MicrosoftTogether with my collegaues we've been reading this back and forth and it's still really hard to understand if we are going to be hit by this or not - meaning the article is confusing.
What happened to the recent failures regarding forced enablement of features and a promise to let admins decide?
"Autopatch management status" says we are enrolled to "Driver" and "Feature" policies but not "Quality" - does this mean we are going to be impacted? We don't have Autopatch configured tenant wide and we only have a Hotpach policy for a test group of devices.
MicrosoftHey Artur, Thanks for reaching out!
To answer your first question directly, the scope of the change is all eligible devices in Intune or through Graph API. What eligible means is that the device has the right licenses and meets the Hotpatching pre-requisites. (e.g. Win 11 24H2+ and VBS enabled for x86 devices)
To your second question around Admin choice, we're fully committed to leaving admins in the driver's seat. That's why we're communicating the change early and are adding the option to opt out. To be super explicit about the change timeline:
This timeline provides six weeks to act before any change occurs, ample time to hit the toggle if you want to stick with traditional patching. As discussed above, the rationale is that devices get secure significantly faster while deploying the exact same set of security fixes. Given that the technology has been proven on millions of devices over the last year without issue, enabling Hotpatch by default is the best thing to do from both a security and user experience perspective.
