On April 5, Microsoft announced the coming release of a new service in July of 2022. The Windows Autopatch will allow ring deployment-style, automated patch management for Windows 10 and Windows 11. The feature will be available to customers with Windows Enterprise E3 and above.
It’s no secret that many organizations regularly test patches in their environments to ensure their updates are functional across their devices and installed software before they implement them. But, depending on exactly how those patches get tested, there can be a troubling lag time between when patch updates are released and when they’re actually deployed across the organization. Windows Autopatch aims to eliminate the delay.
What is Windows Autopatch?
Again, the new feature of Windows Enterprise E3 and up allows ring deployment-style patch management for Windows 10/11. It also requires Microsoft Intune or Azure AD premium for co-management.
What are the prerequisites for Windows Autopatch?
Azure Active Directory (Azure AD)
Windows 10/11 supported versions
Hybrid Azure AD-Joined or Azure AD-joined only
Configuration Manager, version 2010 or later
Switch workloads for device configuration, Windows Update and Microsoft 365 Apps from Configuration Manager to Intune (min Pilot Intune)
What are the licensing requirements for Windows Autopatch?
Windows 10/11 Enterprise E3 and up
Azure AD Premium (for co-management)
Microsoft Intune (includes Configuration Manager, version 2010 or greater via co-management)
To learn more about Autopatch requirements, you can access Microsoft's FAQs here.
And if you’re wondering what Windows Autopatch updates, check out the list below.
Autopatch updates the following:
Windows 10 and Windows 11 quality
Windows 10 and 11 features
Windows 10 and 11 drivers
Windows 10 and 11 firmware
Microsoft 365 apps for enterprise updates
It should also be noted Windows Autopatch will also specifically patch drivers and firmware that are only published to Windows Update as automatic.
Furthermore, Autopatch utilizes four deployment rings. The first “test” ring contains a small number of your organization’s devices. The second ring contains 1% of all those devices. The third ring contains 9% of the devices. Finally, the last ring contains 90% of all of your enterprise’s devices.
The listed ratios are managed automatically. However, your devices can also be moved manually if you so choose. And, like any new feature, Windows Autopatch offers several pros. But there are some cons to the feature as well.
Windows Autopatch Pros
The highly-anticipated Windows feature will offer a couple of benefits like the following:
The ability to use ring deployment to manage your Windows environment
As a managed service, the burden is on Microsoft instead of IT admins to manage orchestration for patch deployment to devices
Windows Autopatch Cons
As important as the product’s offered pros, however, are its perceived cons:
The feature is only useful for Windows 10 and 11 device management
Autopatch support for Windows Server is not on the roadmap
You must use the feature in conjunction with Azure AD and Intune
Windows Autopatch is of no use to those with Mac or Linux OS
If your organization requires third-party application support, Windows Server, or other operating systems like macOS or Linux, you won’t get it with Windows Autopatch.
Microsoft Autopatch: The Takeaway
There is still much to be announced around the feature, so we'll have to wait to determine how useful it is for customers.
We do know, however, that Windows Server is not managed by Autopatch. Servers often run business-critical applications or are exposed to the internet, so a comprehensive patching and configuration product and process are essential to reducing your attack surface.
And finally, Linux, macOS, and third-party applications still require additional products and processes. So, even though this feature may help manage Windows 10 and 11 updates, organizations cannot forget they’ll still need to patch everything else outside of the Microsoft workstation ecosystem.
Automox for Easy IT Operations
Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day.
Demo Automox and join thousands of companies transforming IT operations into a strategic business driver.