Keep Windows Enterprise And Microsoft 365 Always Updated With Windows Autopatch


Reading Time: 3 min.

Microsoft has released Windows Autopatch – a service that will keep your Windows Enterprise E3 versions and Microsoft 365 subscriptions automatically updated within an organization. This Microsoft service will let

Windows AutopatchWindows Autopatch

Microsoft has released Windows Autopatch – a service that will keep your Windows Enterprise E3 versions and Microsoft 365 subscriptions automatically updated within an organization. This Microsoft service will let you forget about Patch Tuesday updates and it will just be “another Tuesday.”

With Windows Autopatch, organizations will no longer require teams of IT experts to deploy and manage Windows 10 and Windows 11 operating systems. You can now simply enroll a new device in Microsoft Endpoint Manager and leave the worries with Microsoft services to keep your devices updated.

Note: Windows Autopatch service is still in its early development phase, which is why a ‘Preview’ is only available for the public to use.

What is Windows Autopatch

Windows Autopatch is a service by Microsoft for businesses and organizations where they can keep their Enterprise Windows 10 and 11 operating systems, as well as other Microsoft 365 products, automatically updated in an organized fashion.

Windows Autopatch automatically manages the deployment of Windows quality and feature updates, drivers, firmware, and Microsoft 365 Apps for enterprise updates. It gives organizations with a plethora of devices the benefit of not worrying about manually rolling out updates. Windows Autopatch also gives the option to roll back and halt update installation in case a fault is detected.

How Windows Autopatch Works

To start with, you must first enroll the devices (tenants) for Windows Autopatch through an administrative Microsoft Endpoint account. Once enrolled, the devices are automatically categorized into 4 different rings or channels:

  • Test
  • First
  • Fast
  • Broad

Each of these rings includes a limited number of devices and the updates are rolled out accordingly. First, an update is rolled out to the “Test” ring with the bare-minimum devices. Then, the update is published for the “First” ring which has almost only 1% of the total devices.

The “Fast” ring which nearly has 9% of the total devices, to which the updates are rolled out next, and then those move on to the “broad” ring, containing the remaining 90% of the endpoint devices.

Windows Autopatch deployment rings
Windows Autopatch deployment rings. Source: Microsoft

This method is referred to as the “progressive update deployment,” where the updates are initially released to a small group of devices (the “test” ring) and then work their way up the chain, increasing the number of deployment devices. This reduces the risk factor in case of issues with the update.

Before we discuss how to enroll a device in Windows Autopatch, let us discuss the prerequisites and the conditions needed to be satisfied to use this feature.

Windows Autopatch Eligibility/ Prerequisites

To begin with, you must have the following licensing requirements to be able to use Windows Autopatch:

  • Windows 10 or Windows 11 Enterprise E3 edition or higher
  • Azure Active Directory Premium (for co-management)
  • Microsoft Intune (Version 2010 or greater)

Apart from licensing requirements, there are also a few other conditions that need to be satisfied:

  • You must be signed in with at least Intune Admin privileges on Microsoft Endpoint to enroll devices.
  • Have Microsoft Intune with Configuration Manager (version 2010 or greater).
  • Switch workloads for device configuration, Windows Update, and Microsoft 365 Apps from Configuration Manager to Intune (min Pilot Intune – for co-management).

For a more detailed investigation of the prerequisites for Windows Autopatch, read this Microsoft post.

If you satisfy these requirements, continue to learn how to enroll devices for Windows Autopatch.

How to Set Up Windows Autopatch Preview

Follow these steps to enroll your enterprise devices for Windows Autopatch:

  1. Log into Microsoft Endpoint Manager with an account with at least Intune administrative privieleges.

  2. Switch to the “Tenant Administration” tab from the left pane.

  3. Now click “Tenant enrollment” under Windows Autopatch.

  4. Here, click “This promo URL” under “Redeem the free Windows Autopatch trial promo code” and continue the instructions on the screen to redeem a free code for the service.

    This promo URL
    Redeem promo code
  5. Now back on the Endpoint Manager, agree to the terms and services.

  6. Now make sure that your Management Settings are in the “Ready” state, and then click Enroll.

  7. Now simply follow through with the on-screen instructions and provide the details to register a device, and the enrollment process will be completed.

    Note: It can take up to an hour for the devices to appear.

Your device should now be enrolled for the Windows Autopatch service.

If you want a video guide for the process, refer to this Microsoft guide video.

Closing Words

Initially, Microsoft announced the anticipated release of Windows Autopatch in July 2022. We think that Microsoft is on schedule because the preview version of the service is released a month early, which we think is done to mitigate any encountered issues before the official release.

That said, you can begin testing the feature within your organizational network and put your own IT team to ease with automatic Windows 10/11 and Microsoft 365 updates.

Read Next:

Related topics:

Leave a Reply