deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 13:23:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' into patch-3

Browse Source
This commit is contained in:
Meghan Stewart
2023-05-09 08:10:01 -07:00
committed by GitHub
parent 52888f92d9 26b336ab89
commit d26fbad6a0
62 changed files with 1865 additions and 1514 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
windows/deployment/update/check-release-health.md
View File

@ -1,7 +1,7 @@
---
title: How to check Windows release health
description: Check the release health status of Microsoft 365 services before you call support to see if there's an active service interruption.
ms.date: 08/16/2022
ms.date: 05/03/2023
ms.author: mstewart
author: mestew
manager: aaroncz
@ -13,7 +13,7 @@ ms.technology: itpro-updates
# How to check Windows release health
The Windows release health page in the Microsoft 365 admin center enables you to view the latest information on known issues for Windows monthly and feature updates. A known issue is an issue that has been identified in a Windows monthly update or feature update that impacts Windows devices. The Windows release health page is designed to inform you about known issues. You can use this information to troubleshoot issues your users may be experiencing. You can also determine when, and at what scale, to deploy an update in your organization.
The Windows release health page in the Microsoft 365 admin center enables you to view the latest information on known issues for Windows monthly and feature updates. A known issue is an issue that impacts Windows devices and that has been identified in a Windows monthly update or feature update. The Windows release health page is designed to inform you about known issues. You can use this information to troubleshoot issues your users may be experiencing. You can also determine when, and at what scale, to deploy an update in your organization.
If you're unable to sign in to the Microsoft 365 admin portal, check the [Microsoft 365 service health](https://status.office365.com) status page to check for known issues preventing you from signing into your tenant.
@ -21,7 +21,7 @@ To be informed about the latest updates and releases, follow [@WindowsUpdate](ht
## How to review Windows release health information
1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com), and sign in with an administrator account.
1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com) and sign in with an administrator account.
> [!NOTE]
> By default, the Windows release health page is available to individuals who have been assigned the global admin or service administrator role for their tenant. To allow Exchange, SharePoint, and Skype for Business admins to view the Windows release health page, you must first assign them to a Service admin role. For more information about roles that can view service health, see [About admin roles](/microsoft-365/admin/add-users/about-admin-roles#commonly-used-microsoft-365-admin-center-roles).
@ -54,6 +54,21 @@ To be informed about the latest updates and releases, follow [@WindowsUpdate](ht
![A screenshot showing issue details.](images/WRH-known-issue-detail.png)
## Sign up for email notifications
You have the option to sign up for email notifications about Windows known issues and informational updates. Notifications include changes in issue status, new workarounds, and issue resolutions. To subscribe to notifications:
1. Go to the [Windows release health page](https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth).
1. Select **Preferences**>**Email**, then select **Send me email notifications about Windows release health**.
1. Specify the following information:
- Email address for the notifications
- Each admin account can specify up to two email addresses under their email preferences
- Windows versions to be notified about
1. Select **Save** when you're finished specifying email addresses and Windows versions. It may take up to 8 hours for these changes to take effect.
> [!Note]
> When a single known issue affects multiple versions of Windows, you'll receive only one email notification, even if you've selected notifications for multiple versions. Duplicate emails won't be sent.
## Status definitions
In the **Windows release health** experience, every known issue is assigned as status. Those statuses are defined as follows:

2
windows/deployment/update/wufb-reports-do.md
View File

@ -92,7 +92,7 @@ There are several calculated values that appear on the Delivery Optimization rep
In the **Efficiency By Group** subsection, the **GroupID** is displayed as an encoded SHA256 hash. You can create a mapping of original to encoded GroupIDs using the following PowerShell example:
```powershell
$text = "<myEncodedGroupID>" ;
$text = "<myEncodedGroupID>`0"; (the null-terminator (`0) must be included in the string hash)
$hashObj = [System.Security.Cryptography.HashAlgorithm]::Create('sha256') ; $dig = $hashObj.ComputeHash([System.Text.Encoding]::Unicode.GetBytes($text)) ; $digB64 = [System.Convert]::ToBase64String($dig) ; Write-Host "$text ==> $digB64"
```

7
windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
View File

@ -1,7 +1,7 @@
---
title: Device registration overview
description: This article provides an overview on how to register devices in Autopatch
ms.date: 05/01/2023
ms.date: 05/08/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: conceptual
@ -141,6 +141,9 @@ If your Autopatch groups have more than five deployment rings, and you must move
If you want to move devices to different deployment rings (either service or software update-based), after Windows Autopatch's deployment ring assignment, you can repeat the following steps for one or more devices from the**Registered**tab.
> [!IMPORTANT]
> You can only move devices in between deployment rings within the **same** Autopatch group. You can't move devices in between deployment rings across different Autopatch groups. If you try to select a device that belongs to one Autopatch group, and another device that belongs to a different Autopatch group, you'll receive the following error message on the top right corner of the Microsoft Intune portal: "**An error occurred. Please select devices within the same Autopatch group**.
**To move devices in between deployment rings:**
> [!NOTE]
@ -150,7 +153,7 @@ If you want to move devices to different deployment rings (either service or sof
1. In the**Windows Autopatch**section, select**Devices**.
1. In the**Registered**tab, select one or more devices you want to assign. All selected devices will be assigned to the deployment ring you specify.
1. Select**Device actions**from the menu.
1. Select**Assign device group**. A fly-in opens.
1. Select**Assign ring**. A fly-in opens.
1. Use the dropdown menu to select the deployment ring to move devices to, and then selectSave. TheRing assigned bycolumn will change toPending.
1. When the assignment is complete, the**Ring assigned by**column changes toAdmin(which indicates that you made the change) and the**Ring** column shows the new deployment ring assignment.

71
windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
View File

@ -1,7 +1,7 @@
---
title: Manage Windows Autopatch groups
description: This article explains how to manage Autopatch groups
ms.date: 05/01/2023
ms.date: 05/05/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: how-to
@ -26,6 +26,16 @@ Autopatch groups is a logical container or unit that groups several [Azure AD gr
Before you start managing Autopatch groups, ensure youve met the following prerequisites:
- Review [Windows Autopatch groups overview documentation](../deploy/windows-autopatch-groups-overview.md) to understand [key benefits](../deploy/windows-autopatch-groups-overview.md#key-benefits), [concepts](../deploy/windows-autopatch-groups-overview.md#key-concepts) and [common ways to use Autopatch groups](../deploy/windows-autopatch-groups-overview.md#common-ways-to-use-autopatch-groups) within your organization.
- Ensure the following [update rings for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-update-rings) are created in your tenant:
- Modern Workplace Update Policy [Test]-[Windows Autopatch]
- Modern Workplace Update Policy [First]-[Windows Autopatch]
- Modern Workplace Update Policy [Fast]-[Windows Autopatch]
- Modern Workplace Update Policy [Broad]-[Windows Autopatch]
- Ensure the following [feature updates for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-feature-updates) are created in your tenant:
- Windows Autopatch DSS Policy [Test]
- Windows Autopatch DSS Policy [First]
- Windows Autopatch DSS Policy [Fast]
- Windows Autopatch DSS Policy [Broad]
- Ensure the following Azure AD assigned groups are in your tenant before using Autopatch groups. **Dont** modify the Azure AD group membership types (Assigned or Dynamic). Otherwise, the Windows Autopatch service wont be able to read the device group membership from these groups and causes the Autopatch groups feature and other service-related operations to not work properly.
- Modern Workplace Devices-Windows Autopatch-Test
- Modern Workplace Devices-Windows Autopatch-First
@ -36,8 +46,8 @@ Before you start managing Autopatch groups, ensure youve met the following pr
- Windows Autopatch Ring2
- Windows Autopatch Ring3
- Windows Autopatch Last
- Additionally, **don't** modify the Azure AD group ownership of any of the groups above otherwise, Autopatch groups device registration process won't be able to add devices into these groups.
- For more information, see [assign an owner of member of a group in Azure AD](/azure/active-directory/privileged-identity-management/groups-assign-member-owner#assign-an-owner-or-member-of-a-group) on how to remediate Azure Azure AD group ownership.
- Additionally, **don't** modify the Azure AD group ownership of any of the groups above otherwise, Autopatch groups device registration process won't be able to add devices into these groups. If the ownership is modified, you must add the **Modern Workplace Management** Service Principal as the owner of these groups.
- For more information, see [assign an owner or member of a group in Azure AD](/azure/active-directory/privileged-identity-management/groups-assign-member-owner#assign-an-owner-or-member-of-a-group) for steps on how to add owners to Azure Azure AD groups.
- Make sure you have [app-only auth turned on in your Windows Autopatch tenant](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions). Otherwise, the Autopatch groups functionality wont work properly. Autopatch uses app-only auth to:
- Read device attributes to successfully register devices.
- Manage all configurations related to the operation of the service.
@ -45,6 +55,9 @@ Before you start managing Autopatch groups, ensure youve met the following pr
- Review your existing Azure AD group dynamic queries and direct device memberships to avoid having device membership overlaps in between device-based Azure AD groups that are going to be used with Autopatch groups. This can help prevent device conflicts within an Autopatch group or across several Autopatch groups. **Autopatch groups doesn't support user-based Azure AD groups**.
- Ensure devices used with your existing Azure AD groups meet [device registration prerequisite checks](../deploy/windows-autopatch-register-devices.md#prerequisites-for-device-registration) when being registered with the service. Autopatch groups register devices on your behalf, and devices can be moved to **Registered** or **Not registered** tabs in the Devices blade accordingly.
> [!TIP]
> [Update rings](/mem/intune/protect/windows-10-update-rings) and [feature updates](/mem/intune/protect/windows-10-feature-updates) for Windows 10 and later policies that are created and managed by Windows Autopatch can be restored using the [Policy health](../operate/windows-autopatch-policy-health-and-remediation.md) feature. For more information on remediation actions, see [restore Windows update policies](../operate/windows-autopatch-policy-health-and-remediation.md#restore-windows-update-policies).
> [!NOTE]
> During the public preview, Autopatch groups opt-in page will show a banner to let you know when one or more prerequisites are failing. Once you remediate the issue to meet the prerequisites, it can take up to an hour for your tenant to have the "Use preview" button available.
@ -110,7 +123,11 @@ You **cant** delete the Default Autopatch group. However, you can delete a Cu
> [!CAUTION]
> You cant delete a Custom Autopatch group when its being used as part of one or more active or paused feature update releases. However, you can delete a Custom Autopatch group when the release for either Windows quality or feature updates have either the **Scheduled** or **Paused** statuses.
## Manage device conflict scenarios when Autopatch groups
## Manage device conflict scenarios when using Autopatch groups
> [!IMPORTANT]
> The Windows Autopatch groups functionaliy is in **public preview**. This feature is being actively developed and not all device conflict detection and resolution scenarios are working as expected.
> For more information on what to expect for this scenario during public preview, see [Known issues](#known-issues).
Overlap in device membership is a common scenario when working with device-based Azure AD groups since sometimes dynamic queries can be large in scope or the same assigned device membership can be used across different Azure AD groups.
@ -157,4 +174,48 @@ When you create or edit the Custom or Default Autopatch group, Windows Autopatch
#### Device conflict post device registration
Autopatch groups will keep monitoring for all device conflict scenarios listed in the [Manage device conflict scenarios when using Autopatch groups](#manage-device-conflict-scenarios-when-autopatch-groups) section even after devices were successfully registered with the service.
Autopatch groups will keep monitoring for all device conflict scenarios listed in the [Manage device conflict scenarios when using Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#manage-device-conflict-scenarios-when-using-autopatch-groups) section even after devices were successfully registered with the service.
## Known issues
This section lists known issues with Autopatch groups during its public preview.
### Device conflict scenarios when using Autopatch groups
- **Status: Active**
The Windows Autopatch team is aware that all device conflict scenarios listed below are currently being evaluated during the device registration process to make sure devices are properly registered with the service, and not evaluated post-device registration. The Windows Autopatch team is currently developing detection and resolution for the followin device conflict scenarios, and plan to make them available during public preview.
- Default to Custom Autopatch device conflict detection and resolution.
- Device conflict detection and resolution within an Autopatch group.
- Custom to Custom Autopatch group device conflict detection.
> [!TIP]
> Use the following two best practices to help minimize device conflict scenarios when using Autopatch groups during the public preview:
>
> - Review your software update deployment requirements thoroughly. If your deployment requirements allow, try using the Default Autopatch group as much as possible, instead of start creating Custom Autopatch groups. You can customize the Default Autopatch to have up to 15 deployment rings, and you can use your existing device-based Azure AD groups with custom update deployment cadences.
> - If creating Custom Autopatch groups, try to avoid using device-based Azure AD groups that have device membership overlaps with the devices that are already registered with Windows Autopatch, and already belong to the Default Autopatch group.
### Autopatch group Azure AD group remediator
- **Status: Active**
The Windows Autopatch team is aware that the Windows Autopatch service isn't automatically restoring the Azure AD groups that get created during the Autopatch groups creation/editing process. If the following Azure AD groups, that belong to the Default Autopatch group and other Azure AD groups that get created with Custom Autopatch groups, are deleted or renamed, they won't be automatically remediated on your behalf yet:
- Windows Autopatch Test
- Windows Autopatch Ring1
- Windows Autopatch Ring2
- Windows Autopatch Ring3
- Windows Autopatch Last
The Windows Autopatch team is currently developing the Autopatch group Azure AD group remediator feature and plan to make it available during public preview.
> [!NOTE]
> The Autopatch group remediator won't remediate the service-based deployment rings:
>
> - Modern Workplace Devices-Windows Autopatch-Test
> - Modern Workplace Devices-Windows Autopatch-First
> - Modern Workplace Devices-Windows Autopatch-Fast
> - Modern Workplace Devices-Windows Autopatch-Broad
>
> Use the [Policy health feature](../operate/windows-autopatch-policy-health-and-remediation.md) to restore these groups, if needed. For more information, see [restore deployment groups](../operate/windows-autopatch-policy-health-and-remediation.md#restore-deployment-groups).

5
windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md
View File

@ -1,7 +1,7 @@
---
title: Windows Autopatch groups overview
description: This article explains what Autopatch groups are
ms.date: 05/01/2023
ms.date: 05/03/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: conceptual
@ -247,4 +247,7 @@ Autopatch groups works with the following software update workloads:
Windows Autopatch will support up to 50 Autopatch groups in your tenant. You can create up to 49 [Custom Autopatch groups](#about-custom-autopatch-groups) in addition to the [Default Autopatch group](#about-the-default-autopatch-group). Each Autopatch group supports up to 15 deployment rings.
> [!TIP]
> If you reach the maximum number of Autopatch groups supported (50), and try to create more Custom Autopatch groups, the "**Create**" option in the Autopatch groups blade will be greyed out.
To manage your Autopatch groups, see [Manage Windows Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md).

6
windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md
View File

@ -58,12 +58,12 @@ Alert resolutions are provided through the Windows Update service and provide th
| `DeviceRegistrationInvalidGlobalDeviceId` | The device isn't able to register or authenticate properly with Windows Update because of an invalid Global Device ID. |The Windows Update service has reported that the MSA Service may be disabled preventing Global Device ID assignment.<p>Check that the MSA Service is running or able to run on device.</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `DeviceRegistrationIssue` | The device isn't able to register or authenticate properly with Windows Update. | The Windows Update service has reported a device registration issue.<p>For more information, see [Windows Autopatch post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `DeviceRegistrationNoTrustType` | The device isn't able to register or authenticate properly with Windows Update because it can't establish Trust. | The Windows Update service has reported a device registration issue.<p>For more information, see [Windows Autopatch post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `DiskFull` | The installation couldn't be completed because the Windows partition is full. | The Windows Update service has reported there's insufficient disk space to perform the update. Free up disk space on the Windows partition and retry the installation.<p>For more information, see [Free up space for Windows Updates](/windows/free-up-space-for-windows-updates-429b12ba-f514-be0b-4924-ca6d16fa1d65#:~:text=Here%E2%80%99s%20how%20to%20get%20more%20storage%20space%20on,to%20Windows%20needs%20space%20to%20update.%20More%20items).</p> |
| `DiskFull` | The installation couldn't be completed because the Windows partition is full. | The Windows Update service has reported there's insufficient disk space to perform the update. Free up disk space on the Windows partition and retry the installation.<p>For more information, see [Free up space for Windows Updates](https://support.microsoft.com/windows/free-up-space-for-windows-updates-429b12ba-f514-be0b-4924-ca6d16fa1d65).</p> |
| `DownloadCancelled` | Windows Update couldn't download the update because the update server stopped the connection. | The Windows Update service has reported an issue with your update server. Validate your network is working and retry the download. If the alert persists, review your network configuration to make sure that this computer can access the internet.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).</p> |
| `DownloadConnectionIssue` | Windows Update couldn't connect to the update server and the update couldn't download. | The Windows Update service has reported an issue connecting to Windows Update. Review your network configuration, and to make sure that this computer can access the internet and Windows Update Online.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `DownloadCredentialsIssue` | Windows Update couldn't download the file because the Background Intelligent Transfer Service (BITS) couldn't connect to the internet. A proxy server or firewall on your network might require credentials. | The Windows Update service Windows has reported it failed to connect to Windows Updates. This can often be an issue with an Application Gateway or HTTP proxy, or an issue on the client. Retry the download.<p>Review your network configuration to make sure that this computer can access the internet. Validate and/or allowlist Windows Update and Delivery Optimization endpoint.</p><p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `DownloadCredentialsIssue` | Windows Update couldn't download the file because the Background Intelligent Transfer Service ([BITS](/windows/win32/bits/about-bits)) couldn't connect to the internet. A proxy server or firewall on your network might require credentials. | The Windows Update service Windows has reported it failed to connect to Windows Updates. This can often be an issue with an Application Gateway or HTTP proxy, or an issue on the client. Retry the download.<p>Review your network configuration to make sure that this computer can access the internet. Validate and/or allowlist Windows Update and Delivery Optimization endpoint.</p><p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `DownloadIssue` | There was an issue downloading the update. | The Windows Update service has reported it failed to connect to Windows Updates. This can often be an issue with an Application Gateway or HTTP proxy, or an issue on the client.<p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5).and [Endpoints for Delivery Optimization and Windows Update](/windows/deployment/do/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).</p><p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `DownloadIssueServiceDisabled` | There was a problem with the Background Intelligent Transfer Service (BITS). The BITS service or a service it depends on might be disabled. | The Windows Updates service has reported that the BITS service is disabled. In the local client services, make sure that the Background Intelligent Transfer Service is enabled. If the service isn't running, try starting it manually. For more information, see [Issues with BITS](/security-updates/WindowsUpdateServices/18127392).<p>If it will not start, check the event log for errors or [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `DownloadIssueServiceDisabled` | There was a problem with the Background Intelligent Transfer Service (BITS). The BITS service or a service it depends on might be disabled. | The Windows Updates service has reported that the BITS service is disabled. In the local client services, make sure that the Background Intelligent Transfer Service is enabled. If the service isn't running, try starting it manually. For more information, see [Issues with BITS](/windows/win32/bits/about-bits).<p>If it will not start, check the event log for errors or [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `DownloadTimeout` | A timeout occurred while Windows tried to contact the update service or the server containing the update's payload. | The Windows Update service has reported it attempted to download the payload and the connection timed out.<p>Retry downloading the payload. If not successful, review your network configuration to make sure that this computer can access the internet.</p>For more information, see [Check your network connection status](https://support.microsoft.com/windows/check-your-network-connection-status-efb4fb41-f751-567a-f60f-aac9114659a5). |
| `EndOfService` | The device is on a version of Windows that has passed its end of service date. | Windows Update service has reported the current version is past End of Service. Update device to a version that is currently serviced in [Feature update overview](../operate/windows-autopatch-groups-windows-feature-update-overview.md).<p>For more information on OS versioning, see [Windows 10 release information](/windows/release-health/release-information).</p> |
| `EndOfServiceApproaching` | The device is on a version of Windows that is approaching its end of service date. | Update device to a version that is currently serviced in [Feature update overview](../operate/windows-autopatch-groups-windows-feature-update-overview.md).<p>For more information on OS versioning, see [Windows 10 release information](/windows/release-health/release-information).</p> |

2
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md
View File

@ -1,7 +1,7 @@
---
title: Manage Windows feature update releases
description: This article explains how you can manage Windows feature updates with Autopatch groups
ms.date: 05/01/2023
ms.date: 05/05/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: conceptual

23
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-overview.md
View File

@ -1,7 +1,7 @@
---
title: Windows feature updates overview with Autopatch groups
description: This article explains how Windows feature updates are managed with Autopatch groups
ms.date: 05/01/2023
ms.date: 05/03/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: conceptual
@ -39,6 +39,15 @@ Windows Autopatchs device eligibility criteria for Windows feature updates al
## Key benefits
- Windows Autopatch makes it easier and less expensive for you to keep your Windows devices up to date. You can focus on running your core businesses while Windows Autopatch runs update management on your behalf.
- Youre in control of telling Windows Autopatch when your organization is ready to move to the next Windows OS version.
- Combined with custom releases, Autopatch Groups gives your organization great control and flexibility to help you plan your gradual rollout in a way that works for your organization.
- Simplified end-user experience with rich controls for gradual rollouts, deployment cadence and speed.
- No need to manually modify the default Windows feature update policies (default release) to be on the Windows OS version your organization is currently ready for.
- Allows for scenarios where you can deploy a single release across several Autopatch groups and its deployment rings.
## Key concepts
- A release is made of one or more deployment phases and contains the required OS version to be gradually rolled out throughout its deployment phases.
- A phase (deployment phase) is made of one or more Autopatch group deployment rings. A phase:
- Works as an additional layer of deployment cadence settings that can be defined by IT admins (only for Windows feature updates) on top of Autopatch group deployment rings (Windows update rings policies).
@ -71,12 +80,12 @@ If the device is registered with Windows Autopatch, and the device is:
If your tenant is enrolled with Windows Autopatch, you can see the following default policies created by the service in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431):
| Policy name | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
| ----- | ----- | ----- | ----- | ----- | ----- | ----- |
| Windows Autopatch DSS Policy [Test] | Windows 10 21H2 | Make update available as soon as possible | May 9, 2023 | N/A | N/A | June 10, 2024 |
| Windows Autopatch DSS Policy [Ring1] | Windows 10 21H2 | Make update available as soon as possible | May 16, 2023 | N/A | N/A | June 10, 2024 |
| Windows Autopatch DSS Policy [Ring2] | Windows 10 21H2 | Make update available as soon as possible | May 23, 2023 | N/A | N/A | June 10, 2024 |
| Windows Autopatch DSS Policy [Ring3] | Windows 10 21H2 | Make update available as soon as possible | May 30, 2023 | N/A | N/A | June 10, 2024 |
| Policy name | Phase mapping | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
| ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
| Windows Autopatch DSS Policy [Test] | Phase 1 | Windows 10 21H2 | Make update available as soon as possible | May 9, 2023 | N/A | N/A | June 10, 2024 |
| Windows Autopatch DSS Policy [First] | Phase 2 | Windows 10 21H2 | Make update available as soon as possible | May 16, 2023 | N/A | N/A | June 10, 2024 |
| Windows Autopatch DSS Policy [Fast] | Phase 3 | Windows 10 21H2 | Make update available as soon as possible | May 23, 2023 | N/A | N/A | June 10, 2024 |
| Windows Autopatch DSS Policy [Broad] | Phase 4 | Windows 10 21H2 | Make update available as soon as possible | May 30, 2023 | N/A | N/A | June 10, 2024 |
> [!NOTE]
> Gradual rollout settings aren't configured in the default Windows Update feature policy. If the date of the final group availability is changed to a past date, all remaining devices are offered the update as soon as possible. For more information, see [rollout options for Windows Updates in Microsoft Intune](/mem/intune/protect/windows-update-rollout-options#make-updates-available-gradually).

4
windows/deployment/windows-autopatch/operate/windows-autopatch-policy-health-and-remediation.md
View File

@ -50,7 +50,7 @@ The minimum role required to restore configurations is **Intune Service Administ
**To initiate remediation action for device configuration alerts:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Navigate to **Tenant administration** > **Tenant management** > **Alerts**.
1. Navigate to **Tenant administration** > **Tenant management** > **Actions**.
1. Select **Restore missing policy** to launch the workflow.
1. Review the message and select **Restore policy**.
1. If the **Change modified policy alert** appears, select this alert to launch the workflow.
@ -83,7 +83,7 @@ There will be an alert for each policy that is missing or has deviated from the
**To initiate remediation action for missing groups:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Navigate to **Tenant administration** > **Tenant management** > **Alerts**.
1. Navigate to **Tenant administration** > **Tenant management** > **Actions**.
1. Select **Restore missing group** to launch the workflow.
1. Review the message and select **Restore group**.

4
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-overview.md
View File

@ -1,7 +1,7 @@
---
title: Windows feature updates
description: This article explains how Windows feature updates are managed in Autopatch
ms.date: 02/17/2023
ms.date: 05/02/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: conceptual
@ -85,7 +85,7 @@ Windows Autopatch provides a permanent pause of a Windows feature update deploym
> You should only pause and resume [Windows quality](windows-autopatch-windows-quality-update-overview.md#pausing-and-resuming-a-release) and [Windows feature updates](#pausing-and-resuming-a-release) on Windows Autopatch managed devices using the Windows Autopatch Release management blade. Do **not** use the Microsoft Intune end-user experience flows to pause or resume Windows Autopatch managed devices. If you need assistance with pausing and resuming updates, please [submit a support request](../operate/windows-autopatch-support-request.md).
> [!IMPORTANT]
> Pausing or resuming an update can take up to eight hours to be applied to devices. Windows Autopatch uses Microsoft Intune as its management solution and that's the average frequency devices take to communicate back to Microsoft Intune with new instructions to pause, resume or rollback updates.<p>For more information, see [how long does it take for devices to get a policy, profile, or app after they are assigned from Microsoft Intune](/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).</p>
> Pausing or resuming an update can take up to eight hours to be applied to devices. Windows Autopatch uses Microsoft Intune as its device management solution and that's the average frequency Windows devices take to communicate back to Microsoft Intune with new instructions to pause, resume or rollback updates.<p>For more information, see [how long does it take for devices to get a policy, profile, or app after they are assigned from Microsoft Intune](/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).</p>
**To pause or resume a Windows feature update:**

5
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview.md
View File

@ -1,7 +1,7 @@
---
title: Windows quality updates
description: This article explains how Windows quality updates are managed in Autopatch
ms.date: 04/24/2023
ms.date: 05/02/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: conceptual
@ -86,6 +86,9 @@ When running an expedited release, the regular goal of 95% of devices in 21 days
| Standard release | Test<p>First<p>Fast<p>Broad | 0<p>1<p>6<p>9 | 0<p>2<p>2<p>5 | 0<p>2<p>2<p>2 |
| Expedited release | All devices | 0 | 1 | 1 |
> [!IMPORTANT]
> Expedited updates **don't** work with devices under the [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/). For more information, see [expedite Windows quality updates in Microsoft Intune](/mem/intune/protect/windows-10-expedite-updates).
#### Turn off service-driven expedited quality update releases
Windows Autopatch provides the option to turn off of service-driven expedited quality updates.

8
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-update.md
View File

@ -1,7 +1,7 @@
---
title: Customize Windows Update settings
description: This article explains how to customize Windows Updates in Windows Autopatch
ms.date: 03/08/2023
ms.date: 05/02/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: how-to
@ -30,6 +30,9 @@ For each tenant, at the deployment ring level, there are two cadence types to co
- [Deadline-driven](#deadline-driven)
- [Scheduled install](#scheduled-install)
> [!NOTE]
> Windows Autopatch uses the [Update rings policy for Windows 10 and later in Microsoft Intune](/mem/intune/protect/windows-10-update-rings) to apply either **Deadline-driven** or **Scheduled install** cadence types. Microsoft Intune implements [Update rings policy for Windows 10 and later](/mem/intune/protect/windows-10-update-rings) using the settings available in the [Update policy CSP](/windows/client-management/mdm/policy-csp-update).
#### Deadline-driven
With the deadline-drive cadence type, you can control and customize the deferral, deadline, and grace period to meet your specific business needs and organizational requirements.
@ -92,6 +95,9 @@ For more information, see [Windows Update settings you can manage with Intune up
## Customize the Windows Update deployment cadence
> [!IMPORTANT]
> The Windows update setting customizations can take up to eight hours to be applied to devices. Windows Autopatch uses Microsoft Intune as its device management solution and that's the average frequency Windows devices take to communicate back to Microsoft Intune with new instructions to apply new software update settings.<p>For more information, see [how long does it take for devices to get a policy, profile, or app after they are assigned from Microsoft Intune](/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).</p>
**To customize the Windows Update deployment cadence:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).

5
windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
View File

@ -4,7 +4,7 @@ metadata:
description: Answers to frequently asked questions about Windows Autopatch.
ms.prod: windows-client
ms.topic: faq
ms.date: 02/28/2023
ms.date: 05/04/2023
audience: itpro
ms.localizationpriority: medium
manager: dougeby
@ -77,6 +77,9 @@ sections:
- question: Can you change the policies and configurations created by Windows Autopatch?
answer: |
No. Don't change, edit, add to, or remove any of the configurations. Doing so might cause unintended configuration conflicts and impact the Windows Autopatch service. For more information about policies and configurations, see [Changes made at tenant enrollment](/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant).
- question: How can I represent our organizational structure with our own deployment cadence?
answer: |
[Windows Autopatch groups](../deploy/windows-autopatch-groups-overview.md) helps you manage updates in a way that makes sense for your businesses. For more information, see [Windows Autopatch groups overview](../deploy/windows-autopatch-groups-overview.md) and [Manage Windows Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md).
- name: Update management
questions:
- question: What systems does Windows Autopatch update?