Now that Windows Autopatch is a few months old, Microsoft is making it even easier for IT admins to update their users’ Microsoft systems and ease their burden on Patch Tuesdays with new features such as application-only authentication and reporting on quality updates.
Microsoft calls the updates a “direct result of feedback” from Autopatch users, and the company welcomes more feedback so it can better refine the service.
The most significant new update made to Autopatch is a change in the way the service interacts with customer tenants, including a new certificate-based authentication leveraging Microsoft’s first-party application “Modern Workplace management.” This took effect on Aug. 18.
In a blog, Microsoft says this is a dramatic security improvement to Autopatch and reduces a lot of complex back-end workload of password rotation across customer environments. In addition, this streamlines the tenant enrollment process with a 50% reduction in prerequisites.
The update removed three service accounts, four groups and one Conditional Access policy, Microsoft says. Read this documentation for more information.
Microsoft says the security improvements extend to new core service permissions, based on a least-access approach and a limit in the service scope. Configurations made using CSPs have been moved to the settings catalog to increase transparency, the company adds.
Those who enrolled their tenant in Autopatch before Aug. 17 will get instruction son how to remove the service accounts previously created.
Microsoft is also rolling out post-registration device readiness checks that allow IT admins to detect and remediate configuration mismatches or other issues in their environments that prevent devices from getting software update via Autopatch. Devices that don’t meet prerequisites and won’t be registered with Autopatch are now displayed in a new “Not registered” tab.
Autopatch will also detect whether devices have conflicting Windows Update policies managed via Group Policy or Microsoft Intune, the company says. Read this documentation for more information.
Lastly, Microsoft introduced new reporting capabilities to help IT admins with security and compliance, including the ability to generate reports on enrolled devices.
The company teased that new Autopatch announcements may be made at the company’s upcoming Ignite event.
Leave a Reply