MicrosoftJim Hill The inability to have conditional access policies enforced against the user principle names (or device ID's)
Perhaps Microsoft can clarify, as I read that statement as being specific to the Service accounts Autopatch uses - not the end users as that would rule Autopatch out in any Enterprise environment. CA/MFA should never be disabled for any cloud based user account.
I'm probably being totally daft, but I can't find any form of Admin portal for Autopatch and none of the documentation mention where it is. Where does one look in Intune for a combined view of the Teams, OneDrive, Edge and Windows update status?
From my first look, the initial setup adds a lot of Configuration profiles and a PowerShell script. Many are not applicable to our environment and the rest conflict with config profiles already deployed. Can the profiles/scripts it adds be modified/removed to fit the environment, or will Autopatch fail if any of its auto-config is touched?
My final point is around Microsoft gaining Admin rights to the tenant. Why is that not under the GDAP umbrella, which would at least provide visibility of the access Microsoft have into the tenant?
