deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' into ap-whats-new-020123

Browse Source
This commit is contained in:
Tiara Quan 2023-02-01 06:55:04 -08:00 committed by GitHub
commit f24f275706
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
View File

@ -111,12 +111,18 @@ A role defines the set of permissions granted to users assigned to that role. Yo
- Azure AD Global Administrator
- Intune Service Administrator
- Modern Workplace Intune Administrator
For more information, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference) and [Role-based access control (RBAC) with Microsoft Intune](/mem/intune/fundamentals/role-based-access-control).
> [!NOTE]
> The Modern Workplace Intune Admin role is a custom created role during the Windows Autopatch tenant enrollment process. This role can assign administrators to Intune roles, and allows you to create and configure custom Intune roles.
If you want to assign less-privileged user accounts to perform specific tasks in the Windows Autopatch portal, such as register devices with the service, you can add these user accounts into one of the two Azure AD groups created during the [tenant enrollment](../prepare/windows-autopatch-enroll-tenant.md) process:
| Role | Discover devices | Modify columns | Refresh device list | Export to .CSV | Device actions |
| ----- | ----- | ----- | ----- | ----- | ----- |
| Modern Workplace Roles - Service Administrator | Yes | Yes | Yes | Yes | Yes |
| Modern Workplace Roles - Service Reader | No | Yes | Yes | Yes | No |
> [!TIP]
> If you're adding less-privileged user accounts into the **Modern Workplace Roles - Service Administrator** Azure AD group, it's recommended to add the same users as owners of the **Windows Autopatch Device Registration** Azure AD group. Owners of the **Windows Autopatch Device Registration** Azure AD group can add new devices as members of the group for registration purposes.<p>For more information, see [assign an owner of member of a group in Azure AD](/azure/active-directory/privileged-identity-management/groups-assign-member-owner#assign-an-owner-or-member-of-a-group).</p>
## Details about the device registration process

10
windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md
View File

@ -1,7 +1,7 @@
---
title: Windows feature updates
description: This article explains how Windows feature updates are managed in Autopatch
ms.date: 01/31/2023
ms.date: 02/01/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: conceptual
@ -23,11 +23,11 @@ Windows Autopatch makes it easier and less expensive for you to keep your Window
## Enforcing a minimum Windows OS version
Once devices are registered with Windows Autopatch, theyre assigned to deployment rings. Each deployment ring has a set of Windows feature update policies assigned to them.
Once devices are registered with Windows Autopatch, theyre assigned to deployment rings. Each deployment ring has its Windows feature update policy assigned to them.
The policies:
- Contain the minimum Windows OS version being currently serviced by the Windows servicing channels. The current minimum OS version is **Windows 10 20H2**.
- Contain the minimum Windows 10 version being currently serviced by the [Windows servicing channels](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2). The current minimum OS version is **Windows 10 20H2**.
- Set a bare minimum Windows OS version required by the service once devices are registered with the service.
- Minimize unexpected Windows OS upgrades once new devices register with Windows Autopatch.
@ -56,7 +56,7 @@ You can test Windows 11 deployments by adding devices either through direct memb
| Policy name | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
| ----- | ----- | ----- | ----- | ----- | ----- | ----- |
| Windows Autopatch DSS Policy [Test] | Windows 11 22H2 | Make update available as soon as possible | N/A | N/A | N/A | 10/13/2025, 7:00PM |
| Modern Workplace DSS Policy [Windows 11] | Windows 11 22H2 | Make update available as soon as possible | N/A | N/A | N/A | 10/13/2025, 7:00PM |
## Manage Windows feature update deployments
@ -79,7 +79,7 @@ Windows Autopatch provides a permanent pause of a Windows feature update deploym
9. Select **Okay**.
> [!NOTE]
> Pausing an update can take up to eight hours to deploy to devices.
> Pausing an update can take up to eight hours to be applied to devices. This happens because Windows Autopatch uses Microsoft Intune as its management solution, and that's the average frequency devices take to communicate back to Microsoft Intune with new instructions to pause, resume or rollback updates.<p>For more information, see [how long does it take for devices to get a policy, profile, or app after they are assigned from Microsoft Intune](/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).</p>
## Rollback