Microsoft this week announced Windows Autopatch, a new automatic updates service for Windows 10 and 11 Enterprise E3 customers that will manage all software, firmware, driver, and enterprise app updates.
The new feature ensures that Windows and Office products on enrolled endpoints are automatically updated, at no additional cost, helping admins more easily manage the security updates rolled out on the second Tuesday of every month.
“The second Tuesday of every month will be ‘just another Tuesday’,” said Microsoft’s Lior Bela.
Windows Autopatch rolls out updates gradually, to evaluate the deployment and ensure that no issues arise. Thus, all registered devices should be kept updated without disrupting business operations.
“The development of Autopatch is a response to the evolving nature of technology. Changes like the pandemic-driven demand for increased remote or hybrid work represent particularly noteworthy moments but are nonetheless part of a cycle without a beginning or end,” Microsoft notes.
Autopatch, Microsoft says, will eliminate security gaps by delivering important updates in a timely manner, providing enterprises with timely response to changes.
According to Microsoft, Windows Autopatch can detect variations among endpoints to dynamically create 4 testing “rings,” which are groups of devices representative of the diversity within the enterprise environment.
These rings include the ‘test’ ring, containing a minimum number of representative devices, the ‘first’ ring, which contains roughly 1% of the managed devices, the ‘fast’ ring, containing roughly 9% of devices, and the ‘broad’ ring, which contains the remaining 90% of endpoints.
“The population of these rings is managed automatically, so as devices come and go, the rings maintain their representative samples. Since every organization is unique, though, the ability to move specific devices from one ring to another is retained by enterprise IT admins,” Microsoft notes.
With these curated ring populations in place, Autopatch deploys updates progressively, moving from ‘test’ to ‘broad’ after specific validation periods. The service also monitors device performance with pre-update metrics, to balance speed and efficiency and optimize productivity.
With Autopatch in place, all quality updates – those dealing with security, firmware and other essential functionality – are deployed swiftly, Microsoft claims.
Feature updates – which mainly include user interface or experience changes – will be rolled out slower, with 30 days provided for each ring so that users can interact with the software and report issues.
“Whenever issues arise with any Autopatch update, the remediation gets incorporated and applied to future deployments, affording a level of proactive service that no IT admin team could easily replicate. As Autopatch serves more updates, it only gets better,” Microsoft says.
Autopatch comes with a “Halt” feature, where updates will not move from ring to ring unless specific stability targets are met (customers too can halt updates); a “Rollback” feature, where updates can be undone if performance targets are not met; and a “Selectivity” feature, which allows customers to select only portions of the update package to be deployed.
The new service also comes with reporting and messaging capabilities, and with an Autopatch message center, where admins can view details about schedules and update status, as well as details from the Autopatch team.
All Microsoft customers with a license for Windows Enterprise E3 can enroll into Autopatch when it becomes generally available in July 2022, the company says.
The service comes with a built-in readiness assessment tool to check settings in Intune, Azure AD, and Microsoft 365 Apps for Enterprise and help enterprises address identified issues, to make sure all solutions are configured to work with Autopatch.