Microsoft Consolidating Windows Client Patching with Windows Autopatch
Microsoft announced a bunch of Windows management perks during Ignite week.
Many of the improvements described were associated with the Windows 365 and Azure Virtual Desktop services, supported by a new Windows App at preview. However, for enterprise organizations managing Windows desktops, Microsoft suggested that Windows Autopatch, combined with the Windows Update for Business Deployment Service, is becoming its main Windows client and Microsoft 365 applications update management tool.
Windows Autopatch for Enterprises
Windows Autopatch and the Windows Update for Business Deployment Service are becoming "a single service for enterprise customers to update and upgrade Windows devices, Microsoft 365 Apps, Microsoft Teams, and Microsoft Edge," Microsoft explained in this announcement.
Windows Autopatch is a free update management service for organizations with Enterprise E3 and E5 licensing overseeing Windows 10 and Windows 11 clients. It was commercially released last year, and gives Microsoft control over so-called "deployment rings" for triaging client device updates as part of Microsoft's monthly quality update release process.
The Windows Update for Business Deployment Service, on the other hand, has similar capabilities to Windows Autopatch and requires having E3 licensing at minimum. The Windows Update for Business Deployment Service adds more control over Windows client updates than an older Windows Update for Business solution, which is a bunch of cloud-based management configurations.
Microsoft had previously explained that Windows Autopatch uses Windows Update for Business cloud-based policies for its device patching operations, and that notion is also indicated in this Microsoft FAQ document. However, Windows Autopatch and the Windows Update for Business Deployment Service are basically "the same thing," Microsoft's announcement this week explained:
You will no longer need to wonder whether you should be using Windows Autopatch or Windows Update for Business deployment service. The truth is, they are the same thing. Windows Autopatch leverages the Windows Update for Business deployment service and client policies to configure and manage updates for enrolled devices.
The licensing to use Windows Autopatch and the Windows Update for Business Deployment Service isn't changing. Microsoft actually added a new product, namely Microsoft 365 Enterprise F3, as being eligible to use Windows Autopatch. Now, E3, E5 and F3 licensees will be able to use both tools.
The Windows Update for Business Deployment Service remains as an option for "organizations with A3, A5, and Microsoft 365 Business Premium subscriptions," the announcement explained. These licensees apparently aren't eligible to use Windows Autopatch.
New and Coming Windows Autopatch Capabilities
Microsoft described new Windows Autopatch capabilities this week, which are either at preview or yet to come.
At preview is a new reliability report, which shows Windows update "stop error codes," along with "device-specific details." The report also tracks update performance over time and includes troubleshooting capabilities. Windows Autopatch users also have access to device health reporting on "crashes, errors, slowdowns, battery life, disk space, and more."
In 2024, there will other new reporting features in Windows Autopatch including a "device update score," a "device reliability score" and a "device reliability trend" graph. It'll be possible to compare device reliability with past update cycles, Microsoft promised.
In "early 2024," Microsoft is planning to add a preview to Windows Autopatch that will add a "driver and firmware management capability." It'll have "granular control," and let organizations "pause and resume driver deployments." Organizations can also create driver groups for deployment testing purposes.
"This change will remove the limitation of only being able to turn on or off automatic driver updates for all devices," the announcement explained regarding the coming driver and firmware management feature in Windows Autopatch.
Another capability to come at some point will be the ability to use existing Microsoft Intune update profiles to create Windows Autopatch groups. It's currently not possible to use those Intune update profiles, compelling IT pros to create new update groups, Microsoft explained.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.