Forum Widgets
Latest Discussions
Windows Auto Patch vs Intune Update Rings
Does Microsoft have anything documented to explain the differences between Auto Patch and Update rings? Aside from the obvious of Microsoft managing Auto Patching, is that really the largest benefit here? We are currently investigating the use of Update rings vs Auto Patch. We have reviewed all of the Auto Patch documentation to date but was really hoping for some type of comparison of the two items if possible.What's New in Windows Autopatch: September Edition
Check out the latest Monthly Blog on 'What's new in Windows Autopatch: September 2022'! This blog highlights the following: Windows Autopatch will create the following enterprise application: Modern Workplace Management in your tenant This is a limited enterprise application with elevated privileges. We use this account to manage the service, publish baseline configuration updates, and maintain overall service health. For more information, see Changes made at tenant enrollment This change will also remove the Windows Autopatch service accounts, related AAD groups and conditional access policy that were previously deployed as part of the enrollment process. Post-registration device readiness checks Reporting for Quality Updates Let us know what you think about the latest changes! As always, keep the discussions, questions and feedback coming! Harman Thind Product Manager | Windows Autopatch
Does Windows Autopatch support DIY build PCs?
Hi, I have some DIY build PCs enrolled and managed by Intune. They don't have effective values (but not blank) of serial number, manufacturer and model. Looks like following pic in Intune portal: (For all the DIY build PCs I got similar values of serial number, manufacturer and model. Like "SystemSerialNumber", "System manufacturer", "System Product Name", "ToBeFilledByO.E.M." and "To Be Filled By O.E.M.") I tried to register 2 such PCs with Windows Autopatch and succeeded. But today one of them disappeared from Windows Autopatch portal, either in Ready or Not ready tab. The other one is fine. I can still find the missing one in "Modern Workplace *" AAD groups, and the corresponding policy assignment seems OK. Following pic are from the missing one: (membership of "Modern Workplace *" AAD groups) (corresponding policy assignment) I guess it's a bug for Windows Autopatch to handle such DIY build PCs. How could I solve it? Will there be an offical fix for this? If unfortunately it's not a bug, I wonder why. Current device records in AAD and Intune for such DIY build PCs should be enough for Windows Autopatch to work, doesn't it? Any opinions are welcome. Many thanks.Co-Managed Autopatch - Dynamic AAD Groups
Just finished setting up Autopatch, which was pretty painless, however the device configurations created for Windows 10 and 11 telemetry have exclusions groups for one another, which is expected, however the dynamic group for Windows 11 uses (device.devicePhysicalIds -any _ -startsWith "[OrderID]:Microsoft365Managed_") or (device.deviceOSVersion -startsWith "10.0.22000") to determine if the device is windows 11. However the OrderID wouldn't be set for these devices already in the environment thus never added. Also Windows 11 22h2 will be higher than build 22000. So as of now both 10 and 11 configs are trying to apply to both Win10 and 11 and conflicting with one another.
What's New in Windows Autopatch - New Feature: Tenant Management Blade
Hi all! We are announcing that the new Windows Autopatch Tenant Management blade is now live in the Windows Autopatch admin center. You can find this blade by navigating to: Tenant administration > Windows Autopatch > Tenant management in the Microsoft Endpoint Manager admin center. Alternatively, if your tenant has been flagged for an action, you will see a banner notifying you of this action in the Windows Autopatch devices blade. See screenshots below for examples. The purpose of the Tenant Management blade is to highlight all tenant level actions that require an admin action. Currently, the only action that is live is for select customers to take action on their tenant access model, more details below. Once there, Global Admins will need to consent to the action to approve the changes which are as follows: If you enrolled into Windows Autopatch before July 11, 2022, Windows Autopatch will: Create the Modern Workplace Management enterprise application. This is a limited enterprise application with elevated privileges. We use this account to manage the service, publish baseline configuration updates and maintain overall service health. For more information, see Changes made at tenant enrollment. Remove the following: Service accounts: MSAdmin, MsAdminInt, MsTest Groups: Workplace Service Accounts, Modern Workplace Service - Intune Reader MMD, Modern Workplace Service - Intune Reader All, Modern Workplace Service - Intune Admin All Conditional Access Policy: Modern Workplace - Secure Workstation If you enrolled into Windows Autopatch after July 11, 2022, Windows Autopatch will only remove the service accounts, groups and conditional access policy as specified in the previous section as you already have the new first party application on your tenant. For more information, see the following public documentation: Changes made at tenant enrollment - Windows Deployment | Microsoft Learn Maintain the Windows Autopatch environment - Windows Deployment | Microsoft Learn Privacy - Windows Deployment | Microsoft Learn
Are A3 and A5 licenses not good enough to get Windows Autopatch?
Si i came across an article on the Autopatch and thought i want to try that. i looked at the prereq's and thought i have all that. went to my Endpoint Manager console and Windows Autopatch is not there. i read it should automatically be there if you meet the requirements. i thought i did, i have EPM setup and devices are co managed and are hybris azure ad joined. the only difference in the prereq's that i saw was that it said E3 licenses and above. i am in the education sector and i have A3 and A5 licenses. are they not the same as the E3 and E5 equivalent? Is this why i dont see Windows Autopatch available to my tenant?Windows Autopatch - Generally Available!
Hi all! Excited to share that Windows Autopatch is now Generally Available (GA)! Check out our latest GA announcement blog as well as our new marketing page. What's new for Windows Autopatch? Add and verify admin contacts Basic Quality Update reporting: MEM -> Reports -> Windows Autopatch -> Quality Updates Windows feature updates Release Management Blade: Pause/Resume a release Windows quality updates Windows feature updates Let our team know if you have feedback and keep the discussions coming around the product here in tech community!
Not Ready - Must be managed by Intune
Hi, I am starting testing with AutoPatch and it says that my devices are not managed by Intune, but they look fine in the MEM portal. I was able to initiate a remote restart on them to confirm communication and I also successfully deployed a Win32 app to to the devices. Do you have any suggestions on on how I can get these devices into 'Ready' status?
