Microsoft Releases Window Autopatch Improvements

Microsoft this week described Windows Autopatch version 2208 improvements for IT pros, plus some perks to come.

Windows Autopatch is a service where Microsoft takes over the installation of "quality" and "feature" software updates on Enterprise and Pro editions of Windows 10 and Windows 11 devices for organizations. The service also handles updates to Microsoft 365 Apps for Enterprise, plus the Microsoft Edge browser.

Version 2208 Improvements
One improvement in Windows Autopatch concerns detecting the state of devices and their readiness to receive software updates. Microsoft improved this aspect in version 2208, stating that "IT admins can easily detect and take action to remediate configuration mismatches or other issues in their environments" that may block software updates.

Windows Autopatch also will now display the devices that don't meet Microsoft's readiness checklist for being managed under the service. These devices now get listed under new "tab" called "Not registered" in the Microsoft Endpoint Manager Admin Center portal. Devices have to pass about eight checks, including a check on the use of "conflicting Windows Update policies."

Organizations with devices that fail to pass Microsoft's readiness checks can "get specific solution steps right in the Devices blade" of that portal, the announcement explained. Microsoft also added a "Windows Quality Updates" reporting capability to the Microsoft Endpoint Manager Admin Center portal.

Another of the new improvement made by Microsoft to Windows Autopatch concerns how IT departments access it. Microsoft streamlined the process with "a 50% reduction in prerequisites." It also added "new core service permissions, based on a least-access approach and a limit in the service scope."

The less burdensome access to Windows Autopatch happened after Microsoft switched its "Modern Workplace Management" app over to a "certificate-based authentication" approach, the announcement explained. The Modern Workplace Management app is described as "a service principal created by Windows Autopatch." It's used to specify groups with various device configurations, per this Microsoft document description.

Microsoft's announcement also suggested that it has fixed problems for Windows Autopatch users that were also trying to use Microsoft's Conditional Access service.

"If you previously avoided piloting Windows Autopatch because of Conditional Access concerns, we invite you to try again," the announcement stated, without offering further details.

More To Come
The announcement suggested that Microsoft would have more to say about Windows Autopatch at the Microsoft Ignite event, happening in October. Microsoft is planning to announce a "self-serve deregistration process and a new Tenant Management blade" at some point, the announcement indicated, without elaboration.

Microsoft commercially released the Windows Autopatch service back in July. It's available at no extra cost for organizations with Windows Enterprise E3 or E5 licenses, plus Azure Active Directory Premium and Microsoft Intune licenses.

The announcement hinted that Microsoft is planning to release Windows Autopatch for its government and academic licensees as well.

"For those hoping to get an update on when Windows Autopatch might be available for Education and Government customers, know that there's work in progress in that area, but nothing more we can share at this time," the announcement stated.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube