One of Microsoft’s largest announcements about improvements to the Windows management experience for IT professionals last week was Windows Autopatch, a new feature of Windows Enterprise E3 designed to keep Windows and Office software on enrolled endpoints updated automatically.
According to Microsoft, Patch Tuesdays — when the company releases monthly security patches the second Tuesday of every month — will now be “just another Tuesday” and will take the burden off of IT admins who historically have had to plan update rollout and sequencing before critical vulnerabilities are exploited and users miss out on new features.
In a Tech Community blog, Microsoft further expanded on Autopatch, saying it can provide timely response to changes and around introducing new changes, and the value should be felt immediately by IT admins.
Windows Autopatch is expected to be generally available in July, and getting started is designed to be easy, with an Enterprise E3 license or above and Intune or co-management the only prerequisites.
Autopatch will come with a built-in readiness assessment tool that will check relevant settings in Intune, Azure AD and Microsoft 365 for Enterprise to see that they are all configured to work with Autopatch. If any are not configured properly, the service will provide admins with instructions on how to resolve those issues.
Enrollment simply consists of accepting the terms of service and adding administrative contacts. Policies and groups are defined automatically while admins can choose what devices are enrolled and included in specific testing rings.
Testing rings and progressive deployment
Microsoft says Autopatch can detect the variations among endpoints in an estate and dynamically create four testing rings made up of a group of devices that represent the diverse endpoints in an enterprise.
Deployment rings include Test, First, Fast, Broad, with the amount of devices touched in each ring expanding sequentially until “Broad,” when all devices are updated.
Admins can move specific devices from one ring to another, but the population o the rings is managed automatically so they maintain their representative samples as devices come and go, Microsoft says.
Microsoft says Autopatch uses a “progressive update deployment” so updates are installed in the test ring devices and progress onto the next ring for a period of testing, and so on. As more devices receive updates, Autopatch will monitor device performance and compare it to pre-update metrics, in addition metrics from the previous ring.
“The result is a rollout cadence that balances speed and efficiency, optimizing productive uptime,” Microsoft says.
Autopatch will prioritize security, firmware and essential functionality, and feature updates that involve changes to user interfaces or user experiences will be rolled out more slowly. The company says each ring is afforded 30 days so users can interact with software and report and issues that aren’t automatically detected.
When issues are detected
If any issues arise with Autopatch, the remediation is incorporated and applied to future deployments, Microsoft says.
When issues arise due to feature updates, Autopatch features three capabilities to keep users productive, including Halt, which will prevent updates from moving ring to ring unless stability targets are met. Admins can manually halt updates as well. Admins can also use the Rollback feature that will undo the updates if devices aren’t meeting performance benchmarks. The Selectivity feature allows admins to choose portions of an update package to be passed on, and portions that don’t perform well can be halted or rolled back selectively and automatically, the company says.
For visibility, Microsoft included a reporting and messaging feature in Autopatch to give admins insight into update status, device health and their entire IT environment. The message center will include information about schedules, update status and details from Microsoft’s Autopatch team, according to the company’s blog.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!