policy – <Release Name> – Phase <Phase Number>`
|
||||
|
||||
These policies can be viewed in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
|
||||
The following table is an example of the Windows feature update policies that were created for phases within a release:
|
||||
|
||||
| Policy name | Feature update version | Rollout options | First deployment date| Final deployment date availability | Day between groups | Support end date |
|
||||
| ----- | ----- | ----- | ----- | ----- | ----- | ----- |
|
||||
| Windows Autopatch - DSS Policy - My feature update release – Phase 1 | Windows 10 21H2 | Make update available as soon as possible | April 24, 2023 | April 24, 2023 | N/A | June 10, 2024 |
|
||||
| Windows Autopatch - DSS Policy - My feature update release – Phase 2 | Windows 10 21H2 | Make update available as soon as possible | June 26, 2023 | July 17, 2023 | 7 | June 10, 2024 |
|
||||
| Windows Autopatch - DSS Policy - My feature update release – Phase 3 | Windows 10 21H2 | Make update available as soon as possible | July 24, 2023 | August 14, 2023 | 7 | June 10, 2024 |
|
||||
| Windows Autopatch - DSS Policy - My feature update release – Phase 4 | Windows 10 21H2 | Make update available as soon as possible | August 28, 2023 | September 10, 2023 | 7 | June 10, 2024 |
|
||||
| Windows Autopatch - DSS Policy - My feature update release – Phase 5 | Windows 10 21H2 | Make update available as soon as possible | September 25, 2023 | October 16, 2023 | 7 | June 10, 2024 |
|
||||
|
||||
## Create a custom release
|
||||
|
||||
**To create a custom release:**
|
||||
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Devices** from the left navigation menu.
|
||||
1. Under the **Windows Autopatch** section, select **Release management**.
|
||||
1. In the **Release management** blade, select **Release schedule**, then **Windows feature updates**.
|
||||
1. In the **Windows feature updates** blade, select **New release**.
|
||||
1. In the **Basics** page:
|
||||
1. Enter a **Name** for the custom release.
|
||||
2. Select the **Version** to deploy.
|
||||
3. Enter a **Description** for the custom release.
|
||||
4. Select **Next**.
|
||||
1. In the **Autopatch groups** page, choose one or more existing Autopatch groups you want to include in the custom release, then select Next.
|
||||
1. You can't choose Autopatch groups that are already part of an existing custom release. Select **Autopatch groups assigned to other releases** to review existing assignments.
|
||||
1. In the Release phases page, review the number of auto-populated phases. You can Edit, Delete and Add phase based on your needs. Once you’re ready, select **Next**. **Before you proceed to the next step**, all deployment rings must be assigned to a phase, and all phases must have deployment rings assigned.
|
||||
1. In the **Release schedule** page, choose **First deployment date**, and the number of **Gradual rollout groups**, then select **Next**. **You can only select the next day**, not the current day, as the first deployment date. The service creates feature update policy for Windows 10 and later twice a day at 4:00AM and 4:00PM (UTC) and can’t guarantee that the release will start at the current day given the UTC variance across the globe.
|
||||
1. The **Goal completion date** only applies to the [Deadline-driven deployment cadence type](../operate/windows-autopatch-groups-windows-update.md#deadline-driven). The Deadline-drive deployment cadence type can be specified when you configure the Windows Updates settings during the Autopatch group creation/editing flow.
|
||||
2. Additionally, the formula for the goal completion date is `<First Deployment Date> + (<Number of gradual rollout groups> – 1) * Days in between groups (7) + Deadline for feature updates (5 days) + Grace Period (2 days)`.
|
||||
1. In the **Review + create** page, review all settings. Once you’re ready, select **Create**.
|
||||
|
||||
## Edit a release
|
||||
|
||||
> [!NOTE]
|
||||
> Only custom releases that have the **Scheduled** status can be edited. A release phase can only be edited prior to reaching its first deployment date. Additionally, you can only edit the deployment dates when editing a release.
|
||||
|
||||
**To edit a custom release:**
|
||||
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Devices** from the left navigation menu.
|
||||
1. Under the **Windows Autopatch** section, select **Release management**.
|
||||
1. In the **Release schedule** tab, select **Windows feature updates**.
|
||||
1. In the **Windows feature updates** blade, select the **horizontal ellipses (…)** > Edit to customize your gradual rollout of your feature updates release, then select **Save**.
|
||||
1. Only the release schedule can be customized when using the edit function. You can't add or remove Autopatch groups or modify the phase order when editing a release.
|
||||
1. Select **Review + Create**.
|
||||
1. Select **Apply** to save your changes.
|
||||
|
||||
## Pause and resume a release
|
||||
|
||||
> [!CAUTION]
|
||||
> You should only pause and resume [Windows quality](../operate/windows-autopatch-groups-windows-quality-update-overview.md#pause-and-resume-a-release) and [Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md) on Windows Autopatch managed devices using the Windows Autopatch Release management blade. Do **not** use the Microsoft Intune end-user experience flows to pause or resume Windows Autopatch managed devices.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Pausing or resuming an update can take up to eight hours to be applied to devices. Windows Autopatch uses Microsoft Intune as its device management solution and that's the average frequency Windows devices take to communicate back to Microsoft Intune with new instructions to pause, resume or rollback updates. For more information, see [how long does it take for devices to get a policy, profile, or app after they are assigned from Microsoft Intune](/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).
|
||||
|
||||
**To pause or resume a release:**
|
||||
|
||||
> [!NOTE]
|
||||
> If you've paused an update, the specified release will have the **Paused** status. The Windows Autopatch service can't overwrite IT admin's pause. You must select **Resume** to resume the update. The **Paused by Service Pause** status **only** applies to Windows quality updates. Windows Autopatch doesn't pause Windows feature updates on your behalf.
|
||||
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Devices** from the left navigation menu.
|
||||
1. Under the **Windows Autopatch** section, select **Release management**.
|
||||
1. In the **Release schedule** tab, select **Windows feature updates**.
|
||||
1. In the **Windows feature updates** blade, select the **horizontal ellipses (…)** > **Pause** or **Resume** to pause or resume your feature updates release.
|
||||
1. Select a reason from the dropdown menu.
|
||||
1. Optional. Enter details about why you're pausing or resuming the selected update.
|
||||
1. If you're resuming an update, you can select one or more deployment rings.
|
||||
1. Select **Pause deployment** or **Resume deployment** to save your changes.
|
||||
|
||||
## Cancel a release
|
||||
|
||||
> [!IMPORTANT]
|
||||
> You can only cancel a release under the Scheduled status. You cannot cancel a release under the **Active**, **Inactive** or **Paused** statuses.
|
||||
|
||||
**To cancel a release:**
|
||||
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Devices** from the left navigation menu.
|
||||
1. Under the **Windows Autopatch** section, select **Release management**.
|
||||
1. In the **Release schedule** tab, select **Windows feature updates**.
|
||||
1. In the **Windows feature updates** blade, select the **horizontal ellipses (…)** > **Cancel** to cancel your feature updates release.
|
||||
1. Select a reason for cancellation from the dropdown menu.
|
||||
1. Optional. Enter details about why you're pausing or resuming the selected update.
|
||||
1. Select **Cancel deployment** to save your changes.
|
||||
|
||||
## Roll back a release
|
||||
|
||||
> [!CAUTION]
|
||||
> Do **not** use Microsoft Intune’s end-user flows to rollback Windows feature update deployments for Windows Autopatch managed devices. If you need assistance with rolling back deployments, [submit a support request](../operate/windows-autopatch-support-request.md).
|
||||
|
||||
Windows Autopatch **doesn’t** support the rollback of Windows feature updates through its end-user experience flows.
|
||||
|
||||
## Contact support
|
||||
|
||||
If you’re experiencing issues related to Windows feature update deployments, [submit a support request](../operate/windows-autopatch-support-request.md).
|
||||
@ -0,0 +1,61 @@
|
||||
---
|
||||
title: Software update management for Autopatch groups
|
||||
description: This article provides an overview of how updates are handled with Autopatch groups
|
||||
ms.date: 05/01/2023
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: overview
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
ms.author: tiaraquan
|
||||
manager: dougeby
|
||||
ms.reviewer: andredm7
|
||||
---
|
||||
|
||||
# Software update management: Windows Autopatch groups experience (public preview)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
|
||||
|
||||
Keeping your devices up to date is a balance of speed and stability. Windows Autopatch connects all devices to a modern cloud-based infrastructure to manage updates on your behalf.
|
||||
|
||||
## Software update workloads
|
||||
|
||||
| Software update workload | Description |
|
||||
| ----- | ----- |
|
||||
| Windows quality update | Windows Autopatch uses four deployment rings to manage Windows quality updates. For more detailed information, see:<ul><li>[Windows Autopatch groups experience](../operate/windows-autopatch-groups-windows-quality-update-overview.md)</li><li>[Classic experience](../operate/windows-autopatch-windows-quality-update-overview.md) |
|
||||
| Windows feature update | Windows Autopatch uses four deployment rings to manage Windows feature updates. For more detailed information, see: <ul><li>[Windows Autopatch groups experience](windows-autopatch-groups-windows-feature-update-overview.md)</li><li>[Classic experience](windows-autopatch-windows-feature-update-overview.md)</li></ul> |
|
||||
| Anti-virus definition | Updated with each scan. |
|
||||
| Microsoft 365 Apps for enterprise | For more information, see [Microsoft 365 Apps for enterprise](windows-autopatch-microsoft-365-apps-enterprise.md). This software update workload uses the classic experience. |
|
||||
| Microsoft Edge | For more information, see [Microsoft Edge](../operate/windows-autopatch-edge.md). This software update workload uses the classic experience. |
|
||||
| Microsoft Teams | For more information, see [Microsoft Teams](../operate/windows-autopatch-teams.md). This software update workload uses the classic experience. |
|
||||
|
||||
## Autopatch groups
|
||||
|
||||
Autopatch groups help Microsoft Cloud-Managed services meet all organizations where they are at in their update management journey.
|
||||
|
||||
Autopatch groups is a logical container that groups several [Azure AD groups](/azure/active-directory/fundamentals/active-directory-groups-view-azure-portal), and software update policies, such as Windows Update rings and feature update policies, together.
|
||||
|
||||
For more information on key benefits and how to use Autopatch groups, see [Autopatch groups overview](../deploy/windows-autopatch-groups-overview.md).
|
||||
|
||||
## Windows quality updates
|
||||
|
||||
Windows Autopatch deploys the [Monthly security update releases](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385) that are released on the second Tuesday of each month.
|
||||
|
||||
To release updates to devices in a gradual manner, Windows Autopatch deploys a set of mobile device management (MDM) policies to each update deployment ring to control the rollout. For more information, see [Windows quality updates overview](../operate/windows-autopatch-groups-windows-quality-update-overview.md).
|
||||
|
||||
## Windows feature updates
|
||||
|
||||
You’re in control of telling Windows Autopatch when your organization is ready to move to the next Windows OS version.
|
||||
|
||||
The Window feature update release management experience makes it easier and less expensive for you to keep your Windows devices up to date. You can focus on running your core businesses while Windows Autopatch runs update management on your behalf.
|
||||
|
||||
For more information, see [Windows feature updates overview](../operate/windows-autopatch-groups-windows-feature-update-overview.md).
|
||||
|
||||
## Reports
|
||||
|
||||
Using [Windows quality and feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md), you can monitor and remediate Windows Autopatch managed devices that are Not up to Date and resolve any device alerts to bring Windows Autopatch managed devices back into compliance.
|
||||
|
||||
## Policy health and remediation
|
||||
|
||||
Windows Autopatch deploys Intune policies for Windows quality and feature update management. Windows Update policies must remain healthy for devices to receive Windows updates and stay up to date. We continuously monitor the health of the policies and raise alerts and provide remediation actions. For more information, see [Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md) and [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md).
|
||||
@ -0,0 +1,160 @@
|
||||
---
|
||||
title: Windows feature updates overview with Autopatch groups
|
||||
description: This article explains how Windows feature updates are managed with Autopatch groups
|
||||
ms.date: 05/01/2023
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
ms.author: tiaraquan
|
||||
manager: dougeby
|
||||
ms.reviewer: andredm7
|
||||
---
|
||||
|
||||
# Windows feature updates overview: Autopatch groups experience (public preview)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
|
||||
|
||||
Microsoft provides robust mobile device management (MDM) solutions such as Microsoft Intune, Windows Update for Business, Configuration Manager etc. However, the administration of these solutions to keep Windows devices up to date with the latest Windows feature releases rests on your organization’s IT admins. The Windows feature update process is considered one of the most expensive and time consuming tasks for IT since it requires incremental rollout and validation.
|
||||
|
||||
Windows feature updates consist of:
|
||||
|
||||
- Keeping Windows devices protected against behavioral issues.
|
||||
- Providing new features to boost end-user productivity.
|
||||
|
||||
Windows Autopatch makes it easier and less expensive for you to keep your Windows devices up to date. You can focus on running your core businesses while Windows Autopatch runs update management on your behalf.
|
||||
|
||||
## Service level objective
|
||||
|
||||
Windows Autopatch’s service level objective for Windows feature updates aims to keep **95%** of eligible devices on the targeted Windows OS version [currently serviced](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2) for its default and global releases maintained by the service, and custom releases created and managed by you.
|
||||
|
||||
## Device eligibility criteria
|
||||
|
||||
Windows Autopatch’s device eligibility criteria for Windows feature updates aligns with [Windows Update for Business and Microsoft Intune’s device eligibility criteria](/mem/intune/protect/windows-10-feature-updates#prerequisites).
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use [LTSC media](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) or the [Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager) for Windows devices that are part of the LTSC.
|
||||
|
||||
## Key benefits
|
||||
|
||||
- A release is made of one or more deployment phases and contains the required OS version to be gradually rolled out throughout its deployment phases.
|
||||
- A phase (deployment phase) is made of one or more Autopatch group deployment rings. A phase:
|
||||
- Works as an additional layer of deployment cadence settings that can be defined by IT admins (only for Windows feature updates) on top of Autopatch group deployment rings (Windows update rings policies).
|
||||
- Deploys Windows feature updates across one or more Autopatch groups.
|
||||
- There are three types of releases:
|
||||
- Default
|
||||
- Global
|
||||
- Custom
|
||||
|
||||
### Default release
|
||||
|
||||
Windows Autopatch’s default Windows feature update release is a service-driven release that enforces the minimum Windows OS version currently serviced by the Windows servicing channels for the deployment rings in the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group).
|
||||
|
||||
> [!TIP]
|
||||
> Windows Autopatch allows you to [create custom Windows feature update releases](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md#create-a-custom-release).
|
||||
|
||||
When devices are registered by manually adding them to the Windows Autopatch Device Registration Azure AD assigned group, devices are assigned to deployment rings as part of the default Autopatch group. Each deployment ring has its own Windows feature update policy assigned to them. This is intended to minimize unexpected Windows OS upgrades once new devices register with the service.
|
||||
|
||||
The policies:
|
||||
|
||||
- Contain the minimum Windows 10 version currently serviced by the [Windows servicing channels](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2). The current minimum Windows OS version is **Windows 10 21H2**.
|
||||
- Set a bare minimum Windows OS version required by the service once devices are registered with the service.
|
||||
|
||||
If the device is registered with Windows Autopatch, and the device is:
|
||||
|
||||
- Below the service's currently targeted Windows feature update, that device will be automatically upgraded to the service's target version when the device meets the [device eligibility criteria](#device-eligibility-criteria).
|
||||
- On, or above the currently targeted Windows feature update version, there won't be any Windows OS upgrades available to that device.
|
||||
|
||||
#### Policy configuration for the default release
|
||||
|
||||
If your tenant is enrolled with Windows Autopatch, you can see the following default policies created by the service in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431):
|
||||
|
||||
| Policy name | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
|
||||
| ----- | ----- | ----- | ----- | ----- | ----- | ----- |
|
||||
| Windows Autopatch – DSS Policy [Test] | Windows 10 21H2 | Make update available as soon as possible | May 9, 2023 | N/A | N/A | June 10, 2024 |
|
||||
| Windows Autopatch – DSS Policy [Ring1] | Windows 10 21H2 | Make update available as soon as possible | May 16, 2023 | N/A | N/A | June 10, 2024 |
|
||||
| Windows Autopatch – DSS Policy [Ring2] | Windows 10 21H2 | Make update available as soon as possible | May 23, 2023 | N/A | N/A | June 10, 2024 |
|
||||
| Windows Autopatch – DSS Policy [Ring3] | Windows 10 21H2 | Make update available as soon as possible | May 30, 2023 | N/A | N/A | June 10, 2024 |
|
||||
|
||||
> [!NOTE]
|
||||
> Gradual rollout settings aren't configured in the default Windows Update feature policy. If the date of the final group availability is changed to a past date, all remaining devices are offered the update as soon as possible. For more information, see [rollout options for Windows Updates in Microsoft Intune](/mem/intune/protect/windows-update-rollout-options#make-updates-available-gradually).
|
||||
|
||||
### Global release
|
||||
|
||||
Windows Autopatch’s global Windows feature update release is a service-driven release. Like the [default release](#default-release), the Global release enforces the [minimum Windows OS version currently serviced by the Windows servicing channels](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2).
|
||||
|
||||
There are two scenarios that the Global release is used:
|
||||
|
||||
| Scenario | Description |
|
||||
| ----- | ----- |
|
||||
| Scenario #1 | You assign Azure AD groups to be used with the deployment ring (Last) or you add additional deployment rings when you customize the [Default Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group).<p>A global Windows feature update policy is automatically assigned behind the scenes to the newly added deployment rings or when you assigned Azure AD groups to the deployment ring (Last) in the Default Autopatch group.</p> |
|
||||
| Scenario #2 | You create new [Custom Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group).<p>The global Windows feature policy is automatically assigned behind the scenes to all deployment rings as part of the Custom Autopatch groups you create.</p> |
|
||||
|
||||
#### Policy configuration values
|
||||
|
||||
See the following table on how Windows Autopatch configures the values for its global Windows feature update policy. If your tenant is enrolled with Windows Autopatch, you can see the following default policies created by the service in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431):
|
||||
|
||||
| Policy name | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
|
||||
| ----- | ----- | ----- | ----- | ----- | ----- | ----- |
|
||||
| Windows Autopatch – Global DSS Policy [Test] | Windows 10 21H2 | Make update available as soon as possible | N/A | N/A | N/A | June 10, 2024 |
|
||||
|
||||
> [!NOTE]
|
||||
> Gradual rollout settings aren't configured in the default Windows Update feature policy. If the date of the final group availability is changed to be a past date, all remaining devices are offered the update as soon as possible. For more information, see [rollout options for Windows Updates in Microsoft Intune](/mem/intune/protect/windows-update-rollout-options#make-updates-available-gradually).
|
||||
|
||||
### Differences between the default and global Windows feature update policies
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Once you create a custom Windows feature update release, both the global and the default Windows feature update policies are unassigned from Autopatch group’s deployment rings behind the scenes.
|
||||
|
||||
The differences in between the global and the default Windows feature update policy values are:
|
||||
|
||||
| Default Windows feature update policy | Global Windows feature update policy |
|
||||
| ----- | ----- |
|
||||
| <ul><li>Set by default with the Default Autopatch group and assigned to Test, Ring1, Ring2, Ring3. The default policy isn't automatically assigned to the Last ring in the Default Autopatch group.</li><li>The Windows Autopatch service keeps its minimum Windows OS version updated following the recommendation of minimum Windows OS version [currently serviced by the Windows servicing channels](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2).</li></ul> | <ul><li>Set by default and assigned to all new deployment rings added as part of the Default Autopatch group customization.</li><li>Set by default and assigned to all deployment rings created as part of Custom Autopatch groups.</li></ul>
|
||||
|
||||
### Custom release
|
||||
|
||||
A custom release is the release that you create to tell Windows Autopatch how you want the service to manage Windows OS upgrades on your behalf.
|
||||
|
||||
Custom releases gives you flexibility to do Windows OS upgrades on your pace, but still relying on Windows Autopatch to give you insights of how your OS upgrades are going and additional deployment controls through the Windows feature updates release management experience.
|
||||
|
||||
When a custom release is created and assigned to Autopatch groups, either the default or global releases are unassigned to avoid feature update policy for Windows 10 and later conflicts.
|
||||
|
||||
For more information on how to create a custom release, see [Manage Windows feature update release](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md#create-a-custom-release).
|
||||
|
||||
### About Windows Update rings policies
|
||||
|
||||
Feature update policies work with Windows Update rings policies. Windows Update rings policies are created for each deployment ring for the [Default or a Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md#key-concepts) based on the deployment settings you define. The policy name convention is `Windows Autopatch Update Policy – <Autopatch group name> – <Deployment group name>`.
|
||||
|
||||
The following table details the default Windows Update rings policy values that affect either the default or custom Windows feature updates releases:
|
||||
|
||||
| Policy name | Azure AD group assignment | Quality updates deferral in days | Feature updates deferral in days | Feature updates uninstall window in days | Deadline for quality updates in days | Deadline for feature updates in days | Grace period | Auto restart before deadline |
|
||||
| ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
|
||||
| Windows Autopatch Update Policy - default - Test | Windows Autopatch - Test | 0 | 0 | 30 | 0 | 5 | 0 | Yes |
|
||||
| Windows Autopatch Update Policy - default - Ring1 | Windows Autopatch - Ring1 | 1 | 0 | 30 | 2 | 5 |2 | Yes |
|
||||
| Windows Autopatch Update Policy - default - Ring2 | Windows Autopatch - Ring2 | 6 | 0 | 30 | 2 | 5 | 2 | Yes |
|
||||
| Windows Autopatch Update Policy - default - Ring3 | Windows Autopatch - Ring3 | 9 | 0 | 30 | 5 | 5 | 2 | Yes |
|
||||
| Windows Autopatch Update Policy - default - Last | Windows Autopatch - Last | 11 | 0 | 30 | 3 | 5 | 2 | Yes |
|
||||
|
||||
> [!IMPORTANT]
|
||||
> When you create a custom Windows feature update release, new Windows feature update policies are:<ul><li>Created corresponding to the settings you defined while creating the release.</li><li>Assigned to the Autopatch group’s deployment rings you select to be included in the release.</li></ul>
|
||||
|
||||
## Common ways to manage releases
|
||||
|
||||
### Use case #1
|
||||
|
||||
| Scenario | Solution |
|
||||
| ----- | ----- |
|
||||
| You’re working as the IT admin at Contoso Ltd., and you need to gradually rollout of Windows 11’s latest version to several business units across your organization. | Custom Windows feature update releases deliver OS upgrades horizontally, through phases, to one or more Autopatch groups.<br>Phases:<ul><li>Set your organization’s deployment cadence.</li><li>Work like deployment rings on top of Autopatch group’s deployment rings. Phases group one or more deployment rings across one or more Autopatch groups.</li></ul><br>See the following visual for a representation of Phases with custom releases. |
|
||||
|
||||
:::image type="content" source="../media/autopatch-groups-manage-feature-release-case-1.png" alt-text="Manage Windows feature update release use case one" lightbox="../media/autopatch-groups-manage-feature-release-case-1.png":::
|
||||
|
||||
### Use case #2
|
||||
|
||||
| Scenario | Solution |
|
||||
| ----- | ----- |
|
||||
| You’re working as the IT admin at Contoso Ltd. and your organization isn’t ready to upgrade its devices to either Windows 11 or the newest Windows 10 OS versions due to conflicting project priorities within your organization.<p>However, you want to keep Windows Autopatch managed devices supported and receiving monthly updates that are critical to security and the health of the Windows ecosystem.</p> | Default Windows feature update releases deliver the minimum Windows OS upgrade vertically to each Windows Autopatch group (either [Default](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) or [Custom](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)). The Default Windows Autopatch group is pre-configured with the [default Windows feature update release](#default-release) and no additional configuration is required from IT admins as Autopatch manages the default release on your behalf.<p>If you decide to edit the default Windows Autopatch group to add additional deployment rings, these rings receive a [global Windows feature update policy](#global-release) set to offer the minimum Windows OS version [currently serviced](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2) to devices. Every custom Autopatch group you create gets a [global Windows feature update policy](#global-release) that enforces the minimum Windows OS version [currently serviced](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2).</p><p>See the following visual for a representation of default releases.</p>|
|
||||
|
||||
:::image type="content" source="../media/autopatch-groups-manage-feature-release-case-2.png" alt-text="Manage Windows feature update release use case two" lightbox="../media/autopatch-groups-manage-feature-release-case-2.png":::
|
||||
@ -0,0 +1,76 @@
|
||||
---
|
||||
title: Feature update status report
|
||||
description: Provides a per device view of the current Windows OS upgrade status for all devices registered with Windows Autopatch.
|
||||
ms.date: 05/01/2023
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
ms.author: tiaraquan
|
||||
manager: dougeby
|
||||
ms.reviewer: andredm7
|
||||
---
|
||||
|
||||
# Feature update status report (public preview)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
|
||||
|
||||
The Feature update status report provides a per device view of the current Windows OS upgrade status for all devices registered with Windows Autopatch.
|
||||
|
||||
**To view the Feature update status report:**
|
||||
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Navigate to **Reports** > **Windows Autopatch** > **Windows feature updates (preview)**.
|
||||
1. Select the **Reports** tab.
|
||||
1. Select **Feature update status**.
|
||||
|
||||
## Report information
|
||||
|
||||
### Default columns
|
||||
|
||||
The following information is available as default columns in the Feature update status report:
|
||||
|
||||
| Column name | Description |
|
||||
| ----- | ----- |
|
||||
| Device name | The name of the device. |
|
||||
| Deployment ring | The currently assigned Windows Autopatch deployment ring for the device. |
|
||||
| Update status | The current update status for the device. For more information, see [Windows feature update statuses](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-quality-and-feature-update-statuses). |
|
||||
| Pause status | The current pause status whether Customer or Service initiated. For more information, see [Pause and resume a release](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md#pause-and-resume-a-release). |
|
||||
| Current version | The current version or build number of the device. For more information, see [Windows Versions](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2). |
|
||||
| Readiness | The device readiness evaluation status. For more information, see [Post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md). |
|
||||
| Alerts | The summary of any alerts affecting the device. For more information, see [Device alerts](../operate/windows-autopatch-device-alerts.md). |
|
||||
|
||||
### Optional columns
|
||||
|
||||
The following information is available as optional columns in the Feature update status report:
|
||||
|
||||
| Column name | Description |
|
||||
| ----- | ----- |
|
||||
| Azure Active Directory (AD) device ID | The current Azure AD recorded device ID for the device |
|
||||
| Serial number | The current Intune recorded serial number for the device |
|
||||
| Intune last check in time | The last time the device checked in to Intune |
|
||||
| Service State | The Service State provided from Windows Update |
|
||||
| Service Substate | The Service Substate provided from Windows Update |
|
||||
| Client State | The Client State provided from Windows Update |
|
||||
| Client Substate | The Client Substate provided from Windows Update |
|
||||
| Servicing Channel | The Servicing Channel provided from Windows Update |
|
||||
| User Last Logged On | The last user who logged on as reported from Intune |
|
||||
| Primary User UPN | The Primary User UPN as reported from Intune |
|
||||
| Hex Error Code | The hex error provided from Windows Update |
|
||||
|
||||
> [!NOTE]
|
||||
> The Service State, Service Substate, Client State, Client Substate, Servicing Channel, and Hex Error Code columns may not display any values. These columns are supplemental and might not display for all devices
|
||||
|
||||
## Report options
|
||||
|
||||
The following options are available:
|
||||
|
||||
| Option | Description |
|
||||
| ----- | ----- |
|
||||
| Search | Use to search by device name, Azure AD device ID or serial number |
|
||||
| Sort | Select the **column headings** to sort the report data in ascending and descending order. |
|
||||
| Export | Select **Export devices** at the top of the page to export data from this report into a CSV file. |
|
||||
| Filter | Select either the **Add filters** or at the top of the report to filter the results. |
|
||||
| Columns | Select a column to add or remove the column from the report. |
|
||||
@ -0,0 +1,52 @@
|
||||
---
|
||||
title: Windows feature update summary dashboard
|
||||
description: Provides a broader view of the current Windows OS upgrade status for all devices registered with Windows Autopatch.
|
||||
ms.date: 05/01/2023
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
ms.author: tiaraquan
|
||||
manager: dougeby
|
||||
ms.reviewer: andredm7
|
||||
---
|
||||
|
||||
# Windows feature update summary dashboard (public preview)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
|
||||
|
||||
The summary dashboard provides a broader view of the current Windows OS update status for all devices registered with Windows Autopatch.
|
||||
|
||||
The first part of the summary dashboard provides you with an all-devices trend report where you can follow the deployment trends within your organization. You can view if updates were successfully installed, failing, in progress, not ready or have their Windows feature update paused.
|
||||
|
||||
**To view a generated summary dashboard for your Windows feature update deployments:**
|
||||
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Reports** from the left navigation menu.
|
||||
1. Under the **Windows Autopatch** section, select **Windows feature updates (preview)**.
|
||||
|
||||
## Report information
|
||||
|
||||
The following information is available in the summary dashboard:
|
||||
|
||||
| Column name | Description |
|
||||
| ----- | ----- |
|
||||
| Release | The release name and its phases. For more information, see [Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md). |
|
||||
| Version to deploy | The version being deployed to the device based on which Windows feature update release the device is assigned. |
|
||||
| Device count | Total device count per Autopatch group or deployment ring. |
|
||||
| Up to date | Total device count reporting a status of Up to date. For more information, see [Up to Date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices). |
|
||||
| Not up to Date | Total device count reporting a status of Not Up to date. For more information, see [Not Up to Date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices). |
|
||||
| In progress | Total device counts reporting the In progress status. For more information, see [In progress](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-sub-statuses). |
|
||||
| Paused | Total device count reporting the status of the pause whether it’s Service or Customer initiated. For more information, see [Up to Date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices). |
|
||||
| Not ready | Total device count reporting the Not ready status. For more information, see [Not ready](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices). |
|
||||
|
||||
## Report options
|
||||
|
||||
The following options are available:
|
||||
|
||||
| Option | Description |
|
||||
| ----- | ----- |
|
||||
| Refresh | The option to **Refresh** the summary dashboard is available at the top of the page. This process will ensure that the summary dashboard view is updated to the latest available dataset from within the last 24-hour period. |
|
||||
| Summary links | Each column represents the summary of included devices. Select the hyperlinked number to produce a filtered report in a new browser tab. |
|
||||
@ -0,0 +1,42 @@
|
||||
---
|
||||
title: Feature update trending report
|
||||
description: Provides a visual representation of Windows OS upgrade trends for all devices over the last 90 days.
|
||||
ms.date: 05/01/2023
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
ms.author: tiaraquan
|
||||
manager: dougeby
|
||||
ms.reviewer: andredm7
|
||||
---
|
||||
|
||||
# Feature update trending report (public preview)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
|
||||
|
||||
Windows Autopatch provides a visual representation of Windows OS upgrade trends for all devices over the last 90 days.
|
||||
|
||||
**To view the Feature update trending report:**
|
||||
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Navigate to **Reports** > **Windows Autopatch** > **Windows feature updates (public preview)**.
|
||||
1. Select the **Reports** tab.
|
||||
1. Select **Feature update trending**.
|
||||
|
||||
> [!NOTE]
|
||||
> This report provides a time stamp of when the report trend was last generated and can be seen at the top of the page.
|
||||
|
||||
## Report options
|
||||
|
||||
The following options are available:
|
||||
|
||||
| Option | Description |
|
||||
| ----- | ----- |
|
||||
| Filter | Select either the **Update status** or **Deployment rings** filters at the top of the report to filter the results. Then, select **Generate trend**. |
|
||||
| By percentage | Select **by percentage** to show your trending graphs and indicators by percentage. |
|
||||
| By device count | Select **by device count** to show your trending graphs and indicators by numeric value. |
|
||||
|
||||
For a description of the displayed device status trends, see [Windows feature update statuses](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-quality-and-feature-update-statuses).
|
||||
@ -0,0 +1,109 @@
|
||||
---
|
||||
title: Windows quality and feature update reports overview with Windows Autopatch Groups experience
|
||||
description: This article details the types of reports available and info about update device eligibility, device update health, device update trends in Windows Autopatch groups
|
||||
ms.date: 05/01/2023
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
ms.author: tiaraquan
|
||||
manager: dougeby
|
||||
ms.reviewer: adnich
|
||||
---
|
||||
|
||||
# Windows quality and feature update reports overview: Windows Autopatch groups experience (public preview)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
|
||||
|
||||
## Windows quality reports
|
||||
|
||||
The Windows quality reports provide you with information about:
|
||||
|
||||
Quality update device readiness
|
||||
Device update health
|
||||
Device update alerts
|
||||
Together, these reports provide insight into the quality update state and compliance of Windows devices that are enrolled into Windows Autopatch.
|
||||
|
||||
The Windows quality report types are organized into the following focus areas:
|
||||
|
||||
| Focus area | Description |
|
||||
| ----- | ----- |
|
||||
| Organizational | The [Summary dashboard](../operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md) provide the current update status summary for all devices.<p>The [Quality update status report](../operate/windows-autopatch-groups-windows-quality-update-status-report.md) provides the current update status of all devices at the device level. |
|
||||
| Device trends | The [Quality update trending report](../operate/windows-autopatch-groups-windows-quality-update-trending-report.md) provides the update status trend of all devices over the last 90 days. |
|
||||
|
||||
## Windows feature update reports
|
||||
|
||||
The Windows feature update reports monitor the health and activity of your deployments and help you understand if your devices are maintaining update compliance targets.
|
||||
|
||||
If update deployments aren’t successful, Windows Autopatch provides information on update deployment failures and who needs to remediate. Certain update deployment failures might require either Windows Autopatch to act on your behalf or you to fix the issue.
|
||||
|
||||
The Windows feature update report types are organized into the following focus areas:
|
||||
|
||||
| Focus area | Description |
|
||||
| ----- | ----- |
|
||||
| Organizational | The [Summary dashboard](../operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md) provides a broader view of the current Windows OS upgrade status for all devices registered with Windows Autopatch. |
|
||||
| Operational | The [Feature update status report](../operate/windows-autopatch-groups-windows-feature-update-status-report.md) provides a per device view of the current Windows OS update status for all devices registered with Windows Autopatch. |
|
||||
| Device trends | The [Quality update trending report](../operate/windows-autopatch-groups-windows-feature-update-trending-report.md) provides a visual representation of Windows OS upgrade trends for all devices over the last 90 days. |
|
||||
|
||||
## Who can access the reports?
|
||||
|
||||
Users with the following permissions can access the reports:
|
||||
|
||||
- Global Administrator
|
||||
- Intune Service Administrator
|
||||
- Global Reader
|
||||
- Services Support Administrator
|
||||
|
||||
## About data latency
|
||||
|
||||
The data source for these reports is Windows [diagnostic data](../overview/windows-autopatch-privacy.md#microsoft-windows-1011-diagnostic-data). The data typically uploads from enrolled devices once per day. Then, the data is processed in batches before being made available in Windows Autopatch. The maximum end-to-end latency is approximately 48 hours.
|
||||
|
||||
## Windows quality and feature update statuses
|
||||
|
||||
The following statuses are used throughout the Windows Autopatch reporting suite to describe the quality update status for devices:
|
||||
|
||||
- [Up to Date devices](#up-to-date-devices)
|
||||
- [Not up to Date devices](#not-up-to-date-devices)
|
||||
- [Not Ready devices](#not-ready-devices)
|
||||
|
||||
Each status has its own set of sub statuses to further describe the status.
|
||||
|
||||
### Up to Date devices
|
||||
|
||||
Up to date devices are devices that meet all of the following prerequisites:
|
||||
|
||||
- [Prerequisites](../prepare/windows-autopatch-prerequisites.md)
|
||||
- [Prerequisites for device registration](../deploy/windows-autopatch-register-devices.md#prerequisites-for-device-registration)
|
||||
- [Windows quality and feature update device readiness](../deploy/windows-autopatch-post-reg-readiness-checks.md)
|
||||
- [Post-device readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md)
|
||||
- Have applied the current monthly cumulative updates
|
||||
|
||||
> [!NOTE]
|
||||
> [Up to Date devices](#up-to-date-devices) will remain with the **In Progress** status for the 21-day service level objective period until the device either applies the current monthly cumulative update or receives an [alert](../operate/windows-autopatch-device-alerts.md). If the device receives an alert, the device’s status will change to [Not up to Date](#not-up-to-date-devices).
|
||||
|
||||
#### Up to Date sub statuses
|
||||
|
||||
| Sub status | Description |
|
||||
| ----- | ----- |
|
||||
| In Progress | Devices are currently installing the latest [quality update](../operate/windows-autopatch-groups-windows-quality-update-overview.md#release-schedule) or [feature update](../operate/windows-autopatch-groups-windows-feature-update-overview.md#default-release) deployed through the Windows Autopatch release schedule. |
|
||||
| Paused | Devices that are currently paused due to a Windows Autopatch or customer-initiated Release management pause. For more information, see pausing and resuming a [Windows quality update](../operate/windows-autopatch-groups-windows-quality-update-overview.md#pause-and-resume-a-release) or [Windows feature update](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md#pause-and-resume-a-release). |
|
||||
|
||||
### Not up to Date devices
|
||||
|
||||
Not Up to Date means a device isn’t up to date when the:
|
||||
|
||||
- Quality or feature update is out of date, or the device is on the previous update.
|
||||
- Device is more than 21 days overdue from the last release.
|
||||
- Device has an [alert](../operate/windows-autopatch-device-alerts.md) resulting in an error and action must be taken.
|
||||
|
||||
### Not Ready devices
|
||||
|
||||
Not Ready refers to the responsibility of the designated IT administrator to carry out the appropriate action to resolve the reported device sub status.
|
||||
|
||||
Within each 24-hour reporting period, devices that are Not Ready are reevaluated using the [Autopatch post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md).
|
||||
|
||||
## Data export
|
||||
|
||||
Select **Export devices** to export data for each report type. Only selected columns will be exported.
|
||||
@ -0,0 +1,69 @@
|
||||
---
|
||||
title: Windows quality update communications for Autopatch groups
|
||||
description: This article explains Windows quality update communications for Autopatch groups
|
||||
ms.date: 05/01/2023
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
ms.author: tiaraquan
|
||||
manager: dougeby
|
||||
ms.reviewer: hathind
|
||||
---
|
||||
|
||||
# Windows quality update communications: Windows Autopatch groups experience (public preview)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
|
||||
|
||||
|
||||
There are three categories of communication that are sent out during a Windows quality and feature update:
|
||||
|
||||
- [Standard communications](#standard-communications)
|
||||
- [Communications during release](#communications-during-release)
|
||||
- [Incident communications](#incident-communications)
|
||||
|
||||
Communications are posted to, as appropriate for the type of communication, to the:
|
||||
|
||||
- Message center
|
||||
- Service health dashboard
|
||||
- Windows Autopatch messages section of the Microsoft Intune admin center
|
||||
|
||||
:::image type="content" source="../media/update-communications.png" alt-text="Update communications timeline" lightbox="../media/update-communications.png":::
|
||||
|
||||
## Standard communications
|
||||
|
||||
| Communication | Location | Timing | Description |
|
||||
| ----- | ----- | ----- | ----- |
|
||||
| Release schedule | <ul><li>Messages blade</li><li>Email sent to your specified [admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><ul> | At least seven days prior to the second Tuesday of the month| Notification of the planned release window for each ring. |
|
||||
| Release start | Same as release schedule | The second Tuesday of every month. | Notification that the update is now being released into your environment. |
|
||||
| Release summary | Same as release schedule | The fourth Tuesday of every month. | Informs you of the percentage of eligible devices that were patched during the release. |
|
||||
|
||||
### Opt out of receiving emails for standard communications
|
||||
|
||||
> [!IMPORTANT]
|
||||
> This feature is in **public preview**. This feature is being actively developed and may not be complete. You can test and use these features in production environments and provide feedback.
|
||||
|
||||
If you don't want to receive standard communications for Windows Updates releases via email, you can choose to opt out.
|
||||
|
||||
**To opt out of receiving emails for standard communications:**
|
||||
|
||||
1. Go to the **[Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)**.
|
||||
2. Go to **Windows Autopatch** > **Tenant administration** > select **Admin contacts**.
|
||||
3. Select the admin contact you want to opt out for.
|
||||
4. Select **Edit Contact**.
|
||||
5. Clear the **Send me emails for Windows update releases and status** checkbox in the fly-in pane.
|
||||
6. Select **Save** to apply the changes.
|
||||
|
||||
## Communications during release
|
||||
|
||||
The most common type of communication during a release is a customer advisory. Customer advisories are posted to both Message center and the Messages blade of the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) shortly after Autopatch becomes aware of the new information.
|
||||
|
||||
There are some circumstances where Autopatch will need to change the release schedule based on new information.
|
||||
|
||||
For example, new threat intelligence may require us to expedite a release, or we may pause due to user experience concerns. If the schedule of a quality update is changed, paused, resumed, or expedited, we'll inform you as quickly as possible so that you can adapt to the new information.
|
||||
|
||||
## Incident communications
|
||||
|
||||
Despite the best intentions, every service should plan for failure and success. When there's an incident, timely and transparent communication is key to building and maintaining your trust. If insufficient numbers of devices have been updated to meet the service level objective, devices will experience an interruption to productivity, and an incident will be raised. Microsoft will update the status of the incident at least once every 24 hours.
|
||||
@ -0,0 +1,69 @@
|
||||
---
|
||||
title: Windows quality update end user experience for Autopatch groups
|
||||
description: This article explains the Windows quality update end user experience using the Autopatch groups exp
|
||||
ms.date: 05/01/2023
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
ms.author: tiaraquan
|
||||
manager: dougeby
|
||||
ms.reviewer: adnich
|
||||
---
|
||||
|
||||
# Windows quality update end user experience: Windows Autopatch groups experience (public preview)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
|
||||
|
||||
## User notifications
|
||||
|
||||
In this section we'll review what an end user would see in the following three scenarios:
|
||||
|
||||
1. Typical update experience
|
||||
2. Quality update deadline forces an update
|
||||
3. Quality update grace period
|
||||
|
||||
> [!NOTE]
|
||||
> The "It's almost time to restart" and "Your organization requires your device to restart" notifications won't disappear until the user interacts with the notification.
|
||||
|
||||
### Typical update experience
|
||||
|
||||
The Windows quality update is published and devices in the Broad ring have a deferral period of nine days. Devices will wait nine days before downloading the latest quality update.
|
||||
|
||||
Once the deferral period has passed, the device will download the update and notify the end user that updates are ready to install. The end user can either:
|
||||
|
||||
- Restart immediately to install the updates
|
||||
- Schedule the installation, or
|
||||
- Snooze the device will attempt to install outside of [active hours](/windows/client-management/mdm/policy-csp-update#activehoursstart).
|
||||
|
||||
In the following example, the user schedules the restart and is notified 15 minutes prior to the scheduled restart time. The user can reschedule, if necessary, but isn't able to reschedule past the deadline.
|
||||
|
||||
:::image type="content" source="../media/windows-quality-typical-update-experience.png" alt-text="Typical windows quality update experience" lightbox="../media/windows-quality-typical-update-experience.png":::
|
||||
|
||||
### Quality update deadline forces an update
|
||||
|
||||
In the following example, the user:
|
||||
|
||||
- Ignores the notification and selects snooze.
|
||||
- Further notifications are received, which the user ignores.
|
||||
- The device is unable to install the updates outside of active hours.
|
||||
|
||||
The deadline specified in the update policy is five days. Therefore, once this deadline is passed, the device will ignore the [active hours](/windows/client-management/mdm/policy-csp-update#activehoursstart) and force a restart to complete the update installation. The user will receive a 15-minute warning, after which, the device will install the update and restart.
|
||||
|
||||
:::image type="content" source="../media/windows-quality-force-update.png" alt-text="Force Windows quality update" lightbox="../media/windows-quality-force-update.png":::
|
||||
|
||||
### Quality update grace period
|
||||
|
||||
In the following example, the user is on holiday and the device is offline beyond the quality update deadline. The user then returns to work and the device is turned back on.
|
||||
|
||||
Since the deadline has already passed, the device is granted a two-day grace period to install the update and restart. The user will be notified of a pending installation and given options to choose from. Once the two-day grace period has expired, the user is forced to restart with a 15-minute warning notification.
|
||||
|
||||
:::image type="content" source="../media/windows-quality-update-grace-period.png" alt-text="Windows quality update grace period" lightbox="../media/windows-quality-update-grace-period.png":::
|
||||
|
||||
## Minimize user disruption due to updates
|
||||
|
||||
Windows Autopatch understands the importance of not disrupting end users but also updating the devices quickly. To achieve this goal, updates are automatically downloaded and installed at an optimal time determined by the device. By default, [Active hours](/windows/client-management/mdm/policy-csp-update#activehoursstart) are configured dynamically based on device usage patterns. Device restarts occur outside of active hours until the deadline is reached.
|
||||
|
||||
Windows Autopatch understands the importance of not disrupting critical devices but also updating the devices quickly. If you wish to configure a specific installation time or [Active hours](/windows/client-management/mdm/policy-csp-update#activehoursstart), use the [Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md), and select the [**ScheduledInstall**](../operate/windows-autopatch-groups-windows-update.md#scheduled-install) option. Using this option removes the deadline enforced for a device restart. Devices with this configuration will also **not** be counted towards the [service level objective](../operate/windows-autopatch-groups-windows-quality-update-overview.md#service-level-objective).
|
||||
@ -0,0 +1,133 @@
|
||||
---
|
||||
title: Windows quality updates overview with Autopatch groups experience
|
||||
description: This article explains how Windows quality updates are managed with Autopatch groups
|
||||
ms.date: 05/01/2023
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
ms.author: tiaraquan
|
||||
manager: dougeby
|
||||
ms.reviewer: andredm7
|
||||
---
|
||||
|
||||
# Windows quality updates: Windows Autopatch groups experience (public preview)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
|
||||
|
||||
Windows Autopatch deploys the [Monthly security update releases](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385) that are released on the second Tuesday of each month.
|
||||
|
||||
To release updates to devices in a gradual manner, Windows Autopatch deploys a set of mobile device management (MDM) policies to each update deployment ring to control the rollout. There are three primary policies that are used to control Windows quality updates:
|
||||
|
||||
| Policy | Description |
|
||||
| ----- | ----- |
|
||||
| [Deferrals](/windows/client-management/mdm/policy-csp-update#update-deferqualityupdatesperiodindays) | Deferral policies delay the time the update is offered to the device by a specific number of days. The "offer" date for Windows quality updates is equal to the number of days specified in the deferral policy after the second Tuesday of each month. |
|
||||
| [Deadlines](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Before the deadline, restarts can be scheduled by users or automatically scheduled outside of active hours. After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule. The deadline for a specific device is set to be the specified number of days after the update is offered to the device. |
|
||||
| [Grace periods](/windows/client-management/mdm/policy-csp-update#update-configuredeadlinegraceperiod) | This policy specifies a minimum number of days after an update is downloaded until the device is automatically restarted. This policy overrides the deadline policy so that if a user comes back from vacation, it prevents the device from forcing a restart to complete the update as soon as it comes online. |
|
||||
|
||||
For devices in the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group), Windows Autopatch configures these policies differently across deployment rings to gradually release the update. Devices in the Test ring receive changes first and devices in the Last ring receive changes last. For more information about the Test and Last deployment rings, see [About the Test and Last deployment rings in Autopatch groups](../deploy/windows-autopatch-groups-overview.md#about-the-test-and-last-deployment-rings). With Windows Autopatch groups you can also customize the [Default Deployment Group’s deployment ring composition](../deploy/windows-autopatch-groups-overview.md#default-deployment-ring-composition) to add and/or remove deployment rings and can customize the update deployment cadences for each deployment ring. To learn more about customizing Windows Quality updates deployment cadence, see [Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md).
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Deploying deferral, deadline, or grace period policies which conflict with Autopatch's policies will cause a device to be considered ineligible for management, it will still receive policies from Windows Autopatch that are not in conflict, but may not function as designed. These devices will be marked as ineligible in our device reporting and will not count towards our [service level objective](#service-level-objective).
|
||||
|
||||
## Service level objective
|
||||
|
||||
Windows Autopatch aims to keep at least 95% of eligible devices on the latest Windows quality update 21 days after release. Note that devices that have cadence type set to Schedule install won't be eligible for Windows quality update SLO. For more information about the Schedule Install cadence type, see [Deployment cadence types](../operate/windows-autopatch-groups-windows-update.md#deployment-cadence).
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use [LTSC media](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) or the [Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager) for Windows devices that are part of the LTSC.
|
||||
|
||||
## Release management
|
||||
|
||||
> [!NOTE]
|
||||
> To access the Release management blade, you must have the correct [role-based access control](../deploy/windows-autopatch-register-devices.md#built-in-roles-required-for-device-registration).
|
||||
|
||||
In the Release management blade, you can:
|
||||
|
||||
- Track the [Windows quality update schedule](#release-schedule).
|
||||
- [Turn off expedited Windows quality updates](#turn-off-service-driven-expedited-quality-update-releases).
|
||||
- Review release announcements and knowledge based articles for regular and [Out of Band (OOB) Windows quality updates](#out-of-band-releases).
|
||||
|
||||
### Release schedule
|
||||
|
||||
For each [deployment ring](windows-autopatch-update-management.md#windows-autopatch-deployment-rings), the **Release schedule** tab contains:
|
||||
|
||||
- The status of the update. Releases will appear as **Active**. The update schedule is based on the values of the [Windows 10 Update Ring policies](/mem/intune/protect/windows-update-for-business-configure), which have been configured on your behalf.
|
||||
- The date the update is available.
|
||||
- The target completion date of the update.
|
||||
- In the **Release schedule** tab, you can either [**Pause** and/or **Resume**](#pause-and-resume-a-release) a Windows quality update release.
|
||||
|
||||
### Expedited releases
|
||||
|
||||
Threat and vulnerability information about a new revision of Windows becomes available on the second Tuesday of each month. Windows Autopatch assesses that information shortly afterwards. If the service determines that it's critical to security, it may be expedited. The quality update is also evaluated on an ongoing basis throughout the release and Windows Autopatch may choose to expedite at any time during the release.
|
||||
|
||||
When running an expedited release, the regular goal of 95% of devices in 21 days no longer applies. Instead, Windows Autopatch greatly accelerates the release schedule of the release to update the environment more quickly. This approach requires an updated schedule for all devices outside of the Test ring since those devices are already getting the update quickly.
|
||||
|
||||
| Release type | Group | Deferral | Deadline | Grace period |
|
||||
| ----- | ----- | ----- | ----- | ----- |
|
||||
| Expedited release | All devices | 0 | 1 | 1 |
|
||||
|
||||
#### Turn off service-driven expedited quality update releases
|
||||
|
||||
Windows Autopatch provides the option to turn off of service-driven expedited quality updates.
|
||||
|
||||
By default, the service expedites quality updates as needed. For those organizations seeking greater control, you can disable expedited quality updates for Windows Autopatch-enrolled devices using Microsoft Intune.
|
||||
|
||||
**To turn off service-driven expedited quality updates:**
|
||||
|
||||
1. Go to **[Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)** > **Devices**.
|
||||
2. Under **Windows Autopatch** > **Release management**, go to the **Release settings** tab and turn off the **Expedited quality updates** setting.
|
||||
|
||||
> [!NOTE]
|
||||
> Windows Autopatch doesn't allow customers to request expedited releases.
|
||||
|
||||
### Out of Band releases
|
||||
|
||||
Windows Autopatch schedules and deploys required Out of Band (OOB) updates released outside of the normal schedule.
|
||||
|
||||
For the deployment rings that have passed quality updates deferral date, the OOB release schedule will be expedited and deployed on the same day. For the deployment rings that have deferral upcoming, OOBs will be released as per the set deferral dates.
|
||||
|
||||
**To view deployed Out of Band quality updates:**
|
||||
|
||||
1. Go to [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Devices** > **Windows Autopatch** > **Release management**.
|
||||
2. Under the **Release Announcements** tab, you can view the knowledge base (KB) articles corresponding to deployed OOB and regular Windows quality updates. You can also view the schedules for OOB update releases in the Release Schedule tab.
|
||||
|
||||
> [!NOTE]
|
||||
> Announcements abd OOB update schedules will be **removed** from the Release announcements tab when the next quality update is released. Further, if quality updates are paused for a deployment ring, the OOB updates will also be paused.
|
||||
|
||||
### Pause and resume a release
|
||||
|
||||
> [!CAUTION]
|
||||
> You should only pause and resume [Windows quality](#pause-and-resume-a-release) and [Windows feature updates](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md#pause-and-resume-a-release) on Windows Autopatch managed devices using the Windows Autopatch Release management blade. Do **not** use the Microsoft Intune end-user experience flows to pause or resume Windows Autopatch managed devices.
|
||||
|
||||
The service-level pause is driven by the various software update deployment-related signals Windows Autopatch receives from Windows Update for Business, and several other product groups within Microsoft.
|
||||
|
||||
If Windows Autopatch detects a [significant issue with a release](../operate/windows-autopatch-groups-windows-quality-update-signals.md), we may decide to pause that release.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Pausing or resuming an update can take up to eight hours to be applied to devices. Windows Autopatch uses Microsoft Intune as its device management solution and that's the average frequency Windows devices take to communicate back to Microsoft Intune with new instructions to pause, resume or rollback updates.<p>For more information, see [how long does it take for devices to get a policy, profile, or app after they are assigned from Microsoft Intune](/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).</p>
|
||||
|
||||
**To pause or resume a Windows quality update:**
|
||||
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Devices** from the left navigation menu.
|
||||
1. Under the **Windows Autopatch** section, select **Release management**.
|
||||
1. In the **Release management** blade, got to the **Release schedule** tab and select **Windows quality updates**.
|
||||
1. Select the Autopatch group that you want to pause or resume. Select either: **Pause** or **Resume**. Alternatively, you can select the **horizontal ellipses (...)** of the Autopatch group you want to pause or resume. Select, **Pause** or **Resume** from the dropdown menu.
|
||||
1. Select a reason from the dropdown menu.
|
||||
1. Optional. Enter details about why you're pausing or resuming the selected update.
|
||||
1. If you're resuming an update, you can select one or more deployment rings.
|
||||
1. Select **Okay**.
|
||||
|
||||
The three following statuses are associated with paused quality updates:
|
||||
|
||||
| Status | Description |
|
||||
| ----- | ------ |
|
||||
| Paused by Service | If the Windows Autopatch service has paused an update, the release will have the **Paused by Service** status. The Paused by Service only applies to rings that aren't Paused by the Tenant. |
|
||||
| Paused by Tenant | If you've paused an update, the release will have the **Paused by Tenant** status. The Windows Autopatch service can't overwrite a tenant pause. You must select **Resume** to resume the update. |
|
||||
|
||||
## Remediating Not ready and/or Not up to Date devices
|
||||
|
||||
To ensure your devices receive Windows quality updates, Windows Autopatch provides information on how you can [remediate Windows Autopatch device alerts](../operate/windows-autopatch-device-alerts.md).
|
||||
@ -0,0 +1,62 @@
|
||||
---
|
||||
title: Windows quality update release signals with Autopatch groups
|
||||
description: This article explains the Windows quality update release signals with Autopatch groups
|
||||
ms.date: 05/01/2023
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
ms.author: tiaraquan
|
||||
manager: dougeby
|
||||
ms.reviewer: hathind
|
||||
---
|
||||
|
||||
# Windows quality update signals: Windows Autopatch groups experience (public preview)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
|
||||
|
||||
Windows Autopatch monitors a specific set of signals and aims to release the monthly security update both quickly and safely. The service doesn't comprehensively monitor every use case in Windows.
|
||||
|
||||
If there's a scenario that is critical to your business, which isn't monitored by Windows Autopatch, you're responsible for testing and taking any follow-up actions, like requesting to pause the release.
|
||||
|
||||
## Pre-release signals
|
||||
|
||||
Before being released to the Test ring in the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group), Windows Autopatch reviews several data sources to determine if we need to send any customer advisories or need to pause the update. Situations where Windows Autopatch doesn't release an update to the Test ring are seldom occurrences.
|
||||
|
||||
| Pre-release signal | Description |
|
||||
| ----- | ----- |
|
||||
| Windows Payload Review | The contents of the monthly security update release are reviewed to help focus your update testing on areas that have changed. If any relevant changes are detected, a [customer advisory](../operate/windows-autopatch-groups-windows-quality-update-communications.md#communications-during-release) will be sent out. |
|
||||
| Optional non-security preview release review - Internal Signals | Windows Autopatch reviews active incidents associated with the previous optional non-security preview release to understand potential risks in the monthly security update release. |
|
||||
| Optional non-security preview release review - Social Signals | Windows Autopatch monitors social signals to better understand potential risks associated with the monthly security update release. |
|
||||
|
||||
## Early signals
|
||||
|
||||
The update is released to the Test ring in the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) on the second Tuesday of the month. Those test devices will update, allowing you to conduct early testing of critical scenarios in your environment. There are also several Microsoft internal signals that are monitored throughout the release.
|
||||
|
||||
| Device reliability signal | Description | Microsoft will |
|
||||
| ----- | ----- | ----- |
|
||||
| Security Risk Profile | As soon as the update is released, the criticality of the security content is assessed. | <ul><li>Consider expediting the release</li><li>Update customers with a risk profile</li></ul>
|
||||
| B-Release - Internal Signals | Windows Autopatch reviews any active incidents associated with the current release. | <ul><li>Determine if a customer advisory is necessary</li><li>Pause the release if there's significant user impact</li></ul> |
|
||||
| B-Release - Social Signals | Windows Autopatch monitors social signals to understand risks associated with the release. | Determine if a customer advisory is necessary |
|
||||
|
||||
## Device reliability signals
|
||||
|
||||
Windows Autopatch monitors devices for a set of core reliability metrics as a part of the service.
|
||||
|
||||
The service then uses statistical models to assess if there are significant differences between the two Windows versions. To make a statistically significant assessment, Windows Autopatch requires that at least 500 devices in your tenant have upgraded to the new version.
|
||||
|
||||
As more devices update, the confidence of the analysis increases and gives us a clearer picture of release quality. If we determine that the user experience is impaired, Autopatch will either post a customer advisory or pause the release, depending on the criticality of the update.
|
||||
|
||||
Autopatch monitors the following reliability signals:
|
||||
|
||||
| Device reliability signal | Description |
|
||||
| ----- | ----- |
|
||||
| Blue screens | These events are highly disruptive to end users. These events are closely monitored. |
|
||||
| Overall app reliability | Tracks the total number of app crashes and freezes on a device. A known limitation with this measure is that if one app becomes 10% more reliable and another becomes 10% less reliable then it shows up as a flat line in the measure. |
|
||||
| Microsoft Office reliability | Tracks the number of Office crashes and freezes per application per device. |
|
||||
| Microsoft Edge reliability | Tracks the number of Microsoft Edge crashes and freezes per device. |
|
||||
| Microsoft Teams reliability | Tracks the number of Microsoft Teams crashes and freezes per device. |
|
||||
|
||||
When the update is released to the First ring in the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group), the service crosses the 500 device threshold. Therefore, Autopatch can detect regressions that are common to all customers. At this point in the release, we'll decide if we need to expedite the release schedule or pause for all customers.
|
||||
@ -0,0 +1,79 @@
|
||||
---
|
||||
title: Quality update status report
|
||||
description: Provides a per device view of the current update status for all Windows Autopatch enrolled devices with Autopatch groups.
|
||||
ms.date: 05/01/2023
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
ms.author: tiaraquan
|
||||
manager: dougeby
|
||||
ms.reviewer: adnich
|
||||
---
|
||||
|
||||
# Quality update status report (public preview)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
|
||||
|
||||
The Quality update status report provides a per device view of the current update status for all Windows Autopatch enrolled devices.
|
||||
|
||||
**To view the Quality update status report:**
|
||||
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Navigate to **Reports** > **Windows Autopatch** > **Windows quality updates**.
|
||||
1. Select the **Reports** tab.
|
||||
1. Select **Quality update status**.
|
||||
|
||||
> [!NOTE]
|
||||
> The data in this report is refreshed every 24 hours with data received by your Windows Autopatch managed devices. The last refreshed on date/time can be seen at the top of the page. For more information about how often Windows Autopatch receives data from your managed devices, see [Data latency](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#about-data-latency).
|
||||
|
||||
## Report information
|
||||
|
||||
### Default columns
|
||||
|
||||
The following information is available as default columns in the Quality update status report:
|
||||
|
||||
| Column name | Description |
|
||||
| ----- | ----- |
|
||||
| Device name | The name of the device. |
|
||||
| Deployment ring | The currently assigned Windows Autopatch deployment ring for the device. |
|
||||
| Update status | The current update status for the device. For more information, see [Windows quality update statuses](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-quality-and-feature-update-statuses). |
|
||||
| Pause status | The current pause status whether Customer or Service initiated. For more information, see [Pause and resume a release](../operate/windows-autopatch-groups-windows-quality-update-overview.md#pause-and-resume-a-release). |
|
||||
| Current version | The current version or build number of the device. For more information, see [Windows Versions](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2). |
|
||||
| Readiness | The device readiness evaluation status. For more information, see [Post registration device readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md). |
|
||||
| Alerts | The summary of any alerts affecting the device. For more information, see [Device alerts](../operate/windows-autopatch-device-alerts.md). |
|
||||
|
||||
### Optional columns
|
||||
|
||||
The following information is available as optional columns in the Quality update status report:
|
||||
|
||||
| Column name | Description |
|
||||
| ----- | ----- |
|
||||
| Azure Active Directory (AD) device ID | The current Azure AD recorded device ID for the device |
|
||||
| Serial number | The current Intune recorded serial number for the device |
|
||||
| Intune last check in time | The last time the device checked in to Intune |
|
||||
| Service State | The Service State provided from Windows Update |
|
||||
| Service Substate | The Service Substate provided from Windows Update |
|
||||
| Client State | The Client State provided from Windows Update |
|
||||
| Client Substate | The Client Substate provided from Windows Update |
|
||||
| Servicing Channel | The Servicing Channel provided from Windows Update |
|
||||
| User Last Logged On | The last user who logged on as reported from Intune |
|
||||
| Primary User UPN | The Primary User UPN as reported from Intune |
|
||||
| Hex Error Code | The hex error provided from Windows Update |
|
||||
|
||||
> [!NOTE]
|
||||
> The Service State, Service Substate, Client State, Client Substate, Servicing Channel, and Hex Error Code columns may not display any values. These columns are supplemental and might not display for all devices
|
||||
|
||||
## Report options
|
||||
|
||||
The following options are available:
|
||||
|
||||
| Option | Description |
|
||||
| ----- | ----- |
|
||||
| Search | Use to search by device name, Azure AD device ID or serial number |
|
||||
| Sort | Select the **column headings** to sort the report data in ascending and descending order. |
|
||||
| Export | Select **Export devices** at the top of the page to export data from this report into a CSV file. |
|
||||
| Filter | Select either the **Add filters** or at the top of the report to filter the results. |
|
||||
| Columns | Select a column to add or remove the column from the report. |
|
||||
@ -0,0 +1,51 @@
|
||||
---
|
||||
title: Windows quality update summary dashboard
|
||||
description: Provides a summary view of the current update status for all devices enrolled into Windows Autopatch with Autopatch groups
|
||||
ms.date: 05/01/2023
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
ms.author: tiaraquan
|
||||
manager: dougeby
|
||||
ms.reviewer: adnich
|
||||
---
|
||||
|
||||
# Windows quality update summary dashboard (public preview)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
|
||||
|
||||
The summary dashboard provides a summary view of the current update status for all devices enrolled into Windows Autopatch.
|
||||
|
||||
**To view the current update status for all your enrolled devices:**
|
||||
|
||||
1. Sign into the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Navigate to **Reports** > **Windows Autopatch** > **Windows quality updates**.
|
||||
|
||||
> [!NOTE]
|
||||
> The data in this report is refreshed every 24 hours with data received by your Windows Autopatch managed devices. The last refreshed on date/time can be seen at the top of the page. For more information about how often Windows Autopatch receives data from your managed devices, see [Data latency](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#about-data-latency).
|
||||
|
||||
## Report information
|
||||
|
||||
The following information is available in the summary dashboard:
|
||||
|
||||
| Column name | Description |
|
||||
| ----- | ----- |
|
||||
| Autopatch group | The Autopatch group and deployment ring. For more information, see [Windows Autopatch groups](../deploy/windows-autopatch-groups-overview.md). |
|
||||
| Device count | Total device count per Autopatch group or deployment ring. |
|
||||
| Up to date | Total device count reporting a status of Up to date. For more information, see [Up to Date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices). |
|
||||
| Not up to Date | Total device count reporting a status of Not Up to date. For more information, see [Not Up to Date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices). |
|
||||
| In progress | Total device counts reporting the In progress status. For more information, see [In progress](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-sub-statuses). |
|
||||
| Paused | Total device count reporting the status of the pause whether it’s Service or Customer initiated. For more information, see [Up to Date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices). |
|
||||
| Not ready | Total device count reporting the Not ready status. For more information, see [Not ready](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices). |
|
||||
|
||||
## Report options
|
||||
|
||||
The following options are available:
|
||||
|
||||
| Option | Description |
|
||||
| ----- | ----- |
|
||||
| Refresh | The option to **Refresh** the summary dashboard is available at the top of the page. This process will ensure that the summary dashboard view is updated to the latest available dataset from within the last 24-hour period. |
|
||||
| Summary links | Each column represents the summary of included devices. Select the hyperlinked number to produce a filtered report in a new browser tab. |
|
||||
@ -0,0 +1,42 @@
|
||||
---
|
||||
title: Quality update trending report
|
||||
description: Provides a visual representation of the update status trend for all devices over the last 90 days with Autopatch groups.
|
||||
ms.date: 05/01/2023
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
ms.author: tiaraquan
|
||||
manager: dougeby
|
||||
ms.reviewer: adnich
|
||||
---
|
||||
|
||||
# Quality update trending report (public preview)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
|
||||
|
||||
The Quality update trending report provides a visual representation of the update status trend for all devices over the last 90 days.
|
||||
|
||||
**To view the Quality update trending report:**
|
||||
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Navigate to **Reports** > **Windows Autopatch** > **Windows Quality Updates**.
|
||||
1. Select the **Reports** tab.
|
||||
1. Select **Quality update trending**.
|
||||
|
||||
> [!NOTE]
|
||||
> This report provides a time stamp of when the report trend was last generated and can be seen at the top of the page.
|
||||
|
||||
## Report options
|
||||
|
||||
The following options are available:
|
||||
|
||||
| Option | Description |
|
||||
| ----- | ----- |
|
||||
| Filter | Select either the **Update status** or **Deployment rings** filters at the top of the report to filter the results. Then, select **Generate trend**. |
|
||||
| By percentage | Select **by percentage** to show your trending graphs and indicators by percentage. |
|
||||
| By device count | Select **by device count** to show your trending graphs and indicators by numeric value. |
|
||||
|
||||
For a description of the displayed device status trends, see [Windows quality update statuses](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-quality-and-feature-update-statuses).
|
||||
@ -0,0 +1,125 @@
|
||||
---
|
||||
title: Customize Windows Update settings Autopatch groups experience
|
||||
description: How to customize Windows Updates with Autopatch groups
|
||||
ms.date: 05/01/2023
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
ms.author: tiaraquan
|
||||
manager: dougeby
|
||||
ms.reviewer: rekhanr
|
||||
---
|
||||
|
||||
# Customize Windows Update settings: Autopatch groups experience (public preview)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> This feature is in **public preview**. The feature is being actively developed, and may not be complete. You can test and use these features in production environments and provide feedback.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
|
||||
|
||||
You can customize the Windows Update deployment schedule for each deployment ring in Windows Autopatch groups per your business and organizational needs. This capability is allowed for both [Default](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) and [Custom Autopatch groups](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups). However, we recommend that you remain within service defined boundaries to maintain compliance.
|
||||
|
||||
When the deployment cadence is customized, Windows Autopatch will override our service defaults with your preferred deployment cadence. Depending on the selected options, devices with [customized schedules](#scheduled-install) may not count towards the Windows Autopatch [Windows quality update service level objective](../operate/windows-autopatch-groups-windows-quality-update-overview.md#service-level-objective).
|
||||
|
||||
## Deployment cadence
|
||||
|
||||
### Cadence types
|
||||
|
||||
For each tenant, at the deployment ring level, there are two cadence types to configure and manage your Windows Update deployments for all the devices in those deployment rings:
|
||||
|
||||
- [Deadline-driven](#deadline-driven)
|
||||
- [Scheduled install](#scheduled-install)
|
||||
|
||||
> [!NOTE]
|
||||
> Windows Autopatch uses the [Update rings policy for Windows 10 and later in Microsoft Intune](/mem/intune/protect/windows-10-update-rings) to apply either **Deadline-driven** or **Scheduled install** cadence types. Microsoft Intune implements [Update rings policy for Windows 10 and later](/mem/intune/protect/windows-10-update-rings) using the settings available in the [Update policy CSP](/windows/client-management/mdm/policy-csp-update).
|
||||
|
||||
#### Deadline-driven
|
||||
|
||||
With the deadline-drive cadence type, you can control and customize the deferral, deadline, and grace period to meet your specific business needs and organizational requirements.
|
||||
|
||||
There are certain limits that Windows Autopatch defines and you'll only be able to make changes with those boundaries. The following boundaries are implemented so that Windows Autopatch can maintain update compliance.
|
||||
|
||||
| Boundary | Description |
|
||||
| ----- | ----- |
|
||||
| Deferrals and deadlines | Windows Autopatch will enforce that deadline plus deferral days for a deployment ring to be less than or equal to 14 days. |
|
||||
| Grace period | The permitted customization range is zero to seven days. |
|
||||
|
||||
> [!NOTE]
|
||||
> The configured grace period will apply to both Windows quality updates and Windows feature updates.
|
||||
|
||||
Each deployment ring can be scheduled independent of the others, and there are no dependencies that the previous deployment ring must be scheduled before the next ring. Further, if the cadence type is set as **Deadline-driven**, the automatic update behavior setting, **Reset to default** in the Windows Update for Business policy, will be applied.
|
||||
|
||||
It's possible for you to change the cadence from the Windows Autopatch Release management blade while update deployments are in progress. Windows Autopatch will abide by the principle to always respect your preferences over service-defined values.
|
||||
|
||||
However, if an update has already started for a particular deployment ring, Windows Autopatch won't be able to change the cadence for that ring during that ongoing update cycle. The changes will only be effective in the next update cycle.
|
||||
|
||||
#### Scheduled install
|
||||
|
||||
> [!NOTE]
|
||||
>If you select the Schedule install cadence type, the devices in that ring won’t be counted towards the [Windows quality update service level objective](../operate/windows-autopatch-groups-windows-quality-update-overview.md#service-level-objective).
|
||||
|
||||
While the Windows Autopatch default options will meet the majority of the needs for regular users with corporate devices, we understand there are devices that run critical activities and can only receive Windows Updates at specific times. The **Scheduled install** cadence type will minimize disruptions by preventing forced restarts and interruptions to critical business activities for end users. Upon selecting the **Scheduled install** cadence type, any previously set deadlines and grace periods will be removed. Devices will only update and restart according to the time specified.
|
||||
|
||||
If other applications force a device to restart outside of the specified time and a Windows Update is pending a restart, the Windows Update will complete its installation at this time. For this reason, ensure that you consider your update and restart scenarios for devices running business critical activities, or restart sensitive workloads before using the Scheduled Install option.
|
||||
|
||||
> [!NOTE]
|
||||
> The compliance deadline and grace period for Windows quality updates won't be configured for the Scheduled Install cadence type.
|
||||
|
||||
Devices **must** be active and available at the time when the device is scheduled for installation to ensure the optimal experience. If the device is consistently unavailable during the scheduled install time, the device can remain unprotected and unsecured, or the device may have the Windows Update scan and install during active hours.
|
||||
|
||||
##### Scheduled install types
|
||||
|
||||
> [!NOTE]
|
||||
> For devices with **Active hours** configured, if the device is consistently unavailable, Windows will attempt to keep the devices up to date, including installation of updates during Active hours.<p>For Windows 10 devices, Windows Update can start 30 minutes prior to the specified install time. If the installation start time is specified at 2:00 AM, some of the devices may start the installation 30 mins prior.</p>
|
||||
|
||||
The Scheduled install cadence has two options:
|
||||
|
||||
| Option | Description |
|
||||
| ----- | ----- |
|
||||
| Active hours | The period (daily) that the user normally does their work, or the device is busy performing business critical actions.<p>The time outside of active hours is when the device is available for Windows to perform an update and restart the device (daily). The max range for Active hours is 18 hours. The six-hour period outside of the active hours is the deployment period, when Windows Update for Business will scan, install and restart the device.</p>
|
||||
| Schedule install and restart | Use this option to prevent the service from installing Windows Updates except during the specified start time. You can specify the following occurrence options:<ul><li>Weekly</li><li>Bi-weekly</li><li>Monthly</li></ul><p>Select a time when the device has low activity for the updates to complete. Ensure that the Windows Update has three to four hours to complete the installation and restart the device.</p> |
|
||||
|
||||
> [!NOTE]
|
||||
> Changes made in one deployment ring won't impact other rings in your tenant.<p>Configured **Active hours** and **Scheduled install and restart** options will apply to both Windows quality updates and Windows feature updates.</p>
|
||||
|
||||
### User notifications
|
||||
|
||||
In addition to the cadence type, you can also manage the end user notification settings. End users will receive all update notifications by default. For critical devices or devices where notifications need to be hidden, use the **Manage notifications** option to configure notifications. For each tenant, at the deployment ring level, there are four options for you to configure end user update notification settings:
|
||||
|
||||
- Not configured
|
||||
- Use the default Windows Update notifications
|
||||
- Turn off all notifications excluding restart warnings
|
||||
- Turn off all notifications including restart warnings
|
||||
|
||||
For more information, see [Windows Update settings you can manage with Intune update ring policies for Windows 10/11 devices](/mem/intune/protect/windows-update-settings).
|
||||
|
||||
## Customize the Windows Update deployment cadence
|
||||
|
||||
> [!IMPORTANT]
|
||||
> The Windows update setting customizations can take up to eight hours to be applied to devices. Windows Autopatch uses Microsoft Intune as its device management solution and that's the average frequency Windows devices take to communicate back to Microsoft Intune with new instructions to apply new software update settings.<p>For more information, see [how long does it take for devices to get a policy, profile, or app after they are assigned from Microsoft Intune](/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).</p>
|
||||
|
||||
**To customize the Windows Update deployment cadence:**
|
||||
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
2. Navigate to **Devices** > **Windows Autopatch** > **Release management** > **Release settings** select **Autopatch groups**. Select the **horizontal ellipses (…)** > **Edit** for the Autopatch group you want to edit.
|
||||
3. Select the **horizontal ellipses (…)** across each ring to manage the deployment cadence or notification settings.
|
||||
4. Select **Next** to navigate to the Windows update settings page. The page lists the existing settings for each of the deployment rings in the Autopatch group.
|
||||
5. Select [**Manage deployment cadence**](#cadence-types) to customize Windows Update settings.
|
||||
1. Select one of the cadence types for the ring:
|
||||
1. Select **Deadline-driven** to configure the deferral, deadline, and grace periods. This option will enforce forced restarts based on the selected deadline and grace period. In the event you want to switch back to the service recommended defaults, for each of the settings, select the option tagged as "default".
|
||||
1. Select **Scheduled install** to opt-out of deadline-based forced restart.
|
||||
1. Select either **Active hours** or **Schedule install and restart time**.
|
||||
2. Select **Save**.
|
||||
6. Select **Manage notifications**. A fly-in pane opens.
|
||||
1. Select one of following [Windows Update restart notifications](#user-notifications) for your devices that are part of the selected deployment ring. By default, Windows Autopatch recommends that you enable all notifications.
|
||||
1. Not configured
|
||||
1. Use the default Windows Update notifications
|
||||
1. Turn off all notifications excluding restart warnings
|
||||
1. Turn off all notifications included restart warnings
|
||||
1. Select **Save** once you select the preferred setting.
|
||||
7. Repeat the same process to customize each of the rings. Once done, select **Next**.
|
||||
8. In **Review + apply**, you’ll be able to review the selected settings for each of the rings.
|
||||
9. Select **Apply** to apply the changes to the ring policy. Once the settings are applied, the saved changes can be verified in the **Release schedule** tab. The Windows quality update schedule on the **Release schedule** tab will be updated as per the customized settings.
|
||||
@ -0,0 +1,106 @@
|
||||
---
|
||||
title: policy health and remediation
|
||||
description: Describes what Autopatch does it detects policies in the tenant are either missing or modified to states that affect the service
|
||||
ms.date: 05/01/2023
|
||||
ms.prod: windows-client
|
||||
ms.technology: itpro-updates
|
||||
ms.topic: how-to
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
ms.author: tiaraquan
|
||||
manager: dougeby
|
||||
ms.reviewer: rekhanr
|
||||
---
|
||||
|
||||
# Policy health and remediation (public preview)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> This feature is in **public preview**. This feature is being actively developed and may not be complete. You can test and use these features in production environments and provide feedback.
|
||||
|
||||
Windows Autopatch uses Microsoft Intune policies to set configurations and deliver the service. Windows Autopatch continuously monitors the policies and maintains all configurations related to the operation of the service.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Don't change, edit, add to, or remove any of the Windows Autopatch policies or groups. Doing so can cause unintended configuration changes and impact the Windows Autopatch service. For more information about Windows Autopatch configurations, see [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md).
|
||||
|
||||
When Windows Autopatch detects policies in the tenant are either missing or modified that affects the service, Windows Autopatch will raise alerts and detailed recommended actions to ensure healthy operation of the service.
|
||||
|
||||
IT admins must respond to the service-generated alerts to ensure that Autopatch services can be delivered, and devices remain eligible for the service.
|
||||
|
||||
With this feature, IT admins can:
|
||||
|
||||
- View alerts, in line with the features you commonly use:
|
||||
- Windows Update related alerts in the Release management blade.
|
||||
- Device configuration alerts in the **Tenant management** > **Alert actions** tab.
|
||||
- Initiate action for the Autopatch service to restore policies without having to raise an incident.
|
||||
- Initiate action for the Autopatch service to restore the deployment rings without having to raise an incident.
|
||||
|
||||
> [!NOTE]
|
||||
> You can rename your policies to meet your organization’s requirements. Do **not** rename the underlying Autopatch deployment groups.
|
||||
|
||||
## Check policy health
|
||||
|
||||
Alerts are raised when deployment rings don't have the required policies and the settings that impact devices within the ring. The remediation actions from the displayed alerts are intended to keep the deployment rings in a healthy state. Devices in each ring may continue to report different states, including errors and conflicts. This occurs due to multiple policies targeted at the same device or other conditions on the device. Policy conflicts and other device errors aren't addressed by these alerts.
|
||||
|
||||
## Built-in roles required for remediation actions
|
||||
|
||||
The minimum role required to restore configurations is **Intune Service Administrator**. You can also perform these actions in the Global administrator role.
|
||||
|
||||
## Restore device configuration policy
|
||||
|
||||
**To initiate remediation action for device configuration alerts:**
|
||||
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Navigate to **Tenant administration** > **Tenant management** > **Alerts**.
|
||||
1. Select **Restore missing policy** to launch the workflow.
|
||||
1. Review the message and select **Restore policy**.
|
||||
1. If the **Change modified policy alert** appears, select this alert to launch the workflow.
|
||||
1. Select **Submit changes** to restore to service required values.
|
||||
|
||||
There will be an alert for each policy that is missing or has deviated from the service defined values.
|
||||
|
||||
## Restore Windows update policies
|
||||
|
||||
**To initiate remediation actions for Windows quality update policies:**
|
||||
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Navigate to **Devices** > **Windows Autopatch** > **Release management** > **Release schedule** > **Windows quality updates** > **Status**.
|
||||
1. Select **Policy Error** to launch the Policy error workflow.
|
||||
1. Review the message:
|
||||
1. If this is a missing policy error, select **Restore policy** to complete the workflow.
|
||||
2. If this is a modified policy, select **Submit changes** to restore to service required values.
|
||||
|
||||
**To initiate remediation actions for Windows feature update policies:**
|
||||
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Navigate to **Devices** > **Windows Autopatch** > **Release management** > **Release schedule** > **Windows feature updates** > **Status**.
|
||||
1. Select **Policy Error** to launch the Policy error workflow.
|
||||
1. Review the message.
|
||||
1. If this is a missing policy error, select **Restore policy** to complete the workflow.
|
||||
2. If this is a modified policy, select **Submit changes** to restore to service required values.
|
||||
|
||||
## Restore deployment groups
|
||||
|
||||
**To initiate remediation action for missing groups:**
|
||||
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Navigate to **Tenant administration** > **Tenant management** > **Alerts**.
|
||||
1. Select **Restore missing group** to launch the workflow.
|
||||
1. Review the message and select **Restore group**.
|
||||
|
||||
When a missing deployment group is restored, the policies will be reassigned back to the deployment groups. In the Release management blade, the service will raise a Policy Error that you'll need to complete to repair Windows Update policies. Due to the asynchronous run of service detectors, it may take up to four (4) hours for this error to be displayed.
|
||||
|
||||
> [!NOTE]
|
||||
> While Windows Autopatch continuously monitors the policies, all policy alerts are raised within four (4) hours of detection.<p>Alerts will remain active until an IT admin completes the action to restore them to a healthy state.</p>
|
||||
|
||||
There are no Autopatch reports for policy alerts and actions at this time.
|
||||
|
||||
## Use audit logs to track actions in Microsoft Intune
|
||||
|
||||
You can review audit logs in Intune to review the activities completed on the tenant.
|
||||
|
||||
**To review audit logs in Intune:**
|
||||
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Tenant administration** > **Audit logs**.
|
||||
|
||||
The entries with enterprise application name, Modern Workplace Management, are the actions requested by Windows Autopatch.
|
||||
Reference in New Issue
Block a user