Microsoft Windows Autopatch is now generally available for enterprise

Image:

Microsoft Windows Autopatch is now generally available for enterprise

It aims to relieve IT administrators of the load of monthly updates by transferring it to Microsoft

Microsoft has announced the general availability of a service called Autopatch that automatically updates Windows and Office software on enrolled endpoints.

The feature is available for customers with Windows Enterprise E3 and E5 licences. However, it is not available to Windows Education (A3) or Windows Front Line Worker (F3) subscribers, and Microsoft does not intend to make Autopatch available to its government subscribers.

"The public anticipation surrounding Windows Autopatch has been building since we announced it in April. Fortunately for all, the wait is over," Lior Bela, a senior product marketing manager at Microsoft, said.

"We are pleased to announce that this service is now generally available for customers with Windows Enterprise E3 and E5 licences."

"Microsoft will continue to release updates on the second Tuesday of every month and now Autopatch helps streamline updating operations and create new opportunities for IT pros," Bela added.

Windows Autopatch enterprise service was first revealed in April, when Microsoft said the main aim of the feature is to relieve IT administrators of the load of monthly updates by transferring it to Microsoft.

This new service will automatically handle the deployment of quality and feature updates for Windows 10 and Windows 11, as well as updates for drivers, firmware and Microsoft 365 apps for enterprises.

"The takeaway if you're an IT admin? You can continue using the tools and processes you're accustomed to for managing and deploying updates—or you can take a hands-off approach and let Windows Autopatch do it for you," Bela said in April.

Customers need to be running supported versions of Windows 10 and 11 and have Azure Active Directory (Azure AD) in order for Autopatch to function properly on their systems. Microsoft's Intune mobile device management service is also required.

Last month, Microsoft announced a preview release of Autopatch service for enterprises.

Administrators must complete the following steps in order to enrol devices in Windows Autopatch:

Find the Windows Autopatch entry in the Tenant Administration blade of the Microsoft Endpoint Manager admin centre
Select Tenant enrolment
Select the checkbox to agree to the terms and conditions and select 'Agree'
Select 'Enroll'

When Windows Autopatch is configured for a tenant, it works by first installing security updates on a limited group of "test" ring devices.

It then moves on to the "first" ring, which is somewhat bigger and contains 1% of all devices under administration. The "fast" ring contains around 9% of all endpoints, while the "wide" ring contains the remaining devices.

The upgrades are rolled out in stages, first with the test ring and then progressing to the larger groups of devices after a validation phase that enables performance monitoring of the devices and pre-update metrics comparison.

Autopatch also has features like Halt and Rollback, which prohibit changes from being sent to higher rings or rolled back automatically, respectively.

"Windows Autopatch aims to keep at least 95% of eligible devices on the latest Windows quality update 21 days after release," the company says in its documentation.

Microsoft has previously said that Autopatch does not have any specific hardware requirements, although all devices must have CPUs that are currently supported by their respective chipmakers.

According to Microsoft, Windows Autopatch will also support updating of Windows 365 cloud PCs.

"We'll be covering this enhancement [Windows 365 Autopatch support] in the Windows in the Cloud on July 14th and that special episode will be available on demand on Windows IT Pro YouTube Channel later this month, so be sure to subscribe to the channel for updates," the company said.