Windows Autopatch is a new automatic updates service for enterprise Windows customers that will manage all software, firmware, driver, and enterprise app updates, Microsoft said on April 5.
Windows Autopatch ensures that Windows and Office products on enrolled endpoints are automatically updated, helping administrators easily manage the monthly security updates.
Enterprises typically spend time testing patches within their environment to ensure the updates work with their devices and installed applications before deploying them. Depending on how the patches are tested, there is usually a bit of a delay between when the updates are released and when they are actually deployed throughout the enterprise. Autopatch will eliminate that time gap by delivering important updates in a timely manner.
“The development of Autopatch is a response to the evolving nature of technology. Changes like the pandemic-driven demand for increased remote or hybrid work represent particularly noteworthy moments but are nonetheless part of a cycle without a beginning or end,” Microsoft notes.
The service is available for customers with Windows 10 and 11 Enterprise E3 licenses. There is no additional cost to enable the service, which will officially launch in July.
Controlled Updates
Very few organizations can claim to have a homogenous environment. There are variations between hardware configurations, installed applications, and network profiles. Windows Autopatch detects variations among endpoints and dynamically categorizes them across four groups, or “rings.”
- Test ring: contains a minimum number of representative devices.
- First ring: contains 1% of managed devices
- Fast ring: contains roughly 9% of devices
- Broad ring: contains the remaining 90% of endpoints
As devices are added and removed from the environment, the rings are adjusted automatically. However, enterprise IT administrators retain the ability to move devices across different rings, Microsoft says.
The Windows Autopatch service rolls out the updates gradually, deploying to the test ring first and slowly expanding through each ring after waiting a specific period of time to validate there are no issues with the updates. If issues crop up, the enterprise IT team has time to remove the problematic update before it hits the majority of the systems.
The service monitors device performance to balance speed and efficiency, as well as to optimize productivity. IT administrators can view details about schedules and update status through a centralized reporting and messaging center.
There is also a Halt feature, where updates cannot proceed to the next ring until specific stability targets are met; a Rollback feature, where updates can be undone if performance targets are not met or if there are issues; and a Selectivity feature, where IT administrators can choose portions of the update package to deploy.
Autopatch will deploy security, firmware, and “essential functionality” updates swiftly, while the feature updates – usually user interface or experience changes – will be rolled out on a slower schedule. There will be 30 days between each ring receiving the updates to give users time to interact and report issues.
“Whenever issues arise with any Autopatch update, the remediation gets incorporated and applied to future deployments, affording a level of proactive service that no IT admin team could easily replicate. As Autopatch serves more updates, it only gets better,” Microsoft says.
Source: www.darkreading.com