Tierney - stock.adobe.com

Microsoft Windows Autopatch now generally available

Microsoft customers with Windows Enterprise E3 and E5 licences can now take full advantage of its new automated patching service

Microsoft’s new Windows Autopatch service, designed to automate security updates and help security teams better manage the often arduous process of patching their Microsoft estates, has formally launched.

Although frequently misconstrued as a full replacement for the regular monthly Patch Tuesday updates, at launch Windows Autopatch is only available for customers with Windows Enterprise E3 and E5 licences.

For the time being, Microsoft will continue to release updates on the second Tuesday of each month, with Autopatch helping streamline the process for security teams at Redmond’s enterprise customers. As such, the July 2022 Patch Tuesday update will follow later today (Tuesday 12 July).

“Windows Autopatch automates updating of Windows 10/11, Microsoft Edge and Microsoft 365 software,” said Lior Bela, Microsoft senior product marketing manager for Microsoft Managed Desktop and Windows Autopatch, in a blog post.

“Essentially, Microsoft engineers use the Windows Update for Business client policies and deployment service tools on your behalf. The service creates testing rings and monitors rollouts-pausing and even rolling back changes where possible.”

Users who are ready to start enrolling their device estates in Windows Autopatch should follow the directions set out here, and for those with more than 150 eligible licences, Microsoft is making dedicated support specialists available.

Once enrolled, Autopatch will take over most of the work of patching, but admins will have access to features in Microsoft Endpoint Manager that allows them to fine-tune aspects of the service, such as what devices are members of what testing rings, and access dashboards, reports and additional support.

Read more about the changes to Patch Tuesday

Bela acknowledged that the idea of delegating responsibility for patching may give some admins pause for thought, but said he believed users would be better off in the long run.

“Changing systems in any way can cause hesitation, but unpatched software can leave gaps in protection, and by keeping Windows and Microsoft 365 apps updated, you get all the value of new features designed to enhance creativity and collaboration,” he wrote.

Bela said that because Autopatch has a very broad footprint and is capable of pushing updates 24/7, Microsoft can spot and fix potential issues across a diverse array of hardware and software configurations.

Ultimately, this means that a vulnerability that could have proved devastating had it hit an organisation’s systems can potentially be fixed before even reaching the estate, and as the service expands and evolves, this detection and remediation ability is likely to improve.

Among the evolutions already planned is the addition of support for Windows 365 cloud PCs in the Autopatch programme. More information on this will come in the next Windows in the Cloud episode on 14 July.

An “evergreen” FAQ on Autopatch can be accessed here.

Read more on Web application security