Microsoft has launched the Windows Autopatch public preview, which could make it easier for administrators to manage Patch Tuesday.
Automate software updates
Patch Tuesday, or “Patch Tuesday,” which usually happens on the second Tuesday of every month, is on its way to becoming “a Tuesday like any other,” as Microsoft boasted when it unveiled the managed service. Autopatch in April. At least for admins managing customers with Windows Enterprise/Microsoft 365 E3 or E5 licenses.
Windows Autopatch has now entered the public preview stage for users to test it out. It will be available to everyone in July, Microsoft announced in a blog post. As a managed service, Autopatch is different from Windows Update for Business.
Autopatch promises to automatically keep Windows and Office software up to date on devices enrolled in Microsoft’s Intune MDM solution at no additional cost. It can also be used to automate updates for Teams and Microsoft’s Edge browser.
Prerequisites to benefit from it
There are several other prerequisites for Autopatch regarding device management, identity management, and network connectivity.
Autopatch works with Windows 10 and 11 Enterprise versions, and will work on virtual machines, including Windows 365 cloud PCs, once it becomes available to everyone. It does not cover bring-your-own devices, which are blocked during enrollment, and only works on company-owned hardware that is managed with Intune.
Additionally, user accounts must be managed by Azure Active Directory or Hybrid Azure Active Directory Join. Microsoft provides more details on other prerequisites, such as network connectivity, in its Windows Autopatch documentation.
Closing “security gaps”
Also included in this document is information on preparing to enroll a tenant in Autopatch.
“Windows Autopatch applies updates to your Windows operating system and sets up automatic updates for Office apps,” Microsoft explains. The idea is to close “security gaps” caused by patches not being released quickly enough, while giving administrators more time to deal with other business matters.
Autopatch will deliver Windows updates in the General Availability channel. Admins can set policies for quality and feature updates independently. They can also see which Autopatch fixes have been applied through the Autopatch message center in Endpoint Manager. Patch Tuesday security updates will be applied within the usual timelines and out-of-band updates are applied as needed.
Deferred calendars
Autopatch uses the monthly Enterprise Channel for Office updates, which are also released on the second Tuesday of the month. “Office deployments follow a single, fixed schedule – they don’t use ring-based rolling deployment and aren’t controlled by Autopatch,” Microsoft notes.
Autopatch updates for Teams and Edge are different because the update cadence for these apps and services is not synchronized with Windows and Office.
“The Microsoft Teams client application is synchronized with changes to the Teams online service. Therefore, updates for this client occur at a different cadence than general Windows or Office updates. Microsoft Edge also has its own updates channel to facilitate frequent browser revisions. Windows Autopatch’s rolling rollout isn’t used for Teams or Edge updates, and pause or rollback actions don’t apply to either app.
Source: ZDNet.com