Security Experts:

Connect with us

Hi, what are you looking for?



Windows Autopatch Aims to Make Patch Tuesday ‘Just Another Tuesday’ for Enterprises

Microsoft this week announced Windows Autopatch, a new automatic updates service for Windows 10 and 11 Enterprise E3 customers that will manage all software, firmware, driver, and enterprise app updates.

Microsoft this week announced Windows Autopatch, a new automatic updates service for Windows 10 and 11 Enterprise E3 customers that will manage all software, firmware, driver, and enterprise app updates.

The new feature ensures that Windows and Office products on enrolled endpoints are automatically updated, at no additional cost, helping admins more easily manage the security updates rolled out on the second Tuesday of every month.

“The second Tuesday of every month will be ‘just another Tuesday’,” said Microsoft’s Lior Bela.

Windows Autopatch rolls out updates gradually, to evaluate the deployment and ensure that no issues arise. Thus, all registered devices should be kept updated without disrupting business operations.

“The development of Autopatch is a response to the evolving nature of technology. Changes like the pandemic-driven demand for increased remote or hybrid work represent particularly noteworthy moments but are nonetheless part of a cycle without a beginning or end,” Microsoft notes.

Autopatch, Microsoft says, will eliminate security gaps by delivering important updates in a timely manner, providing enterprises with timely response to changes.

According to Microsoft, Windows Autopatch can detect variations among endpoints to dynamically create 4 testing “rings,” which are groups of devices representative of the diversity within the enterprise environment.

[ READ: Microsoft Introduces New Security Update Notifications ]

These rings include the ‘test’ ring, containing a minimum number of representative devices, the ‘first’ ring, which contains roughly 1% of the managed devices, the ‘fast’ ring, containing roughly 9% of devices, and the ‘broad’ ring, which contains the remaining 90% of endpoints.

“The population of these rings is managed automatically, so as devices come and go, the rings maintain their representative samples. Since every organization is unique, though, the ability to move specific devices from one ring to another is retained by enterprise IT admins,” Microsoft notes.

With these curated ring populations in place, Autopatch deploys updates progressively, moving from ‘test’ to ‘broad’ after specific validation periods. The service also monitors device performance with pre-update metrics, to balance speed and efficiency and optimize productivity.

With Autopatch in place, all quality updates – those dealing with security, firmware and other essential functionality – are deployed swiftly, Microsoft claims.

Feature updates – which mainly include user interface or experience changes – will be rolled out slower, with 30 days provided for each ring so that users can interact with the software and report issues.

[ READ: CISA Urges Organizations to Patch Exploited Windows Vulnerability ]

“Whenever issues arise with any Autopatch update, the remediation gets incorporated and applied to future deployments, affording a level of proactive service that no IT admin team could easily replicate. As Autopatch serves more updates, it only gets better,” Microsoft says.

Autopatch comes with a “Halt” feature, where updates will not move from ring to ring unless specific stability targets are met (customers too can halt updates); a “Rollback” feature, where updates can be undone if performance targets are not met; and a “Selectivity” feature, which allows customers to select only portions of the update package to be deployed.

The new service also comes with reporting and messaging capabilities, and with an Autopatch message center, where admins can view details about schedules and update status, as well as details from the Autopatch team.

All Microsoft customers with a license for Windows Enterprise E3 can enroll into Autopatch when it becomes generally available in July 2022, the company says.

The service comes with a built-in readiness assessment tool to check settings in Intune, Azure AD, and Microsoft 365 Apps for Enterprise and help enterprises address identified issues, to make sure all solutions are configured to work with Autopatch.

Related: Patch Tuesday: Microsoft Calls Attention to ‘Wormable’ Windows Flaw

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet