Back in April, Microsoft announced a new service called Windows Autopatch for enterprise customers. It was pitched as a way to automate updates while empowering IT admins to ensure that endpoints are healthy and compliant through ring-based, staggered deployments. IT admins would also have the ability to reverse updates easily if something does go wrong.
There was some confusion recently that the arrival of Windows Autopatch would mean the end of Patch Tuesday as we know it. Microsoft has since been publishing more documentation about its upcoming service to emphasize that this is not the case.
Microsoft had stated that Windows Autopatch would become available for Enterprise E3 and E5 customers in July and true to its word, the service has been rolled out generally today.
For those who are still unsure about how Windows Autopatch works, the graphic below should help. Essentially, Microsoft will use deployment tools like Windows Update for Business on your behalf to ensure that Windows 10, Windows 11, Microsoft Edge, Teams, and other Microsoft 365 services are automatically updated. This includes the creation of testing rings, monitoring health, and rolling back updates if needed.
Microsoft has further noted that:
The idea of delegating this kind of responsibility may give some IT administrators pause. Changing systems in any way can cause hesitation-but unpatched software can leave gaps in protection-and by keeping Windows and Microsoft 365 apps updated you get all the value of new features designed to enhance creativity and collaboration.
Because the Autopatch service has such a broad footprint, and pushes updates around the clock, we are able to detect potential issues among an incredibly diverse array of hardware and software configurations. This means that an issue that may have an impact on your portfolio could be detected and resolved before ever reaching your estate. And as the service expands and grows, the ability to detect issues will get more robust. Microsoft invests resources into rigorous testing and validation of our releases. We want to give you the confidence to act
[...] In some organizations, where update deployment rings are already in place, and the update process is robust, the appetite for this kind automation may not be as strong. In talking to customers, we're learning how to evolve the Autopatch service to meet more use cases and deliver more value and are excited for some of the developments which will be announced in the upcoming months in this blog.
Moving forward, Microsoft will be hard at work to get Windows Autopatch to update Windows 365 Cloud PCs as well. You can find out more details about Autopatch deployment here and participate in dedicated community discussions here.