This article is more than 1 year old
Take the day off: Windows Autopatch is live and can even fix cloudy PCs
But first, there's a whole lot of AD and Intune prep to be done
Microsoft's promised service to enable automatic, continuous patching of Windows has gone live.
Not all of you can put your feet up, today or for the foreseeable future. For starters, the service only applies to those customers that have paid for Windows Enterprise E3 and E5 licenses. You'll also need Azure Active Directory Premium and Microsoft Intune.
What's more, AD "must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Azure Active Directory Connect to enable Hybrid Azure Active Directory join," explains Microsoft's deployment guide. Intune needs to be set as your Mobile Device Management (MDM) authority. Either that or co-management must be turned on and enabled on the target devices.
You'll also need a proxy or firewall that uses TLS 1.2, and to ensure that four Microsoft URLs are always available. One has the comforting address "logcollection.mmd.microsoft.com".
With all that in place, feel free to enroll your endpoints and watch patches start to implement themselves. Then put your feet up.
- Choosing a non-Windows OS on Lenovo Secured-core PCs is trickier than it should be
- Microsoft resorts to Registry hack to keep Outlook from using Windows 11 search
- Microsoft rolls back default macro blocks in Office without telling anyone
But don't relax too much. Microsoft has already acknowledged the service can't prevent glitches caused by bad patches.
"Because the Autopatch service has such a broad footprint, and pushes updates around the clock, we are able to detect potential issues among an incredibly diverse array of hardware and software configurations," states Microsoft's go-live announcement.
"This means that an issue that may have an impact on your portfolio could be detected and resolved before ever reaching your estate."
Or a patch could brick or bork your kit, as happened when Patch Tuesday for June 2022 broke Wi-Fi and Windows on Arm for some users, and when the Windows 10 May 2022 update caused authentication failures.
Microsoft's promised that as more customers use Autopatch, automation should improve matters beyond its current 99.6 percent app compatibility rate in software updates.
The go-live post acknowledges that some shops will already have automated and mature patch deployment practices in place, and that Autopatch may therefore have little appeal.
"In talking to customers, we're learning how to evolve the Autopatch service to meet more use cases and deliver more value and are excited for some of the developments which will be announced in the upcoming months in this blog," the post states.
One new development that's already landed is the applicability of Autopatch to Microsoft's Windows 365 Cloud PCs. ®