From 8dcc4b2adc9de0ad95a0973ec07c507149ef383d Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Thu, 28 Jul 2022 13:19:42 -0400 Subject: [PATCH 1/2] Update BC --- windows/security/breadcrumb/toc.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/windows/security/breadcrumb/toc.yml b/windows/security/breadcrumb/toc.yml index c7cf229b3f..56a1f207bc 100644 --- a/windows/security/breadcrumb/toc.yml +++ b/windows/security/breadcrumb/toc.yml @@ -6,7 +6,11 @@ items: - name: Windows tocHref: /windows/ topicHref: /windows/resources/ - items: - - name: User security - tocHref: /windows-server/security/credentials-protection-and-management/ - topicHref: /windows/security/identity + items: + - name: Security + tocHref: /windows/security/ + topicHref: /windows/security/ + items: + - name: User security + tocHref: /windows-server/security/credentials-protection-and-management/ + topicHref: /windows/security/identity From 9833d8552467c14a363c206482b13da94c7944e1 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Thu, 28 Jul 2022 12:16:35 -0700 Subject: [PATCH 2/2] Added hyperlink on how to clean up stale AD device records. --- .../deploy/windows-autopatch-device-registration-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md index a0194753bf..cf47404f87 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md @@ -59,7 +59,7 @@ See the following detailed workflow diagram. The diagram covers the Windows Auto 2. If **not**, it means the device isn't enrolled into Intune, hence it can't be managed by the Windows Autopatch service. 2. **If the device is not managed by Intune**, the Windows Autopatch service can't gather device attributes such as operating system version, Intune enrollment date, device name and other attributes. When this happens, the Windows Autopatch service uses the Azure AD device attributes gathered and saved to its memory in **step 3a**. 1. Once it has the device attributes gathered from Azure AD in **step 3a**, the device is flagged with the **Prerequisite failed** status, then added to the **Not ready** tab so the IT admin can review the reason(s) the device wasn't registered into Windows Autopatch. The IT admin will remediate these devices. In this case, the IT admin should check why the device wasn’t enrolled into Intune. - 2. A common reason is when the Azure AD device ID is stale, it doesn’t have an Intune device ID associated with anymore. To remediate, clean up any stale Azure AD device records from your tenant. + 2. A common reason is when the Azure AD device ID is stale, it doesn’t have an Intune device ID associated with anymore. To remediate, [clean up any stale Azure AD device records from your tenant](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#clean-up-dual-state-of-hybrid-azure-ad-joined-and-azure-registered-devices-in-your-azure-ad-tenant). 3. **If the device is managed by Intune**, the Windows Autopatch prerequisite check function continues to the next prerequisite check, which evaluates whether the device has checked into Intune in the last 28 days. 3. **If the device is a Windows device or not**. 1. If it’s a Windows device, Windows Autopatch evaluates the following requirements: