Event banner
Event details
Whats your recommendation for using Autopatch to update a large # of devices to Windows 11:
1. Do you use the default Autopatch groups and simply change the setting "Upgrade Windows 10 devices to Latest Windows 11 release"? or do you build separate Autopatch groups only for HW that is compatible with Windows 11? It appears that if a W10 device that is not W11 compatible is targeted with a W11 upgrade policy - it will just do nothing (but fail to apply future W10 updates due to conflict in AP policy - until removed from W11 target AP group?) How did MS update to W11 using Autopatch or rings + policy? Did they use default groups - or spread out over departments using custom group/policy - or grouped everyone together?>
2. There are many reports that show Windows 10 device/HW readiness for W11 upgrade (Work from Anywhere + Windows feature update device readiness report + Windows Update for Business reports - Windows 11 Readiness Status) - and they all have varied information - is there a defacto report that should be used? Personally i find the Work from Anywhere report the most useful, but, it is missing devices - some devices don't appear in Work from Anywhere report even though they are enrolled in Endpoint Analytics.
3. Would it ever be possible to generate dynamic device groups using User attributes?(example: give me all devices for users that have AAD attribute of Accounting department - instead of say using scope tags?) Since autopatch only support device-based groups - its difficult to create groups by department using device-based attributes? Any plans for other options?
4. Does it makes sense to request the option to include object ID's in reports that only contain say the device name? If we export a report from intune with Devic names in it - from any report/area in Intune, then want to use those device names to Bulk import device group members, it needs object ID's for bulk import - many/all reports from Intune tend to not include object ID's - we wind up having to use graph and or AAD PowerShell to generate this data (object id's)
5. Autopatch - if we only want to target a Feature Update to a set of devices in a custom Autopatch group, and not apply Quality Updates, can we simply pause Quality updates in the custom autopatch group settings - permanently for that custom group?
AriaUpdated
Microsoft
Microsoft1. There are a few ways to do this. For example, you can use the Upgrade Readiness report to determine eligibility and group by Win 11 eligible vs. ineligible. Another option is to assign all devices to Win 11, then move those that don't upgrade after X period of time to a separate group and target with the latest Win 10 version.
2. Use whatever reporting works best for you.
3. That is a great question! We are certainly evolving our grouping strategy/capabilities and can keep those suggestions in mind.
4. I'll go find someone to get back to you on 2 and 4 for your reporting questions 🙂
5. That depends on how you plan on managing Quality Updates. If you plan on managing them onprem with WSUS / Configuration Manager and have scan source set to WSUS for QUs then sure. However, if you plan on managing them through the Cloud / an MDM then I wouldn't do this as Quality updates will be paused.
David_Guyer1. Eric, you are correct that the Update Rings policy doesn't know which devices are eligible, so the recommended way to use that setting is to set it to Update to Windows 11 until you get the eligible devices on Windows 11, then set it back to the off setting so that the feature update deferrals continues to work. Even better, is to use Feature update policies for the update. I'm not 100% sure of the AutoPatch plans for this, but I believe they will be moving the feature update management at some point.
2. We are generally recommending the update readiness and compatibility reports in Intune for most customers because it provides additional information like potential app or driver compatibility issues, in addition to the driver settings. That does require enabling Windows data, which the Work From Anywhere reports in Endpoint Analytics do not. In the end, as Aria pointed, use the report that works best for you with these considerations.
4. Your notion makes sense, so it depends on each report, since the reports for Windows Updates to include device IDs for that reason. I can pass it along to our reporting team.