Windows Autopatch, service activation and configuration

Presentation

Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization.
The target, simplify the management of patch management and reduce security gaps on your IT equipment.

Prerequisites

Licencing

  • Windows 10/11 Enterprise E3

Connectivity

  • Access to multiple Microsoft service endpoints from corporate network

Azure AD

  • Azure Active Directory must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Azure Active Directory Connect to enable Hybrid Azure Active Directory join.

Device management

  • Windows Autopatch devices must be managed by Microsoft Intune. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.
  • At least, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see Co-management requirements for Windows Autopatch below.
Source : https://docs.microsoft.com/en-us/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites

Service configuration

  • Go to https://endpoint.microsoft.com
  • Click Tenant Administration / Windows Autopatch


  • Tick box and click Agree

  • The capability check is launch 
    • In my case, i have one settings with status "Not Ready". This is due to the fact that update rules existed. It is therefore necessary to remove everything so that it does not interfere with the Windows Autopatch service.
  • Suppress all existing rules and run a capability check
    • After modification, all errors is suppress. The Microsoft Intune tenant is Ready to enroll Windows Autopatch service.


  • Click Enroll
  • Tick box and click Enroll

  • Set the information's contact of  the first Admin

  • Set the information's contact of  the second Admin and click Complete


Enroll computer on Windows Autopatch service

After the service configuration, many groups are available in Microsoft Intune :
  • Many group for ring affectation
  • One group for device registration service

To enroll your devices to the service, you must add your devices to the Windows Autopatch Device Registration group.

  • Then go to Devices / Windows Autopatch / Devices

  • Click Discover devices

  • After synchronization, your devices are available in Windows Autoptach service.

Change group device

  • Then go to Devices / Windows Autopatch / Devices. 

  • Select device and click Device actions / Assign device group

  • Select new group and click Save

Commentaires

Posts les plus consultés de ce blog

Windows 11 security check with Powershell

SCCM - Erreur 0x87D00664 lors de l'installation de la mise à jour de Juin 2020

Edge Chromium - Les ADMX sont disponibles