Microsoft Autopatch arrives to make Windows Patch Tuesday a breeze

The second Tuesday of the month might be less manic for Windows admins with the arrival of Microsoft's new Autopatch service for big enterprise customers. 

Autopatch has reached general availability after a brief public preview last month following its unveiling in April. The Microsoft-managed service promises to automate the process of orchestrating patches for admins who have tens of thousands of PCs under their remit. Those admins need to apply as many as 100 patches each month, including zero-days, but sometimes the updates break core Windows services, such as virtual private networks (VPNS) and virtual machines. 

The Autopatch service is only for Microsoft's customers on big-ticket Windows Enterprise/Microsoft 365 E3 or E5 licenses. Microsoft promises the service will make Patch Tuesday "just another Tuesday".  

SEE: Best Windows laptop 2022: Top notebooks compared

That means everyone else who's not on those licenses will still get Patch Tuesday security updates, while E3 and E5 customers can opt-in to a streamlined patch experience. 

"Fortunately for all, the wait is over. We are pleased to announce that this service is now generally available for customers with Windows Enterprise E3 and E5 licenses," Microsoft announced in a blog post. 

"Microsoft will continue to release updates on the second Tuesday of every month and now Autopatch helps streamline updating operations and create new opportunities for IT pros."

Autopatch is a Microsoft service that delivers Windows 10 and Windows 11 quality and feature updates for drivers, firmware, and Microsoft 365 apps like Teams, Word, Outlook and Excel.

Microsoft engineers step in for admins in their use of the Windows Update for Business client policies and deployment service tools. Microsoft engineers create testing rings and monitor rollouts and can pause or roll back changes if a patch creates problems.

"Windows Autopatch is a service that uses the Windows Update for Business solutions on your behalf," Microsoft said.

For Autopatch to work, customers must have Azure Active Directory (Azure AD), Microsoft's Intune mobile device management service, and be running supported versions of Windows 10 and 11.

Customers need to enrol devices into Autopatch and can "fine-tune" their membership, according to Microsoft, but how much they can adjust is restricted. 

Windows Autopatch doesn't support managing update ring membership using Azure AD groups, according to Microsoft's FAQ, but admins can move devices between rings via Microsoft Endpoint Manager. Admins can't decide when devices move to the next ring.

Microsoft admits the idea of handing over control to its engineers may give some Windows admins the jitters but it argues it should increase their confidence because it can detect buggy patches before admins can. 

"The idea of delegating this kind of responsibility may give some IT administrators pause. Changing systems in any way can cause hesitation – but unpatched software can leave gaps in protection-and by keeping Windows and Microsoft 365 apps updated you get all the value of new features designed to enhance creativity and collaboration," said Microsoft's Lior Bela. 

"Because the Autopatch service has such a broad footprint, and pushes updates around the clock, we are able to detect potential issues among an incredibly diverse array of hardware and software configurations. This means that an issue that may have an impact on your portfolio could be detected and resolved before ever reaching your estate. And as the service expands and grows, the ability to detect issues will get more robust. Microsoft invests resources into rigorous testing and validation of our releases."

SEE: Developers are burned out. Here's what they're doing to tackle it

Windows Autopatch will support updating of Windows 365 cloud PCs. It also covers updates for Windows 10 and 11, Microsoft Edge browser, and Microsoft Teams, according to Microsoft's FAQ: 

• Windows 10/11 quality updates: Windows Autopatch manages all aspects of update rings.
• Microsoft 365 Apps for enterprise updates: All devices registered for Windows Autopatch will receive updates from the Monthly Enterprise Channel.
• Microsoft Edge: Windows Autopatch configures eligible devices to benefit from Microsoft Edge's progressive rollouts on the Stable channel and will provide support for issues with Microsoft Edge updates.
• Microsoft Teams: Windows Autopatch allows eligible devices to benefit from the standard automatic update channels and will provide support for issues with Teams updates.

More Microsoft

The best Windows laptop models: Comparing Dell, Samsung, Lenovo, and more

Windows 11's big new update is full of AI and rolling out today - here's what's in it

How to upgrade Windows Home edition to Pro

5 Microsoft Edge settings to change for more secure browsing than Chrome offers

Here's the best way to upgrade to Windows 11 Pro, and why you should

• The best Windows laptop models: Comparing Dell, Samsung, Lenovo, and more
• Windows 11's big new update is full of AI and rolling out today - here's what's in it
• How to upgrade Windows Home edition to Pro
• 5 Microsoft Edge settings to change for more secure browsing than Chrome offers
• Here's the best way to upgrade to Windows 11 Pro, and why you should