After an incredible year of increased security and productivity, today we recap the current capabilities of Windows Autopatch, highlight new features coming to general availability, and look ahead to more value being added to the service. Whether you're a long-time user or just learning about Autopatch, there's something for everyone below, so read on!
The first anniversary of Windows Autopatch
The idea for Windows Autopatch came from our customers. As the transition to hybrid work accelerated, managing enterprise endpoints became more complex, and as cybersecurity threats posed increasing risk, the need for applying updates in a timely fashion became more urgent. IT admins asked for help – and we at Microsoft realized we could manage much of the update process on behalf of our customers. The result: Windows Autopatch!
A still from the video explainer that launched with Windows Autopatch
Over the last year we've heard positive feedback from customers about the time and effort they save updating Windows, Microsoft 365, Microsoft Edge, and Microsoft Teams apps. When those conversations also surface ideas about how Windows Autopatch can be even more helpful, we listen.
This latest set of additional features comes directly from customer requests for customizations and flexibility to meet the needs of large enterprises while maintaining the simplicity that makes Autopatch so helpful.
New features become generally available July 25, 2023
In our May 2023 announcement, we announced the public preview of features that extend the capability of Windows Autopatch. We are excited to announce that these features will be generally available beginning July 25, 2023. Current customers will also see an announcement in the Microsoft Intune message center detailing updates to the service.
May's blog introduced the public preview of exciting new capabilities
Before explaining these new capabilities, here is brief recap of Windows Autopatch.
What can Windows Autopatch do for enterprises?
Autopatch is built on the deployment service and core features of Windows Update for Business. So an IT administrator could configure many of the operations managed by Autopatch themselves. But, the value of the Windows Autopatch service extends beyond the orchestration of updates and time-saving:
Among the most-requested capabilities from customers was to be able to configure Windows Autopatch to match existing organizational needs or structures.
The resulting features allow IT admins to apply different sets of Autopatch rules to sets of devices as needed:
The default behaviors and settings of the service are configured to meet the needs of most organizations. The introduction of custom settings allows more enterprises to take advantage of Autopatch automation while addressing their unique use cases as with these content controls:
Customers have emphasized the importance of having visibility into all the work that Autopatch is doing on their behalf. A refresh is coming to Autopatch reporting with this July 25 GA announcement that gives more confidence to IT admins that the service is working, more help in resolving issues that may arise, and new banners and notifications help admins identify issues that require attention.
While all these features add up to a more powerful and helpful solution – and we're proud to acknowledge all the progress made in just one year – the development and enhancement of the service will continue. We are grateful to all the developers, product managers who have built this service, and to the customers who have enrolled devices and shared their experiences with our team to help it get better.
All about Windows Autopatch
If you want to share feedback, request features, or ask questions, please join our Windows Autopatch Tech Community. For those who want to learn more about the value the service has brought to other enterprises, read this report commissioned from Forrester: New Technology: The Projected Total Economic Impact™ Of Windows Autopatch Cost Savings And Business Benefits Enabled By Windows Autopatch March 2023.
If you want to experience Windows Autopatch before enrolling devices, we have extensive demos – including some on the newly released features discussed above – at aka.ms/AutopatchDemo. And, finally, if you want to dive deeper, you can find all our resources in the Windows Autopatch resource guide.
Want to stay up to date on all things Autopatch? Subscribe to Windows Autopatch blog updates and follow us at @MSWindowsITPro on Twitter!
Continue reading...
The first anniversary of Windows Autopatch
The idea for Windows Autopatch came from our customers. As the transition to hybrid work accelerated, managing enterprise endpoints became more complex, and as cybersecurity threats posed increasing risk, the need for applying updates in a timely fashion became more urgent. IT admins asked for help – and we at Microsoft realized we could manage much of the update process on behalf of our customers. The result: Windows Autopatch!
A still from the video explainer that launched with Windows AutopatchOver the last year we've heard positive feedback from customers about the time and effort they save updating Windows, Microsoft 365, Microsoft Edge, and Microsoft Teams apps. When those conversations also surface ideas about how Windows Autopatch can be even more helpful, we listen.
This latest set of additional features comes directly from customer requests for customizations and flexibility to meet the needs of large enterprises while maintaining the simplicity that makes Autopatch so helpful.
New features become generally available July 25, 2023
In our May 2023 announcement, we announced the public preview of features that extend the capability of Windows Autopatch. We are excited to announce that these features will be generally available beginning July 25, 2023. Current customers will also see an announcement in the Microsoft Intune message center detailing updates to the service.
May's blog introduced the public preview of exciting new capabilitiesBefore explaining these new capabilities, here is brief recap of Windows Autopatch.
What can Windows Autopatch do for enterprises?
Autopatch is built on the deployment service and core features of Windows Update for Business. So an IT administrator could configure many of the operations managed by Autopatch themselves. But, the value of the Windows Autopatch service extends beyond the orchestration of updates and time-saving:
- Evaluations of updates by Microsoft
- Insights and signals from Microsoft global footprint
- Security impact
- Releasing or pausing updates based on worldwide performance
- Read about the signals Autopatch uses to make release decisions
- Critical "zero day" update expediting
- Updates can be deployed by the service in a single day
- Administrators retain the control to opt-out of this feature
- Learn more about expedited updates
- Progressive deployment ring grouping
- Assign enrolled devices to ring groups automatically
- Issues that may arise affect a smaller number of devices rather than the entire estate
- Admins can move devices where needed
- Learn more about the default rings
Among the most-requested capabilities from customers was to be able to configure Windows Autopatch to match existing organizational needs or structures.
The resulting features allow IT admins to apply different sets of Autopatch rules to sets of devices as needed:
- Autopatch Groups (currently in public preview, general availability on July 25, 2023)
- Divide your tenant into discrete groups that is aligned with your business with customizable configurations
- Up to 50 distinct groups (applies to Windows feature and quality updates only)
- Learn more about Autopatch Groups
- Demo the group creation experience
- Custom deployment rings (currently in public preview, general availability on July 25, 2023)
- Up to 15 deployment rings per group
- Azure AD device groups or individual devices can be assigned dynamically or directly to rings
- Each ring can have a custom Scheduled or Deadline-driven deployment policy. Deadline-driven allows custom deferrals, deadlines, and grace periods. Scheduled updates can reduce restarts and minimize interruptions
- Read more about custom deployment cadences
- Demo the custom cadence and timing process
- Custom policy naming (currently in public preview, general availability on July 25, 2023)
- Conform Autopatch policy names to fit your organizational naming standards
Note: Renaming the underlying Autopatch deployment groups is not supported.
- Conform Autopatch policy names to fit your organizational naming standards
The default behaviors and settings of the service are configured to meet the needs of most organizations. The introduction of custom settings allows more enterprises to take advantage of Autopatch automation while addressing their unique use cases as with these content controls:
- Feature updates (currently in Public Preview, general availability on July 25, 2023)
- Upgrade from Windows 10 to Windows 11
- "Phases" add a more deployment staggering combined with rings for more comprehensive testing and feedback
- Read more about automating feature updates.
- Microsoft 365 apps opt-out
- Enrolled devices are set by default to "Monthly Enterprise channel"
- Opt-out allows admins to set another channel for enrolled devices
- Devices "opted-out" are updated according to the schedule defined for that channel. See Microsoft 365 update channels for more details.
- Opt out of "Expedited" updates
- The default critical security update process bypasses the progressive deployment rings (read more about that at this Autopatch 'learn' page).
- IT admins can opt-out of "expedited" delivery of critical security updates
- Devices "opted-out" are updated through the Autopatch progressive deployment ring schedule
- Read more about turning off expedited releases.
- Demo the content opt-out experience
- Drivers and firmware
- Microsoft pre-certifies and validates drivers from many original equipment manufacturers and independent hardware vendors.
- Automated deployment of recommended drivers
- Autopatch creates policies aligned with deployment rings Opt-out is available so IT admins can maintain manual control using Intune driver management features.
- Granular controls around drivers and firmware update management (coming 2023 Q4) - includes the ability to manually approve drivers on a ring-by-ring basis
- Better reporting and new issue remediation
Customers have emphasized the importance of having visibility into all the work that Autopatch is doing on their behalf. A refresh is coming to Autopatch reporting with this July 25 GA announcement that gives more confidence to IT admins that the service is working, more help in resolving issues that may arise, and new banners and notifications help admins identify issues that require attention.
- Reporting
- Feature updates now included
- New integrated recommendations for issue resolution
- New filtering capabilities
- More up-to-date information
- Read about ring remediation functions
- Demo the reporting functions
- Policy health and remediation
- Banners in-context alert admins to issues
- Policies and Deployment rings can be restored without raising a service incident
- "Inactive" status of Autopatch blades will direct admins to resolve tenant permission and licensing issues
- Read more about policy health and remediation
- Demo the policy health and tenant management experience
While all these features add up to a more powerful and helpful solution – and we're proud to acknowledge all the progress made in just one year – the development and enhancement of the service will continue. We are grateful to all the developers, product managers who have built this service, and to the customers who have enrolled devices and shared their experiences with our team to help it get better.
All about Windows Autopatch
If you want to share feedback, request features, or ask questions, please join our Windows Autopatch Tech Community. For those who want to learn more about the value the service has brought to other enterprises, read this report commissioned from Forrester: New Technology: The Projected Total Economic Impact™ Of Windows Autopatch Cost Savings And Business Benefits Enabled By Windows Autopatch March 2023.
If you want to experience Windows Autopatch before enrolling devices, we have extensive demos – including some on the newly released features discussed above – at aka.ms/AutopatchDemo. And, finally, if you want to dive deeper, you can find all our resources in the Windows Autopatch resource guide.
Want to stay up to date on all things Autopatch? Subscribe to Windows Autopatch blog updates and follow us at @MSWindowsITPro on Twitter!
Continue reading...
