diff --git a/windows/deployment/windows-autopatch/TOC.yml b/windows/deployment/windows-autopatch/TOC.yml index c289d933cc..ad017e7f92 100644 --- a/windows/deployment/windows-autopatch/TOC.yml +++ b/windows/deployment/windows-autopatch/TOC.yml @@ -107,8 +107,8 @@ href: operate/windows-autopatch-manage-driver-and-firmware-updates.md - name: Submit a support request href: operate/windows-autopatch-support-request.md - - name: Deregister a device - href: operate/windows-autopatch-deregister-devices.md + - name: Exclude a device + href: operate/windows-autopatch-exclude-device.md - name: Unenroll your tenant href: operate/windows-autopatch-unenroll-tenant.md - name: References diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md deleted file mode 100644 index fa0d5b2cae..0000000000 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Deregister a device -description: This article explains how to deregister devices -ms.date: 06/15/2022 -ms.prod: windows-client -ms.technology: itpro-updates -ms.topic: how-to -ms.localizationpriority: medium -author: tiaraquan -ms.author: tiaraquan -manager: dougeby -ms.reviewer: andredm7 -ms.collection: - - tier2 ---- - -# Deregister a device - -To avoid end-user disruption, device deregistration in Windows Autopatch only deletes the Windows Autopatch device record itself. Device deregistration can't delete Microsoft Intune and/or the Azure Active Directory device records. Microsoft assumes you'll keep managing those devices yourself in some capacity. - -**To deregister a device:** - -1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). -1. Select **Windows Autopatch** in the left navigation menu. -1. Select **Devices**. -1. In either **Ready** or **Not ready** tab, select the device(s) you want to deregister. -1. Once a device or multiple devices are selected, select **Device actions**, then select **Deregister device**. - -> [!WARNING] -> Removing devices from the Windows Autopatch Device Registration Azure AD group doesn't deregister devices from the Windows Autopatch service. - -## Excluded devices - -When you deregister a device from the Windows Autopatch service, the device is flagged as "excluded" so Windows Autopatch doesn't try to reregister the device into the service again, since the deregistration command doesn't trigger device membership removal from the **Windows Autopatch Device Registration** Azure Active Directory group. - -> [!IMPORTANT] -> The Azure AD team doesn't recommend appending query statements to remove specific device from a dynamic query due to dynamic query performance issues. - -If you want to reregister a device that was previously deregistered from Windows Autopatch, you must [submit a support request](../operate/windows-autopatch-support-request.md) with the Windows Autopatch Service Engineering Team to request the removal of the "excluded" flag set during the deregistration process. After the Windows Autopatch Service Engineering Team removes the flag, you can reregister a device or a group of devices. - -## Hiding unregistered devices - -You can hide unregistered devices you don't expect to be remediated anytime soon. - -**To hide unregistered devices:** - -1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). -1. Select **Windows Autopatch** in the left navigation menu. -1. Select **Devices**. -1. In the **Not ready** tab, select an unregistered device or a group of unregistered devices you want to hide then select **Status == All**. -1. Unselect the **Registration failed** status checkbox from the list. diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md new file mode 100644 index 0000000000..c1acd3c8bf --- /dev/null +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md @@ -0,0 +1,56 @@ +--- +title: Exclude a device +description: This article explains how to exclude a device from the Windows Autopatch service +ms.date: 08/04/2023 +ms.prod: windows-client +ms.technology: itpro-updates +ms.topic: how-to +ms.localizationpriority: medium +author: tiaraquan +ms.author: tiaraquan +manager: dougeby +ms.reviewer: andredm7 +ms.collection: + - tier2 +--- + +# Exclude a device + +To avoid end-user disruption, excluding a device in Windows Autopatch only deletes the Windows Autopatch device record itself. Excluding a device can't delete the Microsoft Intune and/or the Azure Active Directory device records. Microsoft assumes you'll keep managing those devices yourself in some capacity. + +When you exclude a device from the Windows Autopatch service, the device is flagged as "excluded" so Windows Autopatch doesn't try to restore the device into the service again, since the exclusion command doesn't trigger device membership removal from the **Windows Autopatch Device Registration** group, or any other Azure AD group, used with Autopatch groups. + +> [!IMPORTANT] +> The Azure AD team doesn't recommend appending query statements to remove specific device from a dynamic query due to dynamic query performance issues. + +**To exclude a device:** + +1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +1. Select **Windows Autopatch** in the left navigation menu. +1. Select **Devices**. +1. In either the **Ready** or **Not ready** tab, select the device(s) you want to exclude. +1. Once a device or multiple devices are selected, select **Device actions**. Then, select **Exclude device**. + +> [!WARNING] +> Excluding devices from the Windows Autopatch Device Registration group, or any other Azure AD group, used with Autopatch groups doesn't exclude devices from the Windows Autopatch service. + +## Only view excluded devices + +You can view the excluded devices in the **Not registered** tab to make it easier for you to bulk restore devices that were previously excluded from the Windows Autopatch service. + +**To view only excluded devices:** + +1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +1. Select **Windows Autopatch** in the left navigation menu. +1. Select **Devices**. +1. In the **Not registered** tab, select **Excluded** from the filter list. Leave all other filter options unselected. + +## Restore a device or multiple devices previously excluded + +**To restore a device or multiple devices previously excluded:** + +1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +1. Select **Windows Autopatch** in the left navigation menu. +1. Select **Devices**. +1. In the **Not registered** tab, select the device(s) you want to restore. +1. Once a device or multiple devices are selected, select **Device actions**. Then, select **Restore device**. diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md index 1269f66d0f..f39f8c2f8f 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md @@ -1,7 +1,7 @@ --- title: Unenroll your tenant description: This article explains what unenrollment means for your organization and what actions you must take. -ms.date: 07/27/2022 +ms.date: 08/04/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: how-to @@ -25,7 +25,7 @@ If you're looking to unenroll your tenant from Windows Autopatch, this article d Unenrolling from Windows Autopatch requires manual actions from both you and from the Windows Autopatch Service Engineering Team. The Windows Autopatch Service Engineering Team will: - Remove Windows Autopatch access to your tenant. -- Deregister your devices from the Windows Autopatch service. Deregistering your devices from Windows Autopatch won't remove your devices from Intune, Azure AD or Configuration Manager. The Windows Autopatch Service Engineering Team follows the same process and principles as laid out in [Deregister a device](/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices). +- Exclude your devices from the Windows Autopatch service. Excluding your devices from Windows Autopatch won't remove your devices from Intune, Azure AD or Configuration Manager. The Windows Autopatch Service Engineering Team follows the same process and principles as laid out in [Exclude a device](../operate/windows-autopatch-exclude-device.md). - Delete all data that we've stored in the Windows Autopatch data storage. > [!NOTE] @@ -36,7 +36,7 @@ Unenrolling from Windows Autopatch requires manual actions from both you and fro | Responsibility | Description | | ----- | ----- | | Windows Autopatch data | Windows Autopatch will delete user data that is within the Windows Autopatch service. We won’t make changes to any other data. For more information about how data is used in Windows Autopatch, see [Privacy](../overview/windows-autopatch-privacy.md). | -| Deregistering devices | Windows Autopatch will deregister all devices previously registered with the service. Only the Windows Autopatch device record will be deleted. We won't delete Microsoft Intune and/or Azure Active Directory device records. For more information, see [Deregister a device](/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices). | +| Excluding devices | Windows Autopatch will exclude all devices previously registered with the service. Only the Windows Autopatch device record will be deleted. We won't delete Microsoft Intune and/or Azure Active Directory device records. For more information, see [Exclude a device](../operate/windows-autopatch-exclude-device.md). | ## Your responsibilities after unenrolling your tenant @@ -50,7 +50,7 @@ Unenrolling from Windows Autopatch requires manual actions from both you and fro **To unenroll from Windows Autopatch:** -1. [Submit a support request](windows-autopatch-support-request.md) and request to unenroll from the Windows Autopatch service. +1. [Submit a support request](../operate/windows-autopatch-support-request.md) and request to unenroll from the Windows Autopatch service. 1. The Windows Autopatch Service Engineering Team will communicate with your IT Administrator to confirm your intent to unenroll from the service. 1. You'll have 14 days to review and confirm the communication sent by the Windows Autopatch Service Engineering Team. 2. The Windows Autopatch Service Engineering Team can proceed sooner than 14 days if your confirmation arrives sooner. diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md index a071f7e68d..5040b8ad68 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md @@ -64,7 +64,7 @@ Microsoft remains committed to the security of your data and the [accessibility] | ----- | ----- | | Prepare | The following articles describe the mandatory steps to prepare and enroll your tenant into Windows Autopatch: | | Deploy | Once you've enrolled your tenant, this section instructs you to: | -| Operate | This section includes the following information about your day-to-day life with the service: +| Operate | This section includes the following information about your day-to-day life with the service: | References | This section includes the following articles: | ### Have feedback or would like to start a discussion? diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md index 816790a4c7..851207d167 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md @@ -86,10 +86,10 @@ This article outlines your responsibilities and Windows Autopatch's responsibili | Maintain existing configurations | :heavy_check_mark: | :x: | | Understand the health of [Up to date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) devices and investigate devices that are | [Raise, manage and resolve a service incident if an update management area isn't meeting the service level objective](windows-autopatch-overview.md#update-management) | :x: | :heavy_check_mark: | -| [Deregister devices](../operate/windows-autopatch-deregister-devices.md) | :heavy_check_mark: | :x: | -| [Register a device that was previously deregistered (upon customers request)](../operate/windows-autopatch-deregister-devices.md#excluded-devices) | :x: | :heavy_check_mark: | +| [Exclude a device](../operate/windows-autopatch-exclude-device.md) | :heavy_check_mark: | :x: | +| [Register a device that was previously excluded (upon customers request)](../operate/windows-autopatch-exclude-devie.md) | :x: | :heavy_check_mark: | | [Request unenrollment from Windows Autopatch](../operate/windows-autopatch-unenroll-tenant.md) | :heavy_check_mark: | :x: | -| [Remove Windows Autopatch data from the service and deregister devices](../operate/windows-autopatch-unenroll-tenant.md#microsofts-responsibilities-during-unenrollment) | :x: | :heavy_check_mark: | +| [Remove Windows Autopatch data from the service and exclude devices](../operate/windows-autopatch-unenroll-tenant.md#microsofts-responsibilities-during-unenrollment) | :x: | :heavy_check_mark: | | [Maintain update configuration & update devices post unenrollment from Windows Autopatch](../operate/windows-autopatch-unenroll-tenant.md#your-responsibilities-after-unenrolling-your-tenant) | :heavy_check_mark: | :x: | | Review and respond to Message Center and Service Health Dashboard notifications | :heavy_check_mark: | :x: | | Highlight Windows Autopatch management alerts that require customer action | :x: | :heavy_check_mark: |