Microsoft has rolled out the public preview of Windows Autopatch, potentially a much easier way for admins to handle Patch Tuesday.
Patch Tuesday, the second Tuesday of every month, is set to be “just another Tuesday”, Microsoft boasted when it unveiled the Autopatch managed service in April — at least for admins managing customers with Windows Enterprise/Microsoft 365 E3 or E5 licenses.
Windows Autopatch has now entered the public preview for customers to test and will be generally available in July, Microsoft announced in a blogpost. As a managed service, Autopatch is different to Windows Update for Business.
Autopatch promises to keep Windows and Office software on devices enrolled in Microsoft’s MDM solution Intune up-to-date automatically at no additional cost. It can also be used to automate updates for Teams and Microsoft’s Edge browser.
There are several other prerequisites for Autopatch concerning device management, identity management, and network connectivity.
Autopatch works with Windows 10 and 11 Enterprise versions, and will work on virtual machines including Windows 365 Cloud PCs once it’s generally available. It doesn’t cover bring-your-own devices, which are blocked during registration, and only works on corporate-owned hardware that is managed with Intune.
Also, user accounts must be managed by Azure Active Directory or Hybrid Azure Active Directory Join. Microsoft has more details about other prerequisites like network connectivity in its Windows Autopatch document. It also has details about preparing to enroll a tenant into Autopatch.
“Windows Autopatch applies updates to your Windows operating system and configures automatic updates for Office applications,” Microsoft explains. The idea is to close the “security gap” caused by patches not rolling out swiftly enough while also giving admins more time to address other business issues.
Autopatch will deliver Windows updates in the General Availability Channel. Admins can set policies for quality and feature updates independently. They can also see what Autopatch patches have been applied via the Autopatch message center in Endpoint Manager. Patch Tuesday security updates will be applied in the usual timeframe and out-of-band updates are applied as needed.
Autopatch uses the Monthly Enterprise Channel for Office updates, which are also released on the second Tuesday of the month.
“Office rollouts follow a unique, fixed schedule – they do not make use of ring-based progressive deployment and are not controlled by Autopatch,” Microsoft notes.
Autopatch updates for Teams and Edge are different because the update cadence of these apps and services isn’t synced with Windows and Office.
“The Microsoft Teams client application is synchronized with changes to the Teams online service. As a result, updates to this client occur on a different cadence than general Windows or Office updates. Microsoft Edge also has its own update channel to facilitate frequent revisions to the browser. Windows Autopatch progressive deployment is not used for either Teams or Edge updates, nor do the pause or rollback actions apply to either application,” Microsoft said.
Image: Turag Photography/Unsplash