In this post, I will demonstrate how to deregister devices from Autopatch Service in Intune. When you deregister a device from Windows Autopatch service, the device is flagged as “excluded“. This ensures Windows Autopatch doesn’t try to re-register the device into the service again.
Intune Admins can deregister a single device or multiple devices from the Windows Autopatch service. If you don’t want a device to be patched by Autopatch service, you can deregister and exclude it completely from patching.
Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization.
The steps covered in this guide apply only if you have set up Windows Autopatch service and enrolled the devices into the service. Using the Device actions in Window Autopatch, you can exclude a device from Windows Autopatch.
When you implement Windows Autopatch in your setup and enroll multiple Windows devices into the services, you may want to include or exclude devices. To exclude any device from the Windows Autopatch service, you must first deregister the device.
How to Deregister Devices from Windows Autopatch Service
You can deregister a device from the Windows Autopatch service with following steps:
- Sign in to the Microsoft Intune Admin Center.
- In the left navigation menu, select Windows Autopatch > Devices.
- From the list of devices, select the device(s) you want to deregister.
- Now click Device Actions, then select Deregister Device.
On the Deregister Device window, you see the following message. Ensure you understand what happens when you deregister a device from Windows Autopatch. To proceed with deregistering a device, click Deregister Devices.
Deregistering the selected devices is permanent and will remove the devices from being managed by Windows Autopatch. This action does not remove the Intune or the Azure AD device record, it only removes the Windows Autopatch device record. When you remove devices from the Windows Autopatch service, they're flagged as "excluded" so Windows Autopatch doesn't try to re-register the device into its service again. The de-registration command doesn't trigger device membership removal from the Windows Autopatch Device Registration Azure AD group. To re-register a device that was previously deregistered from Windows Autopatch, you must submit a support request with the Windows Autopatch Service Engineering Team.
Shortly, a notification appears in the top-right corner of the screen showing the total number of devices removed or deregistered. This indicates that you have successfully deregistered devices from Windows Autopatch service.
What happens when you deregister a device from Windows Autopatch Service?
When you deregister a device from Windows Autopatch service, the device is flagged as “excluded“. Once the device is set as excluded, Windows Autopatch will not register this device into the service again. You have basically excluded the device from Windows Autopatch.
It should be noted that when you deregister a device from Windows Autopatch, it only deletes the Windows Autopatch device record. Device deregistration can’t delete Microsoft Intune and/or the Azure Active Directory device records.
The deregistration command doesn’t trigger device membership removal from the Windows Autopatch Device Registration Azure Active Directory group. Therefore, even after deregistering a device, it will be still part of the Windows Autopatch Device Registration AAD group.
Note: Removing devices from the Windows Autopatch Device Registration Azure AD group doesn’t deregister devices from the Windows Autopatch service. So, you shouldn’t delete any devices from that group if you need to deregister devices.
Reregister a deregistered device from Windows Autopatch
If you want to reregister a device that was previously deregistered from Windows Autopatch, you must submit a support request to the Windows Autopatch Service Engineering Team to clear the excluded flag of the deregistered device.
In the support ticket, you can add details about the device for which you want to request for the removal of the “excluded” flag set during the deregistration process. After the Windows Autopatch Service Engineering Team removes the flag, you can reregister a device or a group of devices.
Create Support Request to Reregister Device in Windows Autopatch
You can request the Windows Autopatch Service Engineering Team to reregister a device by creating a new support request. Sign in to the Microsoft Endpoint Manager. Go to Tenant Administration > Windows Autopatch > Support Requests. To create a new support request, click +New Support Request.
On Create support request page, enter the details of the ticket which includes Title, Category, and Subcategory.
- Title: Enter a relevant title of the issue that you’re facing with Windows Autopatch.
- Category: Select the category which is either Devices or Updates.
- Sub-category: Select Device Registration and deregistration.
Click Next to continue.
On the Details tab, provide the issue description, number of users or devices that are impacted, the date and time when you encountered this issue. You can also add troubleshooting steps that you have performed so far.
You must also provide admin contact details so that Autopatch Engineering team can contact you. Learn how to add admin contact details in Windows Autopatch. Click Next.
On the Review+Create tab, review the support ticket details and click Create.
A new support request is not created and submitted to the Windows Autopatch engineering team. You can see the Windows Autopatch support ticket ID under Tenant Admin > Windows Autopatch > Support Requests.
You also receive an email notifying about the new support request logged with Microsoft Autopatch team. In a few hours, the support team will contact you asking for details (in case you have missed it, adding in the support request). Once you provide the asked details, the Windows Autopatch engineering team will clear the exclusion flag for that device, and you can reregister the same device in Autopatch service.
Hiding Unregistered Devices
You can hide unregistered devices in Windows Autopatch that don’t expect to be remediated anytime soon. To hide unregistered devices, use these steps:
- Sign in to the Microsoft Intune Admin Center.
- Select Windows Autopatch in the left navigation menu and then select Devices.
- In the Not ready tab, select an unregistered device or a group of unregistered devices you want to hide, then select Status == All.
- Unselect the Registration failed status checkbox from the list.