deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Removed service principal as it is obsolete

Browse Source
This commit is contained in:
tiaraquan 2023-12-13 09:50:48 -08:00
parent 9498fc41e9
commit cc6c5c7598
2 changed files with 3 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
View File

@ -1,7 +1,7 @@
--- ---
title: Manage Windows Autopatch groups title: Manage Windows Autopatch groups
description: This article explains how to manage Autopatch groups description: This article explains how to manage Autopatch groups
ms.date: 07/25/2023 ms.date: 12/13/2023
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-updates ms.technology: itpro-updates
ms.topic: how-to ms.topic: how-to
@ -46,7 +46,7 @@ Before you start managing Autopatch groups, ensure youve met the following pr
- Windows Autopatch Ring2 - Windows Autopatch Ring2
- Windows Autopatch Ring3 - Windows Autopatch Ring3
- Windows Autopatch Last - Windows Autopatch Last
- Additionally, **don't** modify the Microsoft Entra group ownership of any of the groups above otherwise, Autopatch groups device registration process won't be able to add devices into these groups. If the ownership is modified, you must add the **Modern Workplace Management** Service Principal as the owner of these groups. - Additionally, **don't** modify the Microsoft Entra group ownership of any of the groups above otherwise, Autopatch groups device registration process won't be able to add devices into these groups. If the ownership is modified, you must add the **Modern Workplace Management** enterprise application as the owner of these groups.
- For more information, see [assign an owner or member of a group in Microsoft Entra ID](/azure/active-directory/privileged-identity-management/groups-assign-member-owner#assign-an-owner-or-member-of-a-group) for steps on how to add owners to Azure Microsoft Entra groups. - For more information, see [assign an owner or member of a group in Microsoft Entra ID](/azure/active-directory/privileged-identity-management/groups-assign-member-owner#assign-an-owner-or-member-of-a-group) for steps on how to add owners to Azure Microsoft Entra groups.
- Make sure you have [app-only auth turned on in your Windows Autopatch tenant](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions). Otherwise, the Autopatch groups functionality wont work properly. Autopatch uses app-only auth to: - Make sure you have [app-only auth turned on in your Windows Autopatch tenant](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions). Otherwise, the Autopatch groups functionality wont work properly. Autopatch uses app-only auth to:
- Read device attributes to successfully register devices. - Read device attributes to successfully register devices.

10
windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
View File

@ -1,7 +1,7 @@
--- ---
title: Changes made at tenant enrollment title: Changes made at tenant enrollment
description: This reference article details the changes made to your tenant when enrolling into Windows Autopatch description: This reference article details the changes made to your tenant when enrolling into Windows Autopatch
ms.date: 06/23/2023 ms.date: 12/13/2023
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-updates ms.technology: itpro-updates
ms.topic: reference ms.topic: reference
@ -32,14 +32,6 @@ Windows Autopatch creates an enterprise application in your tenant. This enterpr
| ----- | ------ | ----- | | ----- | ------ | ----- |
| Modern Workplace Management | The Modern Workplace Management application:<ul><li>Manages the service</li><li>Publishes baseline configuration updates</li><li>Maintains overall service health</li></ul> | <ul><li>DeviceManagementApps.ReadWrite.All</li><li>DeviceManagementConfiguration.ReadWrite.All</li><li>DeviceManagementManagedDevices.PriviligedOperation.All</li><li>DeviceManagementManagedDevices.ReadWrite.All</li><li>DeviceManagementRBAC.ReadWrite.All</li><li>DeviceManagementServiceConfig.ReadWrite.All</li><li>Directory.Read.All</li><li>Group.Create</li><li>Policy.Read.All</li><li>WindowsUpdates.ReadWrite.All</li></ul> | | Modern Workplace Management | The Modern Workplace Management application:<ul><li>Manages the service</li><li>Publishes baseline configuration updates</li><li>Maintains overall service health</li></ul> | <ul><li>DeviceManagementApps.ReadWrite.All</li><li>DeviceManagementConfiguration.ReadWrite.All</li><li>DeviceManagementManagedDevices.PriviligedOperation.All</li><li>DeviceManagementManagedDevices.ReadWrite.All</li><li>DeviceManagementRBAC.ReadWrite.All</li><li>DeviceManagementServiceConfig.ReadWrite.All</li><li>Directory.Read.All</li><li>Group.Create</li><li>Policy.Read.All</li><li>WindowsUpdates.ReadWrite.All</li></ul> |
### Service principal
Windows Autopatch will create a service principal in your tenant to establish an identity and restrict access to what resources the service has access to within the tenant. For more information, see [Application and service principal objects in Microsoft Entra ID](/azure/active-directory/develop/app-objects-and-service-principals#service-principal-object). The service principal created by Windows Autopatch is:
- Modern Workplace Customer APIs
<a name='azure-active-directory-groups'></a>
## Microsoft Entra groups ## Microsoft Entra groups
Windows Autopatch will create the required Microsoft Entra groups to operate the service. Windows Autopatch will create the required Microsoft Entra groups to operate the service.