Skip to content

Patching Windows & Apps using Windows Autopatch

Introduction to Windows Autopatch

Recently,  Microsoft announced the release of a new Cloud Service i.e Windows Autopatch in July of 2022. Windows Autopatch will allow organization to have ring deployment-style, automated Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization. Windows Autopatch aims to keep at least 95% of eligible devices on the latest Windows quality update 21 days after release.

Who can avail this feature ? The feature will be available to customers with Windows Enterprise E3 and above.

How it can help business ?

  • Close the security gap: By keeping software current, there are fewer vulnerabilities and threats to your devices.
  • Close the productivity gap: By adopting features as they’re made available, users get the latest tools to enhance creation and collaboration.
  • Optimize your IT admin resources: By automating routine endpoint updates, IT pros have more time to create value.
  • On-premises infrastructure: By transitioning to the world of software as a service (SaaS) will allow organizations to minimize your investment in on-premises hardware since updates are delivered from the cloud.
  • Minimize end user disruption: By releasing in sequential update rings, and responding to reliability and compatibility signals, user disruptions due to updates are minimized.

What are the prerequisites for Windows Autopatch?

  • Supported Windows 10/11 Enterprise and Professional edition versions
  • Azure Active Directory (Azure AD) Premium
  • Hybrid Azure AD-Joined or Azure AD-joined only
  • Microsoft Intune

Windows Autopatch update Management 

During enrollment, Windows Autopatch creates four Azure Active Directory groups that are used to segment devices into update rings:

  1. Modern Workplace Devices – Test : Devices in this group are intended for your IT Administrators and testers since changes are released here first. Windows Autopatch doesn’t automatically add devices to this ring. You must manually add devices to the Test ring.
  2. Modern Workplace Devices – First : The First ring is the first group of production users to receive a change.
  3. Modern Workplace Devices – Fast : The Fast ring is the second group of production users to receive changes. The signals from the First ring are considered as a part of the release process to the Broad ring.
  4. Modern Workplace Devices – Broad : The Broad ring is the last group of users to receive changes.

Each of the update rings has a different purpose and assigned a set of policies to control the rollout of updates in each management area. When a device is enrolled into the Windows Autopatch service, the device is assigned to an update ring so that we have the right distributions across your estate.

Enrolling your Intune Tenant for Windows Autopatch

Step – 1

Enroll your tenant for Windows Autopatch

2. Windows Autopatch Readiness tool will check if Intune and Azure AD settings are appropriate and meet pre-requisites for Windows Autopatch. Click on View Details to view the details of error messages.

3. Click on Windows Autopatch Promo to get details of the error message.

Click on link to enable Windows Autopatch Promo in your tenant.

Click on Run checks to validate the tenant again.

Once all the errors are fixed, click on ENROLL

Click on Agree to proceed further

Provide the necessary details and click on complete.

Click on continue

Add the devices to Windows Autopatch Device Registration group which you want to be patched using Windows Autopatch.

Click on DISCOVER DEVICES to register devices.

Once all configuration is done, Windows Autopatch will create all the required configuration profiles for Windows devices

This concludes the configuration of Windows Autopatch in your organization.