deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 02:13:43 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' into ap-allowblock-m365-updates

Browse Source
This commit is contained in:
Tiara Quan
2023-02-28 07:10:35 -08:00
committed by GitHub
parent 4188bdbd0a a036fea4a6
commit add1cc0a0e
313 changed files with 1717 additions and 3176 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
windows/deployment/TOC.yml
View File

@ -35,7 +35,7 @@
- name: Plan
items:
- name: Plan for Windows 11
href: /windows/whats-new/windows-11-plan
href: /windows/whats-new/windows-11-plan?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Create a deployment plan
href: update/create-deployment-plan.md
- name: Define readiness criteria
@ -72,7 +72,7 @@
- name: Prepare
items:
- name: Prepare for Windows 11
href: /windows/whats-new/windows-11-prepare
href: /windows/whats-new/windows-11-prepare?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Prepare to deploy Windows client updates
href: update/prepare-deploy-windows.md
- name: Evaluate and update infrastructure
@ -334,6 +334,8 @@
href: update/windows-update-overview.md
- name: Servicing stack updates
href: update/servicing-stack-updates.md
- name: Update CSP policies
href: /windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Additional Windows Update settings
href: update/waas-wu-settings.md
- name: Delivery Optimization reference

13
windows/deployment/breadcrumb/toc.yml
View File

@ -34,4 +34,15 @@ items:
- name: Deployment
tocHref: /mem/intune/protect/
topicHref: /windows/deployment/
- name: Learn
tocHref: /
topicHref: /
items:
- name: Windows
tocHref: /windows/
topicHref: /windows/resources/
items:
- name: Deployment
tocHref: /windows/client-management/mdm
topicHref: /windows/deployment/

6
windows/deployment/do/waas-delivery-optimization-reference.md
View File

@ -124,11 +124,11 @@ Download mode dictates which download sources clients are allowed to use when do
| Download mode option | Functionality when set |
| --- | --- |
| HTTP Only (0) | This setting disables peer-to-peer caching but still allows Delivery Optimization to download content over HTTP from the download's original source. This mode uses additional metadata provided by the Delivery Optimization cloud services for a peerless reliable and efficient download experience. |
| HTTP Only (0) | This setting disables peer-to-peer caching but still allows Delivery Optimization to download content over HTTP from the download's original source or a Microsoft Connected Cache server. This mode uses additional metadata provided by the Delivery Optimization cloud services for a peerless reliable and efficient download experience. |
| LAN (**1 Default**) | This default operating mode for Delivery Optimization enables peer sharing on the same network. The Delivery Optimization cloud service finds other clients that connect to the Internet using the same public IP as the target client. These clients then try to connect to other peers on the same network by using their private subnet IP.|
| Group (2) | When group mode is set, the group is automatically selected based on the device's Active Directory Domain Services (AD DS) site (Windows 10, version 1607) or the domain the device is authenticated to (Windows 10, version 1511). In group mode, peering occurs across internal subnets, between devices that belong to the same group, including devices in remote offices. You can use GroupID option to create your own custom group independently of domains and AD DS sites. Starting with Windows 10, version 1803, you can use the GroupIDSource parameter to take advantage of other method to create groups dynamically. Group download mode is the recommended option for most organizations looking to achieve the best bandwidth optimization with Delivery Optimization. |
| Internet (3) | Enable Internet peer sources for Delivery Optimization. |
| Simple (99) | Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable, unreachable or when the content file size is less than 10 MB. In this mode, Delivery Optimization provides a reliable download experience, with no peer-to-peer caching. |
| Simple (99) | Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable, unreachable, or when the content file size is less than 10 MB. In this mode, Delivery Optimization provides a reliable download experience over HTTP from the download's original source or a Microsoft Connected Cache server, with no peer-to-peer caching. |
| Bypass (100) | This option is deprecated starting in Windows 11. If you want to disable peer-to-peer functionality, it's best to set DownloadMode to (0). If your device doesnt have internet access, set Download Mode to (99). Bypass Delivery Optimization and use BITS, instead. You should only select this mode if you use WSUS and prefer to use BranchCache. You don't need to set this option if you're using Configuration Manager. |
> [!NOTE]
@ -248,7 +248,7 @@ Starting in Windows 10, version 1903, set this policy to delay the fallback from
### Minimum Background QoS
This value specifies the minimum download speed guarantee that a client attempts to achieve and will fulfill by downloading more kilobytes from HTTP sources . The lower this value is, the more content will be sourced using peers on the network rather than HTTP sources. The higher this value, the more content is received from HTTP sources, versus peers on the local network. **The default value is 2500 KB/s.**
This value specifies the minimum download speed guarantee that a client attempts to achieve and will fulfill by downloading more kilobytes from HTTP sources. The lower this value is, the more content will be sourced using peers on the network rather than HTTP sources. The higher this value, the more content is received from HTTP sources, versus peers on the local network. **The default value is 2500 KB/s.**
### Modify Cache Drive

29
windows/deployment/update/create-deployment-plan.md
View File

@ -110,32 +110,3 @@ During the broad deployment phase, you should focus on the following activities:
- Deploy to all devices in the organization.
- Work through any final unusual issues that weren't detected in your Limited ring.
## Ring deployment planning
Previously, we have provided methods for analyzing your deployments, but these have been standalone tools to assess, manage and execute deployments. In other words, you would generate an analysis, make a deployment strategy, and then move to your console for implementation, repeating these steps for each deployment. We've combined many of these tasks, and more, into a single interface with Desktop Analytics.
[Desktop Analytics](/mem/configmgr/desktop-analytics/overview) is a cloud-based service and a key tool in [Configuration Manager](/mem/configmgr/core/understand/microsoft-endpoint-manager-faq). Using artificial intelligence and machine learning, Desktop Analytics is a powerful tool to give you insights and intelligence to
make informed decisions about the readiness of your Windows devices.
In Windows client deployments, we have seen compatibility issues on < 0.5% of apps when using Desktop Analytics. Using Desktop Analytics with Configuration Manager can help you assess app compatibility with the latest
feature update. You can create groups that represent the broadest number of hardware and software configurations on the smallest set of devices across your organization. In addition, Desktop Analytics can provide you with a device and software inventory and identify issues, giving you data that equate to actionable decisions.
> [!IMPORTANT]
> Desktop Analytics does not support preview (Windows Insider) builds; use Configuration Manager to deploy to your Preview ring. As noted previously, the Preview ring is a small group of devices represents your ecosystem very well in terms of app, driver, and hardware diversity.
### Deployment plan options
There are two ways to implement a ring deployment plan, depending on how you manage your devices:
- If you're using Configuration Manager: Desktop Analytics provides end-to-end deployment plan integration so that you can also kick off phased deployments within a ring. Learn more about [deployment plans in Desktop Analytics](/mem/configmgr/desktop-analytics/about-deployment-plans).
- If you're using Microsoft Intune, see [Create deployment plans directly in Intune](/mem/intune/fundamentals/planning-guide).
For more about Desktop Analytics, see these articles:
- [How to set up Desktop Analytics](/mem/configmgr/desktop-analytics/set-up)
- [Tutorial: Deploy Windows 10 to Pilot](/mem/configmgr/desktop-analytics/tutorial-windows10)
- [Desktop Analytics documentation](/mem/configmgr/desktop-analytics/overview)
- [Intune deployment planning, design, and implementation guide](/mem/intune/fundamentals/planning-guide)

12
windows/deployment/update/plan-determine-app-readiness.md
View File

@ -63,15 +63,3 @@ There is more than one way to choose devices for app validation:
- **Existing pilot devices**: You might already have a list of devices that you regularly use for testing updates as part of release cycles.
- **Manual selection**: Some internal groups like operations will have expertise to help choose devices manually based on specifications, usage, or records of past support problems.
- **Data-driven analysis**: With appropriate tools, you can use diagnostic data from devices to inform your choices.
### Desktop Analytics
Desktop Analytics can make all of the tasks discussed in this article significantly easier:
- Creating and maintaining an application and device inventory
- Assign owners to applications for testing
- Automatically apply your app classifications (critical, important, not important)
- Automatically identify application compatibility risks and provide recommendations for reducing those risks
For more information, see [What is Desktop Analytics?](/mem/configmgr/desktop-analytics/overview)

6
windows/deployment/update/prepare-deploy-windows.md
View File

@ -97,7 +97,7 @@ Enable update services on devices. Ensure that every device is running all the s
- Windows Update
- Windows Update Medic Service
You can check these services manually by using Services.msc, or by using PowerShell scripts, Desktop Analytics, or other methods.
You can check these services manually by using Services.msc, or by using PowerShell scripts, or other methods.
### Network configuration
@ -125,7 +125,7 @@ Set up [Delivery Optimization](../do/waas-delivery-optimization.md) for peer net
### Address unhealthy devices
In the course of surveying your device population, either with Desktop Analytics or by some other means, you might find devices that have systemic problems that could interfere with update installation. Now is the time to fix those problems.
In the course of surveying your device population, you might find devices that have systemic problems that could interfere with update installation. Now is the time to fix those problems.
- **Low disk space:** Quality updates require a minimum of 2 GB to successfully install. Feature updates require between 8 GB and 15 GB depending upon the configuration. On Windows 10, version 1903 and later (and Windows 11) you can proactively use the "reserved storage" feature (for wipe and loads, rebuilds, and new builds) to avoid running out of disk space. If you find a group of devices that don't have enough disk space, you can often resolve the problem by cleaning up log files and asking users to clean up data if necessary. A good place to start is to delete the following files:
@ -160,7 +160,7 @@ You can also create and run scripts to perform additional cleanup actions on dev
net start msiserver
```
- **Application and driver updates:** Out-of-date app or driver software can prevent devices from updating successfully. Desktop Analytics will help you identify drivers and applications that need attention. You can also check for known issues in order to take any appropriate action. Deploy any updates from the vendor(s) for any problematic application or driver versions to resolve issues.
- **Application and driver updates:** Out-of-date app or driver software can prevent devices from updating successfully. Deploy any updates from the vendor(s) for any problematic application or driver versions to resolve issues.
- **Corruption:** In rare circumstances, a device that has repeated installation errors might be corrupted in a way that prevents the system from applying a new update. You might have to repair the Component-Based Store from another source. You can fix the problem with the [System File Checker](https://support.microsoft.com/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system).

2
windows/deployment/update/update-compliance-configuration-mem.md
View File

@ -33,7 +33,7 @@ This article is specifically targeted at configuring devices enrolled to [Micros
Take the following steps to create a configuration profile that will set required policies for Update Compliance:
1. In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices/Windows/Configuration profiles**.
1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices/Windows/Configuration profiles**.
1. On the **Configuration profiles** view, select **Create a profile**.
1. Select **Platform**="Windows 10 and later" and **Profile type**="Templates".
1. For **Template name**, select **Custom**, and then press **Create**.

5
windows/deployment/update/update-compliance-get-started.md
View File

@ -56,7 +56,6 @@ Update Compliance is offered as an Azure Marketplace application that is linked
1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/). The solution was published by Microsoft and named **WaaSUpdateInsights**.
2. Select **Get it now**.
3. Choose an existing or configure a new Log Analytics Workspace, ensuring it is in a **Compatible Log Analytics region** from the following table. Although an Azure subscription is required, you won't be charged for ingestion of Update Compliance data.
- [Desktop Analytics](/sccm/desktop-analytics/overview) users should use the same workspace for Update Compliance.
- [Azure Update Management](/azure/automation/automation-intro#update-management) users should use the same workspace for Update Compliance.
4. After your workspace is configured and selected, select **Create**. You'll receive a notification when the solution has been successfully created.
@ -125,9 +124,5 @@ Once you've added Update Compliance to a workspace in your Azure subscription, y
After you configure devices, diagnostic data they send will begin to be associated with your Azure AD organization ("tenant"). However, enrolling to Update Compliance doesn't influence the rate at which required data is uploaded from devices. Device connectivity to the internet and generally how active the device is highly influences how long it will take before the device appears in Update Compliance. Devices that are active and connected to the internet daily can expect to be fully uploaded within one week (usually less than 72 hours). Devices that are less active can take up to two weeks before data is fully available.
### Update Compliance and Desktop Analytics
If you use or plan to use [Desktop Analytics](/mem/configmgr/desktop-analytics/overview), you must use the same Log Analytics workspace for both solutions.

69
windows/deployment/update/waas-configure-wufb.md
View File

@ -8,7 +8,7 @@ ms.localizationpriority: medium
ms.author: mstewart
ms.topic: article
ms.technology: itpro-updates
ms.date: 12/31/2017
ms.date: 02/28/2023
---
# Configure Windows Update for Business
@ -27,7 +27,7 @@ ms.date: 12/31/2017
> [!NOTE]
> Windows Server _doesn't_ get feature updates from Windows Update, so only the quality update policies apply. This behavior doesn't apply to [Azure Stack hyperconverged infrastructure (HCI)](/azure-stack/hci/).
You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. The sections in this topic provide the Group Policy and MDM policies for Windows 10, version 1511 and later, including Windows 11. The MDM policies use the OMA-URI setting from the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. The sections in this article provide the Group Policy and MDM policies for Windows 10, version 1511 and later, including Windows 11. The MDM policies use the OMA-URI setting from the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
> [!IMPORTANT]
> Beginning with Windows 10, version 1903, organizations can use Windows Update for Business policies, regardless of the diagnostic data level chosen. If the diagnostic data level is set to **0 (Security)**, Windows Update for Business policies will still be honored. For instructions, see [Configure the operating system diagnostic data level](/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels).
@ -35,7 +35,7 @@ You can use Group Policy or your mobile device management (MDM) service to confi
## Start by grouping devices
By grouping devices with similar deferral periods, administrators are able to cluster devices into deployment or validation groups which can be as a quality control measure as updates are deployed. With deferral windows and the ability to pause updates, administrators can effectively control and measure update deployments, updating a small pool of devices first to verify quality, prior to a broader roll-out to their organization.
By grouping devices with similar deferral periods, administrators are able to cluster devices into deployment or validation groups, which can be as a quality control measure as updates are deployed. With deferral windows and the ability to pause updates, administrators can effectively control and measure update deployments, updating a small pool of devices first to verify quality, prior to a broader roll-out to their organization.
>[!TIP]
>In addition to setting up multiple rings for your update deployments, also incorporate devices enrolled in the Windows Insider Program as part of your deployment strategy. This will provide you the chance to not only evaluate new features before they are broadly available to the public, but it also increases the lead time to provide feedback and influence Microsofts design on functional aspects of the product. For more information on Windows Insider program, see [https://insider.windows.com/](https://insider.windows.com/).
@ -68,7 +68,7 @@ Starting with Windows 10, version 1703, users can configure the branch readiness
After you configure the servicing branch (Windows Insider Preview or General Availability Channel), you can then define if, and for how long, you would like to defer receiving feature updates following their availability from Microsoft on Windows Update. You can defer receiving these feature updates for a period of up to 365 days from their release by setting the `DeferFeatureUpdatesPeriodinDays` value.
For example, a device on the General Availability Channel with `DeferFeatureUpdatesPeriodinDays=30` will not install a feature update that is first publicly available on Windows Update in September until 30 days later, in October.
For example, a device on the General Availability Channel with `DeferFeatureUpdatesPeriodinDays=30` won't install a feature update that is first publicly available on Windows Update in September until 30 days later, in October.
</br></br>
@ -86,7 +86,7 @@ For example, a device on the General Availability Channel with `DeferFeatureUpda
## Pause feature updates
You can also pause a device from receiving feature updates by a period of up to 35 days from when the value is set. After 35 days has passed, the pause setting will automatically expire and the device will scan Windows Update for applicable feature updates. Following this scan, you can then pause feature updates for the device again.
You can also pause a device from receiving feature updates by a period of up to 35 days from when the value is set. After 35 days have passed, the pause setting will automatically expire and the device will scan Windows Update for applicable feature updates. Following this scan, you can then pause feature updates for the device again.
Starting with Windows 10, version 1703, when you configure a pause by using policy, you must set a start date for the pause to begin. The pause period is calculated by adding 35 days to this start date.
@ -107,7 +107,7 @@ In cases where the pause policy is first applied after the configured start date
You can check the date that feature updates were paused by checking the registry key **PausedFeatureDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**.
The local group policy editor (GPEdit.msc) will not reflect whether the feature update pause period has expired. Although the device will resume feature updates after 35 days automatically, the pause check box will remain selected in the policy editor. To check whether a device has automatically resumed taking feature updates, check the status registry key **PausedFeatureStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
The local group policy editor (GPEdit.msc) won't reflect whether the feature update pause period has expired. Although the device will resume feature updates after 35 days automatically, the pause check box will remain selected in the policy editor. To check whether a device has automatically resumed taking feature updates, check the status registry key **PausedFeatureStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
| Value | Status|
| --- | --- |
@ -119,7 +119,7 @@ The local group policy editor (GPEdit.msc) will not reflect whether the feature
>If not configured by policy, individual users can pause feature updates by using **Settings > Update & security > Windows Update > Advanced options**.
Starting with Windows 10, version 1703, using Settings to control the pause behavior provides a more consistent experience, specifically:
- Any active restart notification are cleared or closed.
- Any active restart notifications are cleared or closed.
- Any pending restarts are canceled.
- Any pending update installations are canceled.
- Any update installation running when pause is activated will attempt to roll back.
@ -164,7 +164,7 @@ In cases where the pause policy is first applied after the configured start date
You can check the date that quality updates were paused by checking the registry key **PausedQualityDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**.
The local group policy editor (GPEdit.msc) will not reflect whether the quality update pause period has expired. Although the device will resume quality updates after 35 days automatically, the pause check box will remain selected in the policy editor. To check whether a device has automatically resumed taking quality Updates, check the status registry key **PausedQualityStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
The local group policy editor (GPEdit.msc) won't reflect whether the quality update pause period has expired. Although the device will resume quality updates after 35 days automatically, the pause check box will remain selected in the policy editor. To check whether a device has automatically resumed taking quality Updates, check the status registry key **PausedQualityStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
| Value | Status|
| --- | --- |
@ -176,10 +176,10 @@ The local group policy editor (GPEdit.msc) will not reflect whether the quality
>If not configured by policy, individual users can pause quality updates by using **Settings > Update & security > Windows Update > Advanced options**.
Starting with Windows 10, version 1703, using Settings to control the pause behavior provides a more consistent experience, specifically:
- Any active restart notification are cleared or closed
- Any active restart notifications are cleared or closed
- Any pending restarts are canceled
- Any pending update installations are canceled
- Any update installation running when pause is activated will attempt to rollback
- Any update installation running when pause is activated will attempt to roll back
## Configure when devices receive Windows Insider Preview builds
@ -201,7 +201,7 @@ The policy settings to **Select when feature updates are received** allows you t
## Exclude drivers from quality updates
Starting with Windows 10, version 1607, you can selectively opt out of receiving driver update packages as part of your normal quality update cycle. This policy will not apply to updates to drivers provided with the operating system (which will be packaged within a security or critical update) or to feature updates, where drivers might be dynamically installed to ensure the feature update process can complete.
Starting with Windows 10, version 1607, you can selectively opt out of receiving driver update packages as part of your normal quality update cycle. This policy won't apply to updates to drivers provided with the operating system (which will be packaged within a security or critical update) or to feature updates, where drivers might be dynamically installed to ensure the feature update process can complete.
**Policy settings to exclude drivers**
@ -210,6 +210,21 @@ Starting with Windows 10, version 1607, you can selectively opt out of receiving
| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Do not include drivers with Windows Updates** | \Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversInQualityUpdate |
| MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**ExcludeWUDriversInQualityUpdate** | \Microsoft\PolicyManager\default\Update\ExcludeWUDriversInQualityUpdate |
## Enable features introduced via servicing that are off by default
<!--6544872-->
New features and enhancements are introduced through the monthly cumulative update to provide continuous innovation for Windows 11. To give organizations time to plan and prepare, some of these new features are temporarily turned off by default. Features that are turned off by default are listed in the KB article for the monthly cumulative update. Typically, a feature is selected to be off by default because it either impacts the user experience or IT administrators significantly.
The features that are turned off by default from servicing updates will be enabled in the next annual feature update. Organizations can choose to deploy feature updates at their own pace, to delay these features until they're ready for them.
**Policy settings to enable features introduced via servicing that are off by default**
| Policy | Sets registry key under HKLM\Software |
| --- | --- |
| GPO for Windows 11, version 22H2 and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage end user experience > **Enable features introduced via servicing that are off by default**| \Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversInQualityUpdate |
| MDM for Windows 11, version 22H2 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**[AllowTemporaryEnterpriseFeatureControl](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowtemporaryenterprisefeaturecontrol)** | \Microsoft\PolicyManager\default\Update\AllowTemporaryEnterpriseFeatureControl |
## Summary: MDM and Group Policy settings for Windows 10, version 1703 and later
The following are quick-reference tables of the supported policy values for Windows Update for Business in Windows 10, version 1607 and later.
@ -218,26 +233,28 @@ The following are quick-reference tables of the supported policy values for Wind
| GPO Key | Key type | Value |
| --- | --- | --- |
| BranchReadinessLevel | REG_DWORD | 2: systems take feature updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take feature updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take feature updates for the Release Windows Insider build (added in Windows 10, version 1709)</br></br>Other value or absent: receive all applicable updates |
| DeferQualityUpdates | REG_DWORD | 1: defer quality updates</br>Other value or absent: dont defer quality updates |
| DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
| PauseQualityUpdatesStartTime | REG_DWORD | 1: pause quality updates</br>Other value or absent: dont pause quality updates |
|DeferFeatureUpdates | REG_DWORD | 1: defer feature updates</br>Other value or absent: dont defer feature updates |
| DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: defer feature updates by given days |
| PauseFeatureUpdatesStartTime | REG_DWORD |1: pause feature updates</br>Other value or absent: dont pause feature updates |
| ExcludeWUDriversInQualityUpdate | REG_DWORD | 1: exclude Windows Update drivers</br>Other value or absent: offer Windows Update drivers |
| AllowTemporaryEnterpriseFeatureControl </br> </br>*Added in Windows 11, version 22H2*| REG_DWORD | 1: Allowed. All features in the latest monthly cumulative update are enabled.</br> Other value or absent: Features that are shipped turned off by default will remain off |
| BranchReadinessLevel | REG_DWORD | 2: Systems take feature updates for the Windows Insider build - Fast </br> 4: Systems take feature updates for the Windows Insider build - Slow </br> 8: Systems take feature updates for the Release Windows Insider build </br></br> Other value or absent: Receive all applicable updates |
| DeferFeatureUpdates | REG_DWORD | 1: Defer feature updates</br>Other value or absent: Don't defer feature updates |
| DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: Defer feature updates by given days |
| DeferQualityUpdates | REG_DWORD | 1: Defer quality updates</br>Other value or absent: Don't defer quality updates |
| DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: Defer quality updates by given days |
| ExcludeWUDriversInQualityUpdate | REG_DWORD | 1: Exclude Windows Update drivers</br>Other value or absent: Offer Windows Update drivers |
| PauseFeatureUpdatesStartTime | REG_DWORD |1: Pause feature updates</br>Other value or absent: Don't pause feature updates |
| PauseQualityUpdatesStartTime | REG_DWORD | 1: Pause quality updates</br>Other value or absent: Don't pause quality updates |
**MDM: HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\Update**
| MDM Key | Key type | Value |
| --- | --- | --- |
| BranchReadinessLevel | REG_DWORD |2: systems take feature updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take feature updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take feature updates for the Release Windows Insider build (added in Windows 10, version 1709) </br>32: systems take feature updates from General Availability Channel </br>Note: Other value or absent: receive all applicable updates |
| DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
| PauseQualityUpdatesStartTime | REG_DWORD | 1: pause quality updates</br>Other value or absent: dont pause quality updates |
| DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: defer feature updates by given days |
| PauseFeatureUpdatesStartTime | REG_DWORD | 1: pause feature updates</br>Other value or absent: dont pause feature updates |
| ExcludeWUDriversinQualityUpdate | REG_DWORD | 1: exclude Windows Update drivers</br>Other value or absent: offer Windows Update drivers |
| AllowTemporaryEnterpriseFeatureControl </br> </br>*Added in Windows 11, version 22H2*| REG_DWORD | 1: Allowed. All features in the latest monthly cumulative update are enabled.</br> Other value or absent: Features that are shipped turned off by default will remain off |
| BranchReadinessLevel | REG_DWORD |2: Systems take feature updates for the Windows Insider build - Fast </br> 4: Systems take feature updates for the Windows Insider build - Slow </br> 8: Systems take feature updates for the Release Windows Insider build </br>32: Systems take feature updates from General Availability Channel </br>Note: Other value or absent: Receive all applicable updates |
| DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: Defer feature updates by given days |
| DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: Defer quality updates by given days |
| ExcludeWUDriversinQualityUpdate | REG_DWORD | 1: Exclude Windows Update drivers</br>Other value or absent: Offer Windows Update drivers |
| PauseFeatureUpdatesStartTime | REG_DWORD | 1: Pause feature updates</br>Other value or absent: Don't pause feature updates |
| PauseQualityUpdatesStartTime | REG_DWORD | 1: Pause quality updates</br>Other value or absent: Don't pause quality updates |
## Update devices to newer versions
@ -245,7 +262,7 @@ Due to the changes in Windows Update for Business, Windows 10, version 1607 uses
### How older version policies are respected on newer versions
When a device running a newer version sees an update available on Windows Update, the device first evaluates and executes the Windows Updates for Business policy keys for its current (newer) version. If these are not present, it then checks whether any of the older version keys are set and defer accordingly. Update keys for newer versions will always supersede the older equivalent.
When a device running a newer version sees an update available on Windows Update, the device first evaluates and executes the Windows Updates for Business policy keys for its current (newer) version. If these aren't present, it then checks whether any of the older version keys are set and defer accordingly. Update keys for newer versions will always supersede the older equivalent.
### Comparing keys in Windows 10, version 1607 to Windows 10, version 1703

6
windows/deployment/update/waas-overview.md
View File

@ -41,11 +41,7 @@ Deploying Windows 10 and Windows 11 is simpler than with previous versions of Wi
### Application compatibility
Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. Application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP) has improved tremendously over older versions of Windows.
For the most important business-critical applications, organizations should still perform testing on a regular basis to validate compatibility with new builds. For remaining applications, consider validating them as part of a pilot deployment process to reduce the time spent on compatibility testing. Desktop Analytics is a cloud-based service that integrates with Configuration Manager. The service provides insight and intelligence for you to make more informed decisions about the update readiness of your Windows endpoints, including assessment of your existing applications. For more, see [Ready for modern desktop retirement FAQ](/mem/configmgr/desktop-analytics/ready-for-windows).
Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. Application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP) has improved tremendously over older versions of Windows. For the most important business-critical applications, organizations should still perform testing on a regular basis to validate compatibility with new builds.
## Servicing

36
windows/deployment/update/waas-wufb-csp-mdm.md
View File

@ -1,6 +1,6 @@
---
title: Configure Windows Update for Business by using CSPs and MDM
description: Walk-through demonstration of how to configure Windows Update for Business settings using Configuration Service Providers and MDM.
description: Walk through demonstration of how to configure Windows Update for Business settings using Configuration Service Providers and MDM.
ms.prod: windows-client
author: mestew
ms.localizationpriority: medium
@ -8,7 +8,7 @@ ms.author: mstewart
manager: aaroncz
ms.topic: article
ms.technology: itpro-updates
ms.date: 12/31/2017
ms.date: 02/28/2023
---
# Walkthrough: Use CSPs and MDMs to configure Windows Update for Business
@ -16,8 +16,8 @@ ms.date: 12/31/2017
**Applies to**
- Windows 10
- Windows 11
- Windows 10
- Windows 11
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
@ -42,9 +42,9 @@ You can control when updates are applied, for example by deferring when an updat
Both feature and quality updates are automatically offered to devices that are connected to Windows Update using Windows Update for Business policies. However, you can choose whether you want the devices to additionally receive other Microsoft Updates or drivers that are applicable to that device.
To enable Microsoft Updates use [Update/AllwMUUpdateService](/windows/client-management/mdm/policy-csp-update#update-allowmuupdateservice).
To enable Microsoft Updates, use [Update/AllwMUUpdateService](/windows/client-management/mdm/policy-csp-update#update-allowmuupdateservice).
Drivers are automatically enabled because they are beneficial to device systems. We recommend that you allow the driver policy to allow drivers to updated on devices (the default), but you can turn this setting off if you prefer to manage drivers manually. If you want to disable driver updates for some reason, use Update/[ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-csp-update#update-excludewudriversinqualityupdate).
Drivers are automatically enabled because they're beneficial to device systems. We recommend that you allow the driver policy to allow drivers to be updated on devices (the default), but you can turn off this setting if you prefer to manage drivers manually. If you want to disable driver updates for some reason, use Update/[ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-csp-update#update-excludewudriversinqualityupdate).
We also recommend that you allow Microsoft product updates as discussed previously.
@ -52,17 +52,17 @@ Drivers are automatically enabled because they are beneficial to device systems.
#### I want to receive pre-release versions of the next feature update
1. Ensure that you are enrolled in the Windows Insider Program for Business. This is a completely free program available to commercial customers to aid them in their validation of feature updates before they are released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates.
1. Ensure that you're enrolled in the Windows Insider Program for Business. This is a free program available to commercial customers to aid them in their validation of feature updates before they're released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates.
1. For any of test devices you want to install pre-release builds, use [Update/ManagePreviewBuilds](/windows/client-management/mdm/policy-csp-update#update-managepreviewbuilds). Set this to **Enable preview builds**.
1. Use [Update/BranchReadinessLevel](/windows/client-management/mdm/policy-csp-update#update-branchreadinesslevel) and select one of the preview Builds. Windows Insider Program Slow is the recommended channel for commercial customers who are using pre-release builds for validation.
1. Additionally, you can defer pre-release feature updates the same way as released updates, by setting a deferral period up to 14 days by using [Update/DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-csp-update#update-deferfeatureupdatesperiodindays). If you are testing with Windows Insider Program Slow builds, we recommend that you receive the preview updates to your IT department on day 0, when the update is released, and then have a 7-10 day deferral before rolling out to your group of testers. This ensures that if a problem is discovered, you can pause the rollout of the preview update before it reaches your tests.
1. Additionally, you can defer pre-release feature updates the same way as released updates, by setting a deferral period up to 14 days by using [Update/DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-csp-update#update-deferfeatureupdatesperiodindays). If you're testing with Windows Insider Program Slow builds, we recommend that you receive the preview updates to your IT department on day 0, when the update is released, and then have a 7-10 day deferral before rolling out to your group of testers. This ensures that if a problem is discovered, you can pause the rollout of the preview update before it reaches your tests.
#### I want to manage which released feature update my devices receive
A Windows Update for Business administrator can defer or pause updates. You can defer feature updates for up to 365 days and defer quality updates for up to 30 days. Deferring simply means that you will not receive the update until it has been released for at least the number of deferral days you specified (offer date = release date + deferral date). You can pause feature or quality updates for up to 35 days from a given start date that you specify.
A Windows Update for Business administrator can defer or pause updates. You can defer feature updates for up to 365 days and defer quality updates for up to 30 days. Deferring simply means that you won't receive the update until it has been released for at least the number of deferral days you specified (offer date = release date + deferral date). You can pause feature or quality updates for up to 35 days from a given start date that you specify.
- To defer a feature update: [Update/DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-csp-update#update-deferfeatureupdatesperiodindays)
- To pause a feature update: [Update/PauseFeatureUpdatesStartTime](/windows/client-management/mdm/policy-csp-update#update-pausefeatureupdatesstarttime)
@ -99,7 +99,7 @@ At this point, the IT administrator can set a policy to pause the update. In thi
![illustration of rings with pause quality update check box selected.](images/waas-wufb-pause.png)
Now all devices are paused from updating for 35 days. When the pause is removed, they will be offered the *next* quality update, which ideally will not have the same issue. If there is still an issue, the IT admin can pause updates again.
Now all devices are paused from updating for 35 days. When the pause is removed, they'll be offered the *next* quality update, which ideally won't have the same issue. If there's still an issue, the IT admin can pause updates again.
@ -156,7 +156,7 @@ When **Specify deadlines for automatic updates and restarts** is set (For Window
![The notification users get for an impending restart prior to deadline.](images/wufb-update-deadline-warning.png)
- If the user scheduled a restart, or if an auto restart is scheduled, 15 minutes before the scheduled time the user is receives this notification that the restart is about to occur:
- If the user scheduled a restart, or if an auto restart is scheduled, 15 minutes before the scheduled time the user receives this notification that the restart is about to occur:
![The notification users get for an impending restart 15 minutes prior to restart.](images/wufb-restart-imminent-warning.png)
@ -174,7 +174,7 @@ When **Specify deadlines for automatic updates and restarts** is set (For Window
There are additional settings that affect the notifications.
We recommend that you use the default notifications as they aim to provide the best user experience while adjusting for the compliance policies that you have set. If you do have further needs that are not met by the default notification settings, you can use the [Update/UpdateNotificationLevel](/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel) policy with these values:
We recommend that you use the default notifications as they aim to provide the best user experience while adjusting for the compliance policies that you have set. If you do have further needs that aren't met by the default notification settings, you can use the [Update/UpdateNotificationLevel](/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel) policy with these values:
**0** (default) Use the default Windows Update notifications<br/>
**1** Turn off all notifications, excluding restart warnings<br/>
@ -194,4 +194,16 @@ When you disable this setting, users will see **Some settings are managed by you
If you use Windows Server Update Server (WSUS), you can prevent users from scanning Windows Update. To do this, use [Update/SetDisableUXWUAccess](/windows/client-management/mdm/policy-csp-update#update-setdisableuxwuaccess).
#### I want to enable features introduced via servicing that are off by default
<!--6544872-->
(*Starting in Windows 11, version 22H2 or later*)
New features and enhancements are introduced through the monthly cumulative update to provide continuous innovation for Windows 11. To give organizations time to plan and prepare, some of these new features are temporarily turned off by default. Features that are turned off by default are listed in the KB article for the monthly cumulative update. Typically, a feature is selected to be off by default because it either impacts the user experience or IT administrators significantly.
The features that are turned off by default from servicing updates will be enabled in the next annual feature update. Organizations can choose to deploy feature updates at their own pace, to delay these features until they're ready for them.
You can enable these features by using [AllowTemporaryEnterpriseFeatureControl](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowtemporaryenterprisefeaturecontrol). The following options are available:
- **0** (default): Allowed. All features in the latest monthly cumulative update are enabled.
- When the policy is set to **0**, all features that are currently turned off will turn on when the device next reboots
- **1** - Not allowed. Features that are shipped turned off by default will remain off

55
windows/deployment/update/waas-wufb-group-policy.md
View File

@ -1,6 +1,6 @@
---
title: Configure Windows Update for Business via Group Policy
description: Walk-through demonstration of how to configure Windows Update for Business settings using Group Policy.
description: Walk through of how to configure Windows Update for Business settings using Group Policy.
ms.prod: windows-client
author: mestew
ms.localizationpriority: medium
@ -10,7 +10,7 @@ ms.collection:
manager: aaroncz
ms.topic: article
ms.technology: itpro-updates
ms.date: 12/31/2017
ms.date: 02/28/2023
---
# Walkthrough: Use Group Policy to configure Windows Update for Business
@ -25,7 +25,7 @@ ms.date: 12/31/2017
## Overview
You can use Group Policy through the Group Policy Management Console (GPMC) to control how Windows Update for Business works. You should consider and devise a deployment strategy for updates before you make changes to the Windows Update for Business settings. See [Prepare servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md) for more information.
You can use Group Policy through the Group Policy Management Console (GPMC) to control how Windows Update for Business works. You should consider and devise a deployment strategy for updates before you make changes to the Windows Update for Business settings. For more information, see [Prepare servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md) for more information.
An IT administrator can set policies for Windows Update for Business by using Group Policy, or they can be set locally (per device). All of the relevant policies are under the path **Computer configuration > Administrative Templates > Windows Components > Windows Update**.
@ -53,7 +53,7 @@ Follow these steps on a device running the Remote Server Administration Tools or
5. Right-click the **"Windows Update for Business - Group 1"** object, and then select **Edit**.
6. In the Group Policy Management Editor, go to **Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update**. You are now ready to start assigning policies to this ring (group) of devices.
6. In the Group Policy Management Editor, go to **Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update**. You're now ready to start assigning policies to this ring (group) of devices.
## Manage Windows Update offerings
@ -64,9 +64,9 @@ You can control when updates are applied, for example by deferring when an updat
Both feature and quality updates are automatically offered to devices that are connected to Windows Update using Windows Update for Business policies. However, you can choose whether you want the devices to additionally receive other Microsoft Updates or drivers that are applicable to that device.
To enable Microsoft Updates use the Group Policy Management Console go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates** and select **Install updates for other Microsoft products**.
To enable Microsoft Updates, use the Group Policy Management Console go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates** and select **Install updates for other Microsoft products**.
Drivers are automatically enabled because they are beneficial to device systems. We recommend that you allow the driver policy to allow drivers to update on devices (the default), but you can turn this setting off if you prefer to manage drivers manually. If you want to disable driver updates for some reason, use the Group Policy Management Console to go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not include drivers with Windows Updates** and enable the policy.
Drivers are automatically enabled because they're beneficial to device systems. We recommend that you allow the driver policy to allow drivers to update on devices (the default), but you can turn off this setting if you prefer to manage drivers manually. If you want to disable driver updates for some reason, use the Group Policy Management Console to go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not include drivers with Windows Updates** and enable the policy.
We also recommend that you allow Microsoft product updates as discussed previously.
@ -74,7 +74,7 @@ Drivers are automatically enabled because they are beneficial to device systems.
#### I want to receive pre-release versions of the next feature update
1. Ensure that you are enrolled in the Windows Insider Program for Business. This is a completely free program available to commercial customers to aid them in their validation of feature updates before they are released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates.
1. Ensure that you're enrolled in the Windows Insider Program for Business. This is a free program available to commercial customers to aid them in their validation of feature updates before they're released. Joining the program enables you to receive updates prior to their release and receive emails and content related to what is coming in the next updates.
2. Use Group Policy Management Console to go to: **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Manage preview builds** and set the policy to **Enable preview builds** for any of test devices you want to install pre-release builds.
@ -84,18 +84,18 @@ Drivers are automatically enabled because they are beneficial to device systems.
#### I want to manage which released feature update my devices receive
A Windows Update for Business administrator can defer or pause updates. You can defer feature updates for up to 365 days and defer quality updates for up to 30 days. Deferring simply means that you will not receive the update until it has been released for at least the number of deferral days you specified (offer date = release date + deferral date). You can pause feature or quality updates for up to 35 days from a given start date that you specify.
A Windows Update for Business administrator can defer or pause updates. You can defer feature updates for up to 365 days and defer quality updates for up to 30 days. Deferring simply means that you won't receive the update until it has been released for at least the number of deferral days you specified (offer date = release date + deferral date). You can pause feature or quality updates for up to 35 days from a given start date that you specify.
- To defer or pause a feature update: **Computer configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and feature updates are Received**
- Defer or pause a quality update: **Computer configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Quality Updates are Received**
#### Example
In this example, there are three rings for quality updates. The first ring ("pilot") has a deferral period of 0 days. The second ring ("fast") has a deferral of five days. The third ring ("slow") has a deferral of ten days.
In this example, there are three rings for quality updates. The first ring ("pilot") has a deferral period of 0 days. The second ring ("fast") has a deferral of five days. The third ring ("slow") has a deferral of 10 days.
:::image type="content" alt-text="illustration of devices divided into three rings." source="images/waas-wufb-3-rings.png" lightbox="images/waas-wufb-3-rings.png":::
When the quality update is released, it is offered to devices in the pilot ring the next time they scan for updates.
When the quality update is released, it's offered to devices in the pilot ring the next time they scan for updates.
##### Five days later
The devices in the fast ring are offered the quality update the next time they scan for updates.
@ -103,11 +103,11 @@ The devices in the fast ring are offered the quality update the next time they s
:::image type="content" alt-text="illustration of devices with fast ring deployed." source="images/waas-wufb-fast-ring.png" lightbox="images/waas-wufb-fast-ring.png":::
##### Ten days later
Ten days after the quality update is released, it is offered to the devices in the slow ring the next time they scan for updates.
Ten days after the quality update is released, it's offered to the devices in the slow ring the next time they scan for updates.
:::image type="content" alt-text="illustration of devices with slow ring deployed." source="images/waas-wufb-slow-ring.png" lightbox="images/waas-wufb-slow-ring.png":::
If no problems occur, all of the devices that scan for updates will be offered the quality update within ten days of its release, in three waves.
If no problems occur, all of the devices that scan for updates will be offered the quality update within 10 days of its release, in three waves.
##### What if a problem occurs with the update?
@ -119,13 +119,13 @@ At this point, the IT administrator can set a policy to pause the update. In thi
:::image type="content" alt-text="illustration of rings with pause quality update check box selected." source="images/waas-wufb-pause.png" lightbox="images/waas-wufb-pause.png":::
Now all devices are paused from updating for 35 days. When the pause is removed, they will be offered the *next* quality update, which ideally will not have the same issue. If there is still an issue, the IT admin can pause updates again.
Now all devices are paused from updating for 35 days. When the pause is removed, they'll be offered the *next* quality update, which ideally won't have the same issue. If there's still an issue, the IT admin can pause updates again.
#### I want to stay on a specific version
If you need a device to stay on a version beyond the point when deferrals on the next version would elapse or if you need to skip a version, use the **Select the target feature update version** setting instead of using the **Specify when Preview Builds and feature updates are received** setting for feature update deferrals. When you use this policy, specify the version that you want your devices to use. If you don't update this before the device reaches end of service, the device will automatically be updated once it is 60 days past end of service for its edition.
If you need a device to stay on a version beyond the point when deferrals on the next version would elapse or if you need to skip a version, use the **Select the target feature update version** setting instead of using the **Specify when Preview Builds and feature updates are received** setting for feature update deferrals. When you use this policy, specify the version that you want your devices to use. If you don't update this before the device reaches end of service, the device will automatically be updated once it's 60 days past end of service for its edition.
When you set the target version policy, if you specify a feature update version that is older than your current version or set a value that isn't valid, the device will not receive any feature updates until the policy is updated. When you specify target version policy, feature update deferrals will not be in effect.
When you set the target version policy, if you specify a feature update version that is older than your current version or set a value that isn't valid, the device won't receive any feature updates until the policy is updated. When you specify target version policy, feature update deferrals won't be in effect.
### Manage how users experience updates
@ -135,7 +135,7 @@ We recommend that you allow to update automatically--this is the default behavio
For more granular control, you can set the maximum period of active hours the user can set with **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify active hours range for auto restart**.
It's best to refrain from setting the active hours policy because it's enabled by default when automatic updates are not disabled and provides a better experience when users can set their own active hours. If you do want to set active hours, use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Turn off auto-restart for updates during active hours**.
It's best to refrain from setting the active hours policy because it's enabled by default when automatic updates aren't disabled and provides a better experience when users can set their own active hours. If you do want to set active hours, use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Turn off auto-restart for updates during active hours**.
To update outside of the active hours, you don't need to set any additional settings: simply don't disable automatic restarts. For even more granular control, consider using automatic updates to schedule the install time, day, or week. To do this, use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates** and select **Auto download and schedule the install**. You can customize this setting to accommodate the time that you want the update to be installed for your devices.
@ -145,7 +145,7 @@ When you set these policies, installation happens automatically at the specified
We recommend that you use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadline for automatic updates and restarts** for feature and quality updates to ensure that devices stay secure on Windows 10, version 1709 and later. This works by enabling you to specify the number of days that can elapse after an update is offered to a device before it must be installed. Also you can set the number of days that can elapse after a pending restart before the user is forced to restart.
This policies also offers an option to opt out of automatic restarts until a deadline is reached by presenting an "engaged restart experience" until the deadline has actually expired. At that point the device will automatically schedule a restart regardless of active hours.
This policy also offers an option to opt out of automatic restarts until a deadline is reached by presenting an "engaged restart experience" until the deadline has actually expired. At that point the device will automatically schedule a restart regardless of active hours.
These notifications are what the user sees depending on the settings you choose:
@ -159,7 +159,7 @@ When **Specify deadlines for automatic updates and restarts** is set (For Window
![The notification users get for an impending restart prior to deadline.](images/wufb-update-deadline-warning.png)
- If the user scheduled a restart, or if an auto restart is scheduled, 15 minutes before the scheduled time the user is receives this notification that the restart is about to occur:
- If the user scheduled a restart, or if an auto restart is scheduled, 15 minutes before the scheduled time the user receives this notification that the restart is about to occur:
![The notification users get for an impending restart 15 minutes prior to restart.](images/wufb-restart-imminent-warning.png)
@ -177,7 +177,7 @@ When **Specify deadlines for automatic updates and restarts** is set (For Window
There are additional settings that affect the notifications.
We recommend that you use the default notifications as they aim to provide the best user experience while adjusting for the compliance policies that you have set. If you do have further needs that are not met by the default notification settings, you can use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Display options for update notifications** with these values:
We recommend that you use the default notifications as they aim to provide the best user experience while adjusting for the compliance policies that you have set. If you do have further needs that aren't met by the default notification settings, you can use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Display options for update notifications** with these values:
**0** (default) - Use the default Windows Update notifications </br>
**1** - Turn off all notifications, excluding restart warnings </br>
@ -192,9 +192,24 @@ Still more options are available in **Computer Configuration > Administrative Te
#### I want to manage the update settings a user can access
Every Windows device provides users with a variety of controls they can use to manage Windows Updates. They can access these controls by Search to find Windows Updates or by going selecting **Updates and Security** in **Settings**. We provide the ability to disable a variety of these controls that are accessible to users.
Every Windows device provides users with various controls they can use to manage Windows Updates. They can access these controls by Search to find Windows Updates or by going selecting **Updates and Security** in **Settings**. We provide the ability to disable a variety of these controls that are accessible to users.
Users with access to update pause settings can prevent both feature and quality updates for 7 days. You can prevent users from pausing updates through the Windows Update settings page by using **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Remove access to “Pause updates**.
When you disable this setting, users will see **Some settings are managed by your organization** and the update pause settings are greyed out.
If you use Windows Server Update Server (WSUS), you can prevent users from scanning Windows Update. To do this, use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Remove access to use all Windows Update features**.
#### I want to enable features introduced via servicing that are off by default
<!--6544872-->
(*Starting in Windows 11, version 22H2 or later*)
New features and enhancements are introduced through the monthly cumulative update to provide continuous innovation for Windows 11. To give organizations time to plan and prepare, some of these new features are temporarily turned off by default. Features that are turned off by default are listed in the KB article for the monthly cumulative update. Typically, a feature is selected to be off by default because it either impacts the user experience or IT administrators significantly.
The features that are turned off by default from servicing updates will be enabled in the next annual feature update. Organizations can choose to deploy feature updates at their own pace, to delay these features until they're ready for them.
You can enable these features by using **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage end user experience > Enable features introduced via servicing that are off by default**. The following options are available:
- **Enabled**: All features in the latest monthly cumulative update are enabled.
- When the policy is set to **Enabled**, all features that are currently turned off will turn on when the device next reboots
- **Disabled** - Features that are shipped turned off by default will remain off
- **Not configured** - Features that are shipped turned off by default will remain off

4
windows/deployment/update/wufb-reports-configuration-intune.md
View File

@ -32,7 +32,7 @@ Create a configuration profile that will set the required policies for Windows U
### Settings catalog
1. In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Windows** > **Configuration profiles**.
1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Windows** > **Configuration profiles**.
1. On the **Configuration profiles** view, select **Create profile**.
1. Select **Platform**="Windows 10 and later" and **Profile type**="Settings Catalog", and then select **Create**.
1. You're now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**.
@ -57,7 +57,7 @@ Create a configuration profile that will set the required policies for Windows U
### Custom OMA URI-based profile
1. In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Windows** > **Configuration profiles**.
1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Windows** > **Configuration profiles**.
1. On the **Configuration profiles** view, select **Create profile**.
1. Select **Platform**="Windows 10 and later" and **Profile type**="Templates".
1. For **Template name**, select **Custom**, and then select **Create**.

4
windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
View File

@ -17,7 +17,7 @@ msreviewer: hathind
There are several ways that Windows Autopatch service communicates with customers. To streamline communication and ensure we're checking with the right people when you [submit a support request](../operate/windows-autopatch-support-request.md), you must provide a set of admin contacts when you onboard with Windows Autopatch.
> [!IMPORTANT]
> You might have already added these contacts in the Microsoft Endpoint Manager admin center during the [enrollment process](../prepare/windows-autopatch-enroll-tenant.md#step-4-enroll-your-tenant), or if you've [submitted a tenant enrollment support request](../prepare/windows-autopatch-enrollment-support-request.md). However, take a moment to double-check that the contact list is accurate, since the Windows Autopatch Service Engineering Team must be able to reach them if a severe incident occurs.
> You might have already added these contacts in the Microsoft Intune admin center during the [enrollment process](../prepare/windows-autopatch-enroll-tenant.md#step-4-enroll-your-tenant), or if you've [submitted a tenant enrollment support request](../prepare/windows-autopatch-enrollment-support-request.md). However, take a moment to double-check that the contact list is accurate, since the Windows Autopatch Service Engineering Team must be able to reach them if a severe incident occurs.
You must have an admin contact for each specified area of focus. The Windows Autopatch Service Engineering Team will contact these individuals for assistance with your support request. Admin contacts should be the best person or group that can answer questions and make decisions for different [areas of focus](#area-of-focus).
@ -35,7 +35,7 @@ Your admin contacts will receive notifications about support request updates and
**To add admin contacts:**
1. Sign into the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Under **Tenant administration** in the **Windows Autopatch** section, select **Admin contacts**.
1. Select **+Add**.
1. Enter the contact details including name, email, phone number and preferred language. For a support ticket, the ticket's primary contact's preferred language will determine the language used for email communications.

4
windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
View File

@ -144,7 +144,7 @@ Since existing Windows 365 Cloud PCs already have an existing Azure AD device ID
**To register devices with Windows Autopatch:**
1. Go to the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Go to the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Select **Devices** from the left navigation menu.
3. Under the **Windows Autopatch** section, select **Devices**.
4. Select either the **Ready** or the **Not registered** tab, then select the **Windows Autopatch Device Registration** hyperlink. The Azure Active Directory group blade opens.
@ -164,7 +164,7 @@ Windows 365 Enterprise gives IT admins the option to register devices with the W
**To register new Windows 365 Cloud PC devices with Windows Autopatch from the Windows 365 Provisioning Policy:**
1. Go to the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Go to the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. In the left pane, select **Devices**.
1. Navigate to Provisioning > **Windows 365**.
1. Select Provisioning policies > **Create policy**.

4
windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md
View File

@ -18,7 +18,7 @@ To avoid end-user disruption, device deregistration in Windows Autopatch only de
**To deregister a device:**
1. Sign into the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Select **Windows Autopatch** in the left navigation menu.
1. Select **Devices**.
1. In either **Ready** or **Not ready** tab, select the device(s) you want to deregister.
@ -42,7 +42,7 @@ You can hide unregistered devices you don't expect to be remediated anytime soon
**To hide unregistered devices:**
1. Sign into the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Select **Windows Autopatch** in the left navigation menu.
1. Select **Devices**.
1. In the **Not ready** tab, select an unregistered device or a group of unregistered devices you want to hide then select **Status == All**.

6
windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md
View File

@ -23,7 +23,7 @@ Support requests are triaged and responded to as they're received.
**To submit a new support request:**
1. Sign into the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to the **Tenant administration** menu.
1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to the **Tenant administration** menu.
1. In the **Windows Autopatch** section, select **Support requests**.
1. In the **Support requests** section, select **+ New support request**.
1. Enter your question(s) and/or a description of the problem.
@ -57,7 +57,7 @@ You can see the summary status of all your support requests. At any time, you ca
**To view all your active support requests:**
1. Sign into the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to the **Tenant Administration** menu.
1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to the **Tenant Administration** menu.
1. In the **Windows Autopatch** section, select **Support request**.
1. From this view, you can export the summary view or select any case to view the details.
@ -67,7 +67,7 @@ You can edit support request details, for example, updating the primary case con
**To edit support request details:**
1. Sign into the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to the **Tenant Administration** menu.
1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to the **Tenant Administration** menu.
1. In the **Windows Autopatch** section, select **Support request**.
1. In the **Support requests** section, use the search bar or filters to find the case you want to edit.
1. Select the case to open the request's details.

2
windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md
View File

@ -71,7 +71,7 @@ If you want to move separate devices to different deployment rings, after Window
**To move devices in between deployment rings:**
1. In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices** in the left pane.
1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices** in the left pane.
2. In the **Windows Autopatch** section, select **Devices**.
3. In the **Ready** tab, select one or more devices you want to assign. All selected devices will be assigned to the deployment ring you specify.
4. Select **Device actions** from the menu.

2
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-overview.md
View File

@ -89,7 +89,7 @@ Windows Autopatch provides a permanent pause of a Windows feature update deploym
**To pause or resume a Windows feature update:**
1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Select **Devices** from the left navigation menu.
3. Under the **Windows Autopatch** section, select **Release management**.
4. In the **Release management** blade, select either: **Pause** or **Resume**.

2
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-historical-report.md
View File

@ -18,7 +18,7 @@ The historical All devices report provides a visual representation of the update
**To view the historical All devices report:**
1. Sign into the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Sign into the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Navigate to **Reports** > **Windows Autopatch** > **Windows Quality Updates**.
1. Select the **Reports** tab.
1. Select **All devices report—historical**.

2
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-report.md
View File

@ -18,7 +18,7 @@ The All devices report provides a per device view of the current update status f
**To view the All devices report:**
1. Sign into the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Sign into the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Navigate to **Reports** > **Windows Autopatch** > **Windows Quality Updates**.
1. Select the **Reports** tab.
1. Select **All devices report**.

4
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-communications.md
View File

@ -24,7 +24,7 @@ Communications are posted to, as appropriate for the type of communication, to t
- Message center
- Service health dashboard
- Windows Autopatch messages section of the Microsoft Endpoint Manager admin center
- Windows Autopatch messages section of the Microsoft Intune admin center
:::image type="content" source="../media/update-communications.png" alt-text="Update communications timeline" lightbox="../media/update-communications.png":::
@ -38,7 +38,7 @@ Communications are posted to, as appropriate for the type of communication, to t
## Communications during release
The most common type of communication during a release is a customer advisory. Customer advisories are posted to both Message center and the Messages blade of the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) shortly after Autopatch becomes aware of the new information.
The most common type of communication during a release is a customer advisory. Customer advisories are posted to both Message center and the Messages blade of the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) shortly after Autopatch becomes aware of the new information.
There are some circumstances where Autopatch will need to change the release schedule based on new information.

2
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-eligible-devices-historical-report.md
View File

@ -18,7 +18,7 @@ The historical Eligible devices report provides a visual representation of the u
**To view the historical Eligible devices report:**
1. Sign into the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Sign into the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Navigate to **Reports** > **Windows Autopatch** > **Windows Quality Updates**.
1. Select the **Reports** tab.
1. Select **Eligible devices report—historical**.

2
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-ineligible-devices-historical-report.md
View File

@ -21,7 +21,7 @@ The historical Ineligible devices report provides a visual representation of why
**To view the historical Ineligible devices report:**
1. Sign into the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Sign into the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Navigate to **Reports** > **Windows Autopatch** > **Windows Quality Updates**.
1. Select the **Reports** tab.
1. Select **Ineligible devices report—historical**.

6
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview.md
View File

@ -94,7 +94,7 @@ By default, the service expedites quality updates as needed. For those organizat
**To turn off service-driven expedited quality updates:**
1. Go to **[Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431)** > **Devices**.
1. Go to **[Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)** > **Devices**.
2. Under **Windows Autopatch** > **Release management**, go to the **Release settings** tab and turn off the **Expedited quality updates** setting.
> [!NOTE]
@ -106,7 +106,7 @@ Windows Autopatch schedules and deploys required Out of Band (OOB) updates relea
**To view deployed Out of Band quality updates:**
1. Go to [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Devices** > **Windows Autopatch** > **Release management**.
1. Go to [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Devices** > **Windows Autopatch** > **Release management**.
2. Under the **Release Announcements** tab, you can view the knowledge base (KB) articles corresponding to deployed OOB and regular Windows quality updates.
> [!NOTE]
@ -126,7 +126,7 @@ If Windows Autopatch detects a [significant issue with a release](../operate/win
**To pause or resume a Windows quality update:**
1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Select **Devices** from the left navigation menu.
3. Under the **Windows Autopatch** section, select **Release management**.
4. In the **Release management** blade, select either: **Pause** or **Resume**.

2
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-summary-dashboard.md
View File

@ -18,7 +18,7 @@ The Summary dashboard provides a summary view of the current update status for a
**To view the current update status for all your enrolled devices:**
1. Sign into the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Sign into the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Navigate to **Reports** > **Windows Autopatch** > **Windows Quality Updates**.
:::image type="content" source="../media/windows-autopatch-summary-dashboard.png" alt-text="Summary dashboard" lightbox="../media/windows-autopatch-summary-dashboard.png":::

4
windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
View File

@ -38,7 +38,7 @@ This article outlines your responsibilities and Windows Autopatch's responsibili
| Task | Your responsibility | Windows Autopatch |
| ----- | :-----: | :-----: |
| [Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md) in Microsoft Endpoint Manager | :heavy_check_mark: | :x: |
| [Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md) in Microsoft Intune | :heavy_check_mark: | :x: |
| [Deploy and configure Windows Autopatch service configuration](../references/windows-autopatch-changes-to-tenant.md) | :x: | :heavy_check_mark: |
| Educate users on the Windows Autopatch end user update experience<ul><li>[Windows quality update end user experience](../operate/windows-autopatch-windows-quality-update-end-user-exp.md)</li><li>[Windows feature update end user experience](../operate/windows-autopatch-windows-feature-update-end-user-exp.md)</li><li>[Microsoft 365 Apps for enterprise end user experience](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#end-user-experience)</li><li>[Microsoft Teams end user experience](../operate/windows-autopatch-teams.md#end-user-experience)</li></ul> | :heavy_check_mark: | :x: |
| Remove your devices from existing unsupported [Windows update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies | :heavy_check_mark: | :x: |
@ -58,7 +58,7 @@ This article outlines your responsibilities and Windows Autopatch's responsibili
| Task | Your responsibility | Windows Autopatch |
| ----- | :-----: | :-----: |
| [Maintain contacts in the Microsoft Endpoint Manager admin center](../deploy/windows-autopatch-admin-contacts.md) | :heavy_check_mark: | :x: |
| [Maintain contacts in the Microsoft Intune admin center](../deploy/windows-autopatch-admin-contacts.md) | :heavy_check_mark: | :x: |
| [Maintain and manage the Windows Autopatch service configuration](../operate/windows-autopatch-maintain-environment.md) | :x: | :heavy_check_mark: |
| [Maintain customer configuration to align with the Windows Autopatch service configuration](../operate/windows-autopatch-maintain-environment.md) | :heavy_check_mark: | :x: |
| [Run on-going checks to ensure devices are only present in one deployment ring](../operate/windows-autopatch-update-management.md#automated-deployment-ring-remediation-functions) | :x: | :heavy_check_mark: |

6
windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
View File

@ -19,7 +19,7 @@ Before you enroll in Windows Autopatch, there are settings, and other parameters
> [!IMPORTANT]
> You must be a Global Administrator to enroll your tenant.
The Readiness assessment tool, accessed in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), checks management or configuration-related settings. This tool allows you to check the relevant settings, and details steps to fix any settings that aren't configured properly for Windows Autopatch.
The Readiness assessment tool, accessed in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), checks management or configuration-related settings. This tool allows you to check the relevant settings, and details steps to fix any settings that aren't configured properly for Windows Autopatch.
## Step 1: Review all prerequisites
@ -37,7 +37,7 @@ The Readiness assessment tool checks the settings in [Microsoft Intune](#microso
> [!IMPORTANT]
> You must be a Global Administrator to run the Readiness assessment tool.
1. Go to the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Go to the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. In the left pane, select Tenant administration and then navigate to Windows Autopatch > **Tenant enrollment**.
> [!IMPORTANT]
@ -109,7 +109,7 @@ Windows Autopatch retains the data associated with these checks for 12 months af
**To delete the data we collect:**
1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Navigate to Windows Autopatch > **Tenant enrollment**.
3. Select **Delete all data**.

2
windows/deployment/windows-autopatch/prepare/windows-autopatch-enrollment-support-request.md
View File

@ -35,6 +35,6 @@ If you have a question about the case, the best way to get in touch is to reply
**To view all your active tenant enrollment support requests:**
1. Sign into the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to the **Tenant Administration** menu.
1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to the **Tenant Administration** menu.
1. In the **Windows Autopatch** section, select **Tenant Enrollment**.
1. Select the **Support history** tab. You can view the list of all support cases, or select an individual case to view the details.

2
windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md
View File

@ -35,7 +35,7 @@ For each check, the tool will report one of four possible results:
## Microsoft Intune settings
You can access Intune settings at the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
You can access Intune settings at the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
### Unlicensed admins

20
windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies.md
View File

@ -26,10 +26,10 @@ The following policies contain settings which apply to both Windows quality and
| ----- | ----- | ----- | ----- | ----- |
| Microsoft product updates | Allow | Allow | Allow | Allow |
| Windows drivers | Allow | Allow | Allow | Allow |
| Quality update deferral period | 0 | 1 | 6 | 9 |
| Feature update deferral period | 0 | 0 | 0 | 0 |
| Windows quality update deferral period | 0 | 1 | 6 | 9 |
| Windows feature update deferral period | 0 | 0 | 0 | 0 |
| Upgrade Windows 10 to latest Windows 11 release | No | No | No | No |
| Set feature update uninstall period | 30 days | 30 days | 30 days | 30 days |
| Set Windows feature update uninstall period | 30 days | 30 days | 30 days | 30 days |
| Servicing channel | General availability | General availability | General availability | General availability |
### Windows 10 and later user experience settings
@ -41,8 +41,8 @@ The following policies contain settings which apply to both Windows quality and
| Option to pause updates | Disable | Disable | Disable | Disable |
| Option to check for Windows updates | Default | Default | Default | Default |
| Change notification update level | Default | Default | Default | Default |
| Deadline for feature updates | 5 | 5 | 5 | 5 |
| Deadline for quality updates | 0 | 2 | 2 | 5 |
| Deadline for Windows feature updates | 5 | 5 | 5 | 5 |
| Deadline for Windows quality updates | 0 | 2 | 2 | 5 |
| Grace period | 0 | 2 | 2 | 2 |
| Auto-restart before deadline | Yes | Yes | Yes | Yes |
@ -53,24 +53,24 @@ The following policies contain settings which apply to both Windows quality and
| Included groups | Modern Workplace DevicesWindows Autopatch-Test | Modern Workplace DevicesWindows Autopatch-First | Modern Workplace DevicesWindows Autopatch-Fast | Modern Workplace DevicesWindows Autopatch-Broad |
| Excluded groups | None | None | None | None |
## Feature update policies
## Windows feature update policies
The service deploys policies using Microsoft Intune to control how feature updates are deployed to devices.
The service deploys policies using Microsoft Intune to control how Windows feature updates are deployed to devices.
### Feature updates for Windows 10 and later
### Windows feature updates for Windows 10 and later
These policies control the minimum target version of Windows which a device is meant to accept. Throughout the rest of the article, you will see these policies referred to as DSS policies. After onboarding there will be four of these policies in your tenant with the following naming convention:
**Modern Workplace DSS Policy [ring name]**
#### Feature update deployment settings
#### Windows feature update deployment settings
| Setting name | Test | First | Fast | Broad |
| ----- | ----- | ----- | ----- | ----- |
| Name | Current targeted version of Windows | Current targeted version of Windows | Current targeted version of Windows | Current targeted version of Windows |
| Rollout options | Immediate start | Immediate start | Immediate start | Immediate start |
#### Feature update policy assignments
#### Windows feature update policy assignments
| Setting name | Test | First | Fast | Broad |
| ----- | ----- | ----- | ----- | ----- |

6
windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
View File

@ -400,7 +400,7 @@ Your VM (or device) can be registered either via Intune or Microsoft Store for B
### Autopilot registration using Intune
1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Devices** > **Device enrollment | Enroll devices** > **Windows enrollment** > **Windows Autopilot Deployment Program | Devices** and then on the **Windows Autopilot devices** page, choose **Import**.
1. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Devices** > **Device enrollment | Enroll devices** > **Windows enrollment** > **Windows Autopilot Deployment Program | Devices** and then on the **Windows Autopilot devices** page, choose **Import**.
![Intune device import.](images/enroll1.png)
@ -456,7 +456,7 @@ Pick one:
The Autopilot deployment profile wizard asks for a device group, so you must create one first. To create a device group:
1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Groups** > **New group**.
1. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Groups** > **New group**.
2. In the **Group** pane:
1. For **Group type**, choose **Security**.
@ -605,7 +605,7 @@ To use the device (or VM) for other purposes after completion of this lab, you n
### Delete (deregister) Autopilot device
You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure AD), sign into the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), then go to **Devices > All Devices**. Select the device you want to delete, then select the **Delete** button along the top menu.
You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure AD), sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), then go to **Devices > All Devices**. Select the device you want to delete, then select the **Delete** button along the top menu.
> [!div class="mx-imgBorder"]
> ![Delete device step 1.](images/delete-device1.png)