Forum Discussion
MicrosoftWelcome to the Windows Autopatch Community!
Hi everyone, welcome to the Windows Autopatch community!!
My name is Harman Thind, I am a Product Manager on the Windows Autopatch engineering team. This community board is open for Q/A, discussions or insights for our product! Various folks from my team will monitor this page and get back to you within 3 work days. Feel free to post anything and everything Windows Autopatch related here!
Additionally, Windows Autopatch is now in public preview! You can learn more at our public docs or by checking out our latest blog at: https://aka.ms/moreaboutautopatch.
Hi ambarishrh !
No you absolutely can still use Windows Autopatch if you have Conditional Access. However, conditional access policies will block Windows Autopatch service accounts from connecting to your tenant if the accounts are not excluded. As such, part of the enrollment process includes excluding our service accounts from your conditional access policies. For more information on how we handle this, check out our public docs on this: https://docs.microsoft.com/en-us/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues#conditional-access-policies
7 Replies
- We are interested to see if this feature will allow us to patch Exchange server as well?
Thanks and looking your response on this - Thank you for sharing
Harman_Thind I just tried autopatch and on one of the readiness checks, it is mentioned as:
Make sure that any conditional access policies you have don’t include any Windows Autopatch devices or users.
I am sure most organizations use Conditional Access and either device/user will be part of those CA. In that case, does it mean that we cant use Autopatch?
- Harman_Thind
Hi ambarishrh !
No you absolutely can still use Windows Autopatch if you have Conditional Access. However, conditional access policies will block Windows Autopatch service accounts from connecting to your tenant if the accounts are not excluded. As such, part of the enrollment process includes excluding our service accounts from your conditional access policies. For more information on how we handle this, check out our public docs on this: https://docs.microsoft.com/en-us/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues#conditional-access-policies- Hi Harman_Thind
You talk about excluding Windows Autopatch service accounts. But the assessment tool talks about excluding autopatch devices. But that would be all my devices.. I"m confused...
3. On the Include page, change the policy to use an assignment that targets a specific Azure AD group that doesn’t include any Windows Autopatch devices, and then select Save.
- Did you run the readiness check as a Global Admin?
