Highlights

  • The Autopatch service is only for Microsoft’s customers on big-ticket Windows Enterprise/Microsoft 365 E3 or E5 licenses.
  • It is expected to make the second Tuesday of every month, which is generally known as patch Tuesday, a breeze.

This week Microsoft announced that a function called Autopatch, which automatically updates Windows and Office applications on enrolled endpoints, would now be generally available.

The Microsoft-managed service aims to automate orchestration patches for administrators responsible for tens of thousands of PCs under them. Every month, those administrators deploy up to 100 fixes, including zero-days, but occasionally the upgrades disrupt essential Windows services like Virtual Private Networks (VPNs) and virtual machines. But Microsoft promises the service will make Patch Tuesday “just another Tuesday.”

The rollout will be accessible only to users with Windows Enterprise E3 and E5 licenses. The launch has come one day before Microsoft is anticipated to release its monthly batch of security patches. However, it does not support Windows Front Line Worker (F3) or Windows Education (A3) license. It follows that everyone else who does not have one of those licenses will continue to receive Patch Tuesday security upgrades. At the same time, E3 and E5 users can participate in a simplified patch process.

“Microsoft will continue to release updates on the second Tuesday of every month, and now Autopatch helps streamline updating operations and create new opportunities for IT pros,” Lior Bela said.

When using Autopatch, security updates are initially installed on devices in the Test ring, which comprises a minimum number of representative devices. Following a validation period, the updates are distributed to the First (1 per cent of devices), Fast (9 per cent), and Broad (90 per cent) rings.

The IT juggernaut teased the service for the first time in April 2022 to install Patch Tuesday updates promptly and stop potential attack vectors.

In addition to Windows 10 and 11 updates, Autopatch also covers Microsoft Edge and Microsoft 365 applications. It also enables businesses to set up testing rings, keep track of upgrades, and even halt and roll back changes in case of problems. If danger is deemed critical, the service also has provisions for an expedited release schedule. (e.g., a zero-day flaw).

“Windows Autopatch aims to keep at least 95% of eligible devices on the latest Windows quality update 21 days after release,” the company notes in its documentation.

“When running an expedited release, the regular goal […] no longer applies. Instead, Windows Autopatch greatly accelerates the release schedule of the release to update the environment more quickly.”