Microsoft Releases Windows Autopatch Preview

Microsoft this week announced that its new Windows Autopatch service is now available as a preview release for organizations.

The idea behind Windows Autopatch is that Microsoft will take over much of the monthly "update Tuesday" patching for organizations, including quality and security patches. The service also handles automatic driver updates (but not the manual ones) for organizations. Autopatch installs feature updates, too, which are new Windows 10 or Windows 11 operating system replacements that arrive once per year.

Windows Autopatch is expected to reach the "general availability" commercial-release stage next month. It's a patch service that's just for organizations using Windows 10 and Windows 11 Enterprise editions, plus it performs patching for Microsoft 365 E3/E5 tenancies. Organizations with such licensing and meeting Autopatch's prerequisites can use Windows Autopatch, which will be available to them at no extra cost.

The preview lets organizations "get comfortable with Windows Autopatch" for later deployment. When Autopatch reaches the general availability stage, organizations can "keep using the service as you have been" and "enrolled devices will stay enrolled," Microsoft promised.

Microsoft is planning to answer questions about Autopatch in an upcoming "Ask Microsoft Anything" Tech Community event on June 15, starting at 8:00 a.m. Pacific Time.

Autopatch Clarifications
The announcement included a few clarifications since the product's introduction last month.

Notably, Autopatch doesn't handle all of an organization's patching needs. The Microsoft Edge browser and the Microsoft Teams collaboration service have their own patching mechanisms and aren't part of the Autopatch service, for instance.

Microsoft does not have plans to offer Autopatch to its government subscribers and it isn't available to academic (A3/A5) subscribers, according to an updated Microsoft FAQ.

There are no plans to support Windows Server with Autopatch.

Microsoft had previously indicated that Autopatch had no specific hardware requirements, although all devices have to need to be using processors that are still supported by their chipmakers. The announced updated that detail to explain that "bring-your-own device (BYOD) scenarios are not currently supported" by Autopatch.

Devices with a pure local domain join are not supported by Autopatch. There's a requirement for devices to be joined via Azure AD or "hybrid" AD (meaning the use of Azure AD synced with local Active Directory).

Testing Rings Only for Windows
Autopatch takes the burden off IT pros from having to manually configure so-called testing "rings" for Windows 10 or Windows 11 feature update releases. The service does this grouping and device triaging for them. The idea is to test a Windows feature update with a small group of users before a larger OS rollout.

However, when it comes to Office 365 updates, Autopatch just applies the monthly enterprise channel patches. There's no preliminary testing rings structure for Office 365 updates with the Autopatch service.

"Office rollouts follow a unique, fixed schedule -- they do not make use of ring-based progressive deployment and are not controlled by Autopatch," the announcement clarified.

Last month, Microsoft gave notice that it was switching Microsoft 365 Apps semiannual channel users over to the monthly enterprise channel, unless they had taken action to defer the change.

Autopatch Based on Windows Update for Business
For Windows updates, Microsoft already has a somewhat simplified patch option known as "Windows Update for Business." It requires IT pros to manually set up testing rings, though.

It turns out that Autopatch actually uses Windows Update for Business. Autopatch is just easier to use, Microsoft's updated FAQ explained.

"Windows Autopatch leverages Windows Update for Business and other service components to update devices," explained Heather Poulsen, a Microsoft Tech Community manager. "It simply provides a solution for those companies seeking a more automated and 'hands off' approach to deploying updates. Those who want or need to manage and customize the update experience -- using tools such as Windows Update for Business, Microsoft Endpoint Manager, and WSUS -- can continue to do so."

Patch and Update Problems
For patches and updates that are problematic, Autopatch offers some options.

IT pros (or Microsoft) can use a Halt feature to stop the distribution of a Windows feature update to the next testing ring. A Rollback feature is available for cases of poor performance after an update, which "may be undone automatically." Lastly, Microsoft has a Selectivity feature which rolls back "portions of an update" -- something that Microsoft used to tout as a general bad practice for organizations.

Despite the FAQ, it's not clear if Microsoft will take control if a rollback isn't possible and manual workarounds need to be applied.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube