Changes made at feature activation
Important
The information in this article or section only applies if you have Windows Enterprise E3+ or F3 licenses (included in Microsoft 365 F3, E3, or E5) licenses and have activated Windows Autopatch features.
Feature activation is optional and at no additional cost to you if you have Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) licenses.
For more information, see Licenses and entitlements. If you choose not to go through feature activation, you can still use the Windows Autopatch service for the features included in Business premium and A3+ licenses.
The following configuration details explain the changes made to your tenant when consenting to Windows Autopatch feature activation with the Windows Autopatch service.
Important
The service manages and maintains the following configuration items. Don't change, edit, add to, or remove any of the configurations. Doing so might cause unintended configuration conflicts and impact the Windows Autopatch service.
Windows Autopatch enterprise applications
Enterprise applications are applications (software) that a business uses to do its work.
Windows Autopatch creates an enterprise application in your tenant. This enterprise application is used to run the Windows Autopatch service.
Enterprise application name | Usage | Permissions |
---|---|---|
Modern Workplace Management | The Modern Workplace Management application:
|
|
Microsoft Entra groups
Windows Autopatch creates the required Microsoft Entra groups to operate the service.
The following groups target Windows Autopatch configurations to devices and management of the service by our first party enterprise applications.
Group name | Description |
---|---|
Modern Workplace Devices-Virtual Machine | All Autopatch virtual devices |
Windows Autopatch-Devices all | All Autopatch devices |
Modern Workplace Devices-Windows Autopatch-Test | Deployment ring for testing update deployments prior production rollout |
Modern Workplace Devices-Windows Autopatch-First | First production deployment ring for early adopters |
Modern Workplace Devices-Windows Autopatch-Fast | Fast deployment ring for quick rollout and adoption |
Modern Workplace Devices-WindowsAutopatch-Broad | Final deployment ring for broad rollout into the organization |
Device configuration policies
- Windows Autopatch - Data Collection
Policy name | Policy description | Properties | Value |
---|---|---|---|
Windows Autopatch - Data Collection | Windows Autopatch and Telemetry settings processes diagnostic data from the Windows device. Assigned to:
|
|
Windows feature update policies
- Windows Autopatch - Global DSS Policy
Policy name | Policy description | Value |
---|---|---|
Windows Autopatch - Global DSS Policy | Global DSS policy for Test device group with the required minimum OS version | Assigned to:
Exclude from:
|
Microsoft Office update policies
Important
By default, these policies are not deployed. You can opt-in to deploy these policies when you activate Windows Autopatch features.
To update Microsoft Office, you must create at least one Autopatch group and the toggle the must be set to Allow.
- Windows Autopatch - Office Configuration
- Windows Autopatch - Office Update Configuration [Test]
- Windows Autopatch - Office Update Configuration [First]
- Windows Autopatch - Office Update Configuration [Fast]
- Windows Autopatch - Office Update Configuration [Broad]
Policy name | Policy description | Properties | Value |
---|---|---|---|
Windows Autopatch - Office Configuration | Sets Office Update Channel to the Monthly Enterprise servicing branch. Assigned to:
|
|
|
Windows Autopatch - Office Update Configuration [Test] | Sets the Office update deadline Assigned to:
|
|
|
Windows Autopatch - Office Update Configuration [First] | Sets the Office update deadline Assigned to:
|
|
|
Windows Autopatch - Office Update Configuration [Fast] | Sets the Office update deadline Assigned to:
|
|
|
Windows Autopatch - Office Update Configuration [Broad] | Sets the Office update deadline Assigned to:
|
|
|
Microsoft Edge update policies
Important
By default, these policies are not deployed. You can opt-in to deploy these policies when you activate Windows Autopatch features.
To update Microsoft Edge, you must create at least one Autopatch group and the toggle the must be set to Allow.
- Windows Autopatch - Edge Update Channel Stable
- Windows Autopatch - Edge Update Channel Beta
Policy name | Policy description | Properties | Value |
---|---|---|---|
Windows Autopatch - Edge Update Channel Stable | Deploys updates via the Edge Stable Channel Assigned to:
|
|
|
Windows Autopatch - Edge Update Channel Beta | Deploys updates via the Edge Beta Channel Assigned to:
|
|
|
Driver updates for Windows 10 and later
Important
By default, these policies are not deployed. You can opt-in to deploy these policies when you activate Windows Autopatch features.
To update drivers and firmware, you must create at least one Autopatch group and the toggle the must be set to Allow.
- Windows Autopatch - Driver Update Policy [Test]
- Windows Autopatch - Driver Update Policy [First]
- Windows Autopatch - Driver Update Policy [Fast]
- Windows Autopatch - Driver Update Policy [Broad]
PowerShell scripts
Script | Description |
---|---|
Modern Workplace - Autopatch Client Setup v1.1 | Installs necessary client components for the Windows Autopatch service |