Exclude Device from Windows Autopatch

This post guide you to exclude device from Windows Autopatch service. Before Microsoft can manage your devices in Windows Autopatch, you must have devices registered with the service.

Windows Autopatch is a service that removes the need for organizations to plan and operate the update process. The goal of Windows Autopatch is to deliver software updates to registered devices; the service frees up IT and minimizes disruptions to your end users.

To avoid end-user disruption, device deregistration in Windows Autopatch only deletes the Windows Autopatch device record itself. Device deregistration can’t delete Microsoft Intune or the Azure Active Directory device records. Microsoft assumes you’ll keep managing those devices yourself in some capacity.

Patch My PC

Windows Autopatch does not require any specific hardware. It works with all supported versions of Windows 10 or 11 Enterprise, Professional editions, and Windows 365 for Enterprise.

Windows Autopatch reporting and messaging capabilities are designed to allow visibility into update status, and device health, and offer insights into your estate. Check More details on Windows Autopatch Quality Updates Report In Intune MEM Portal -> Windows Autopatch Quality Updates Report In Intune MEM Portal.

Refer to the step-by-step Windows Autopatch setup guide to implement Windows Autopatch in your environment,➡️Windows Autopatch Implementation Guide.

Exclude Device from Windows Autopatch

If you need to de-register a device from the Windows Autopatch service, let’s follow the steps in the MEM Admin Portal.

Click on Devices - Exclude Device from Windows Autopatch 1
Click on Devices – Exclude Device from Windows Autopatch 1

Under Windows Autopatch, Devices. The Ready tab shows devices successfully registered to the Windows Autopatch service.

The Not ready tab is to help you identify and remediate devices that don’t meet the pre-requisite checks to register into the Windows Autopatch service.

Note – This Not ready tab only shows devices that didn’t successfully register into Windows Autopatch.

Registered Devices - Exclude Device from Windows Autopatch 2
Registered Devices – Exclude Device from Windows Autopatch 2

Before moving to the de-register process, You can validate the groups for the enrolled device to Windows Autopatch services. Based on the deployment group assignment, you can see the added device part of Modern Workplace Devices – Test and multiple groups. You can view Group Membership for Intune Managed Devices.

Important – Removing devices from the Windows Autopatch Device Registration Azure AD group doesn’t deregister devices from the Windows Autopatch service.

Device Group Membership - Exclude Device from Windows Autopatch 3
Device Group Membership – Exclude Device from Windows Autopatch 3

Select the device(s) you want to deregister in either the Ready or Not ready tab. Once a device or multiple devices are selected, select Device actions, then select Deregister device.

Deregister Device - Exclude Device from Windows Autopatch 4
Deregister Device – Exclude Device from Windows Autopatch 4

Click on Deregister Devices, Deregistering the selected device will remove the devices from being managed by Windows Autopatch.

Deregister Devices - Windows Autopatch
Deregister Devices – Windows Autopatch

When you deregister a device from the Windows Autopatch service, the device is flagged as “excluded,” so Windows Autopatch doesn’t try to reregister the device into the service again.

The deregistration command doesn’t trigger device membership removal from the Windows Autopatch Device Registration Azure Active Directory group.

Important⚠️The Azure AD team doesn’t recommend appending query statements to remove the specific device from a dynamic query due to dynamic query performance issues.

Re-Registered Devices In Windows AutopatchExcluded Devices

The question is, What if I want to reregister the same device into Windows Autopatch? Will I still have access to the service?

Suppose you want to reregister a device that was previously deregistered or exclude device from Windows Autopatch. In that case, you must submit a support request with the Windows Autopatch Service Engineering Team to request the removal of the “excluded” flag set during the deregistration process.

After the Windows Autopatch Service Engineering Team removes the flag, you can reregister a device or a group of devices.

In the MEM admin portal, Navigate to Tenant administration > Windows Autopatch > Support requests. Click on New Support Request and follow the on-screen instructions.

Support Requests - Re-Registered Devices In Windows Autopatch
Support Requests > Re-Registered Devices – Exclude Device from Windows Autopatch 5

Windows Autopatch Device Actions Option Grayed Out

The Windows Auotpatch user interface helps IT admins detect and troubleshoot device readiness statuses seamlessly with actionable in-UI device readiness reports for unregistered devices or unhealthy devices.

When you click on Not ready tab, You will see the list of devices that didn’t successfully register into Windows Autopatch. You will find out the devices whose status reflects prerequisite failed.

The Not ready tab is to help you identify and remediate devices that don’t meet the pre-requisite checks to register into the Windows Autopatch service.

You can click on a device to check why it wasn’t registered and how to remediate devices that failed to meet Windows Autopatch Device Registration pre-requisites. Once its prerequisites checks are completed successfully, The Device actions button will automatically be activated.

Windows Autopatch Device Actions Option Grayed Out
Windows Autopatch Device Actions Option Grayed Out – Exclude Device from Windows Autopatch 6

Author

About Author – Jitesh, Microsoft MVP, has over five years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.