What is Windows Autopatch?
Windows Autopatch is a new service that automates the process of managing and rolling out updates for Windows and Microsoft 365 apps. It manages all aspects of deployment groups for Windows 10 and Windows 11 quality and feature updates, as well as driver, firmware, and Microsoft 365 Apps for enterprise updates.
When can I get it?
By July 2022, Autopatch will be offered as a feature to Windows 10/11 Enterprise E3 and above at no additional cost.
Does Windows Autopatch affect Patch Tuesday?
Monthly security and quality updates for supported versions of the Windows and Windows Server operating systems will continue to be delivered on the second Tuesday of the month (commonly referred to as Patch Tuesday or Update Tuesday) as they have been to date.
How does Windows Autopatch ensure updates are done successfully?
Updates are applied to a small initial set of devices, evaluated, and then graduated to increasingly larger sets, with an evaluation period at each progression. This process is dependent on customer testing and verification of all updates during these rollout stages. The outcome is to ensure that registered devices are always up to date and disruption to business operations is minimised, which will free an IT department from that ongoing task.
How does Windows Autopatch work?
Windows Autopatch leverages Windows Update and other service components to update devices. It simply provides a solution for those companies seeking a more automated and "hands off" approach to deploying updates.
What is the difference between Windows Update for Business and Windows Autopatch?
Windows Autopatch is a service which removes the need for organisations to plan and operate the update process. Windows Autopatch moves the IT orchestration burden from the customer to Microsoft. Windows Autopatch uses Windows Update for Business as well as other service components to update devices. Both are part of Windows Enterprise E3.
What happens if there is an issue with an update?
Windows Autopatch relies on three key capabilities to help resolve update issues:
- 'Halt' feature – Updates will not progress to the next ring unless targets for stability are met. Customers can also pause the update.
- 'Rollback' feature – If devices don't meet performance targets after being updated, the updates may be undone automatically.
- 'Selectivity' feature – Portions of an update with no issues may be passed on while portions that don't perform to target may be halted or rolled back selectively and automatically
What are the key advantages and disadvantages of Autopatch?
As a managed service, the burden is on Microsoft instead of IT admins to manage orchestration for patch deployment to devices, saving internal IT teams’ time. It also helps close the production and productivity gaps between update release and rollout.
Furthermore, Autopatch utilises four deployment rings. The first “test” ring contains a small number of your organisation’s devices. The second ring contains 1% of all those devices. The third ring contains 9% of the devices. Finally, the last ring contains 90% of all of your enterprise’s devices. The listed ratios are managed automatically. However, your devices can also be moved manually if you so choose.
Currently, Windows Autopatch only supports Windows 10 and 11 so Linux, macOS, and third-party applications still require additional products and processes. It is also worth noting that Windows Server is not managed by Autopatch, so a comprehensive patching and configuration product and process are essential to reducing your attack surface.
There is still much more to be announced around this new feature, but it certainly offers some useful benefits and will no doubt remove some of the burden on internal teams.
Support & Next Steps
Advanced’s relationship with Microsoft goes back over 30 years and as a Gold Partner with numerous competencies, we have a team of experts on-hand to provide advice and support whenever needed. If you’d like to discuss how we can help ensure you’re getting the most out of your licensing or help with new features, contact us today.
Written by Josh Emptage