Microsoft said this week that Windows Autopatch, a service to automatically keep Windows and Microsoft 365 software up to date in enterprise environments, has now reached public preview.
This enterprise service was first announced in April when Redmond said it would be made generally available in July 2022 and offered free to Microsoft customers with a Windows 10/11 Enterprise E3 license or greater.
Windows Autopatch automatically manages the deployment of Windows 10 and Windows 11 quality and feature updates, drivers, firmware, and Microsoft 365 Apps for enterprise updates.
"The takeaway if you're an IT admin? You can continue using the tools and processes you're accustomed to for managing and deploying updates—or you can take a hands-off approach and let Windows Autopatch do it for you," said Lior Bela, a Sr. Product Marketing Manager at Microsoft.
"Changing the way things get done, even when that change makes things easier, gives pause to most people who run large IT organizations. By joining the public preview, you'll be able to get comfortable with Windows Autopatch and ready your organization to take advantage of the service at scale."
The steps needed to enroll a tenant in the Windows Autopatch public preview require admins to:
- Log in to Endpoint Manager as a Global Administrator and find the Windows Autopatch blade under the Tenant Administration menu. If you don't see 'Windows Autopatch' you don't have the right licenses. See Windows Autopatch prerequisites for more information on prerequisites, including licensing.
- Use an InPrivate or Incognito browser window to redeem your public preview code.
- Run the readiness assessment, add your admin contact, and add devices.
Microsoft also provides detailed instructions on how to add devices to your test ring and how to resolve the status of "tenant not ready," or a status of "device not ready" or "device not registered."
Once set up for a tenant, the Windows Autopatch service will automatically break up the organization's device fleet into four groups of devices described by Microsoft as testing rings.
The 'test ring' contains a minimum number of devices, the 'first ring' around 1% of all endpoints that need to be kept up-to-date across a corporate environment, the 'fast ring' roughly 9%, and the 'broad ring" the rest of 90% of devices.
The updates will be deployed progressively, starting with the test ring and moving to the larger sets of devices following a validation period to monitor device performance and compare it to pre-update metrics.
Autopatch also has built-in Halt and Rollback features that block updates from being applied to higher test rings or rolled back automatically.
The main goal behind using this new service is to move the update orchestration from organizations to Microsoft. Once configured, the burden of planning the entire Update process (sequencing and rollout) is also taken out of the hands of the orgs' IT teams.
"Whenever issues arise with any Autopatch update, the remediation gets incorporated and applied to future deployments, affording a level of proactive service that no IT admin team could easily replicate," Bela added.
Microsoft provides further info in the Windows Autopatch support documentation, including details on service eligibility, prerequisites, and features.
Comments
ebayironman - 1 year ago
While the title of the article makes it sound like a great new tool for the average Windows Admin, it really is for those that are ingrained in the MS cloud.
For the average IT Manager, running local workloads without Azure AD etc. It is of no value.
Maybe someday they will port it into something that will integrate with on premises AD?
BH0 - 1 year ago
I think you might be looking for SCCM. It deploys ready-to-use images onto new computers, it offers SW instalation for non-admin users and some more functions (like automatic Windows update). You should check that if you are looking for tool for on premise AD.
The thing Im looking for is updating without restart, like Linux does. But yeah, that will never happen.
mrsleep - 1 year ago
Considering how often MS releases massively buggy patches into the wild, I think I'll stick with WSUS where I have at least some control.
BH0 - 1 year ago
Now, imagine buggy updates distributed through new tool, that is allso buggy :) I mean, this is betatesting! This is "bait" by Microsoft to betatest their product, so they can monetize that for bilions of dollars into corporations. They should pay people who voluntarilly test this, or give free copy of Windows for doing this.