Microsoft announced that Windows Autopatch, a service designed to automatically keep Windows and Office software up to date, will be released in July 2022.
Windows Autopatch is a new managed service offered for free to all Microsoft customers who already have a Windows 10/11 Enterprise E3 or above license.
"This service will keep Windows and Office software on enrolled endpoints up-to-date automatically, at no additional cost. The second Tuesday of every month will be 'just another Tuesday'," promised Lior Bela, a Sr. Product Marketing Manager at Microsoft.
"Windows Autopatch manages all aspects of deployment groups for Windows 10 and Windows 11 quality and feature updates, drivers, firmware, and Microsoft 365 Apps for enterprise updates."
It moves the update orchestration from organizations to Microsoft, with the burden of planning the Update process (including rollout and sequencing) no longer on the orgs' IT teams.
Windows Autopatch works with all supported versions of Windows 10 and Windows 11 and with Windows 365 for Enterprise.
How does Autopatch work?
The Windows Autopatch service automatically breaks up the organization's device fleet into four groups of devices known as testing rings.
The 'test ring' will contain a minimum number of devices, the 'first ring' around 1% of all endpoints that need to be kept up-to-date, the 'fast ring' roughly 9%, and the 'broad ring" 90% of all devices.
"The population of these rings is managed automatically, so as devices come and go, the rings maintain their representative samples. Since every organization is unique, though, the ability to move specific devices from one ring to another is retained by enterprise IT admins," Bela added.
Once the testing rings are set up, updates will be deployed progressively, beginning with the test ring and moving to larger sets of devices following a validation period through which device performance is monitored and compared to pre-update metrics.
Autopatch also comes with Halt and Rollback features that will automatically block updates from being applied to higher test rings or rolled back automatically.
"Whenever issues arise with any Autopatch update, the remediation gets incorporated and applied to future deployments, affording a level of proactive service that no IT admin team could easily replicate. As Autopatch serves more updates, it only gets better," Bela vowed.
Microsoft provides further details in a Windows Autopatch FAQ, including information on service eligibility, prerequisites, and features.
Comments
DFlood - 2 years ago
One more step down the road towards "We control everything, hand over your credit card". And I'll bet it's implemented as "reboot NOW!" which really upsets people like C-Level staff.
NoneRain - 2 years ago
All updates can be managed in Enterprise...
Wpq - 2 years ago
> which really upsets people like C-Level staff
This is the last of my concerns. I made it clear to my peers that it is either this or a written request on their part to not be protected, with the risk of having their data stolen yada yada yada.
Suddenly everyone is fine with the reboots.
jimmyjones1256 - 2 years ago
Yay. Now you have even less of an idea on when a buggy update will get rolled out.
NoneRain - 2 years ago
Read the article:
"The Windows Autopatch service automatically breaks up the organization's device fleet into four groups of devices known as testing rings.
The 'test ring' will contain a minimum number of devices, the 'first ring' around 1% of all endpoints that need to be kept up-to-date, the 'fast ring' roughly 9%, and the 'broad ring" 90% of all devices."
"[...]the ability to move specific devices from one ring to another is retained by enterprise IT admins"
Paradroyd - 2 years ago
Unfortunately, given the well established track record of updates vs the theoretical "what should happen", I'm afraid that the relevant sub string to take away from this is, "automatically breaks".
How is this going to work with "frozen" public access computers, where the freezing/thawing of the systems has to be coordinated with updates?
TsVk! - 2 years ago
There is no way in the world we'll be deploying this on our domain, they couldn't pay us to run it. It often takes a month for the mess and fallout to be cleared up from an update before we start our own tiered rollout.
How many times have you read about Win updates breaking things? and now they want us to hand over our update schedule to them. :P
mrsleep - 2 years ago
Well, that's terrible change.
It's nice to have some semblance of control so you can it head it off at the pass when MS releases a buggy patch.