Forum Discussion

Harman_Thind's avatar
Harman_Thind
Icon for Microsoft rankMicrosoft
May 31, 2022
Solved

Welcome to the Windows Autopatch Community!

Hi everyone, welcome to the Windows Autopatch community!!   My name is Harman Thind, I am a Product Manager on the Windows Autopatch engineering team. This community board is open for Q/A, discus...
ambarishrh's avatar
ambarishrh
Iron Contributor
Jun 01, 2022

Harman_Thind I just tried autopatch and on one of the readiness checks, it is mentioned as:

Make sure that any conditional access policies you have don’t include any Windows Autopatch devices or users.

 

I am sure most organizations use Conditional Access and either device/user will be part of those CA. In that case, does it mean that we cant use Autopatch?

 

Harman_Thind's avatar
Harman_Thind
Icon for Microsoft rankMicrosoft
Jun 03, 2022

Hi ambarishrh !
No you absolutely can still use Windows Autopatch if you have Conditional Access. However, conditional access policies will block Windows Autopatch service accounts from connecting to your tenant if the accounts are not excluded. As such, part of the enrollment process includes excluding our service accounts from your conditional access policies. For more information on how we handle this, check out our public docs on this: https://docs.microsoft.com/en-us/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues#conditional-access-policies

  • BikeTech's avatar
    BikeTech
    Brass Contributor
    Jul 14, 2022
    Hi Harman_Thind
    You talk about excluding Windows Autopatch service accounts. But the assessment tool talks about excluding autopatch devices. But that would be all my devices.. I"m confused...

    3. On the Include page, change the policy to use an assignment that targets a specific Azure AD group that doesn’t include any Windows Autopatch devices, and then select Save.
    • phull89's avatar
      phull89
      Copper Contributor
      Jul 22, 2022

       

      Hi

      I too would like to know this.

      I'm looking into the Conditional Access advisory and 3 of the supposedly affected Conditional Access policies are pointing to the same group. This group only contains users, no devices.

       

      I also have an issue with Co-Management, but one problem at a time.......

Resources