Blog Post

Windows IT Pro Blog
5 MIN READ

Streamlined, AI-powered update management with Windows Autopatch

Diana_Hoffman's avatar
Diana_Hoffman
Icon for Microsoft rankMicrosoft
Nov 19, 2024

Windows Autopatch is the cloud service that streamlines security and feature updates for Windows Enterprise. It bolsters security and productivity with the least amount of disruption across your organization.

Our team is dedicated to continuously enhancing the update process through improvements to Windows Autopatch. The latest feature releases give you greater control over the update process by helping you simplify your patch management routines, which boosts your productivity while saving you valuable time.

Learn how the latest enhancements assist you in tailoring your update management to support your organization’s unique needs without extra costs or unexpected disruptions. Delve into how you can keep your devices secure and up to date with fewer challenges and more control using the versatile, robust tools within Windows Autopatch to enhance your update strategy. These include:

  • New AI-powered skills for update management
  • Streamlined update management
  • Industry certified security
  • Hotpatching for Windows 11 Enterprise client devices

AI-powered update management

The addition of an AI-powered skill to Copilot in Intune and to Windows Autopatch is coming in preview later this year. The enhancement will let endpoint administrators ask questions about Windows updates and receive AI-driven support to find answers and guidance on update-related issues and recommended steps for remediation. For example, AI can help pinpoint and analyze devices that are not compatible with Windows 11 but might become eligible through a change in the configuration or update of the BIOS/firmware.

To use Copilot prompts to ask a question about endpoint management:

  1. In the Intune admin center, navigate to Windows Updates, and select Explore with Copilot.
  2. Select the microphone icon or type in the search box to enter your question. For example, you might ask, "Tell me the list of devices that didn’t have the latest quality update?" and follow up with "Tell me the proposed remediation to bring them up to date."

Copilot will analyze your query and offer you relevant answers, suggestions, or resources. You’ll also see a confidence score for each answer, gauging its accuracy and how likely it is to be useful. If the answers don’t meet your needs, consider refining your original question or asking a follow-up question. You can rate the AI help by selecting the thumbs-up or thumbs-down icons.

AI-assisted insights in Intune complement current reporting and analytics, driving more straightforward extraction of actionable insights from sophisticated reporting. This is beneficial when you want to pull insights that may not be readily apparent in existing reports. This improvement is aiding IT teams in their collection and analysis of logs; events; extract, transform, and load (ETL); and other data. AI-powered troubleshooting can speed time to resolution (TTR) for help-desk tickets by suggesting fixes that reduce time and effort and, in turn, lower support expenses.

AI-powered insights can help you drive efficiencies with:

  • Monthly updates – Streamline how your company aligns its update policy with your goals for diminishing deployment risks, while adapting the strategy to changes in your organizational and digital environments.
  • PC refresh – Enhance your device lifecycle strategy by employing AI to draft plans based on device performance and user experience metrics.
  • Sediment prevention – Proactively identify and address issues in devices that are not functioning optimally or address issues with sub-par device performance.
  • Project plans – Accelerate project planning by alleviating the time-intensive labor involved in script authoring and workflow design.

Streamlined update management

Update management for enterprise customers has been consolidated into one service, Windows Autopatch. This allows for seamless updates and upgrades across Windows devices, Microsoft 365 apps, Microsoft Teams and Microsoft Edge. Thanks to your valuable feedback, Windows Autopatch now offers more oversight of update rollout.

We’ve also broadened and refined the functionality of Windows Autopatch groups. You can now facilitate driver updates through your deployment rings. You have the option to automatically approve recommended driver updates, or you can choose to selectively approve, postpone, or decline them as appropriate. Moreover, you can create groups from your current Intune update profiles and can also assign Autopatch groups during the Windows 365 Cloud PC provisioning process.

The latest update also provides flexible options to tailor the timing of your updates. With Windows Autopatch, schedule when to deploy driver and firmware updates, or temporarily pause a quality update.  This granular control surpasses deferral policies or deployment rings, allowing you to choose specific dates for updates or to wait before deciding to deploy driver and firmware updates to your devices. 

Quality updates can be paused for up to 35 days from your chosen start date, minimizing rollbacks. This feature enhancement is in addition to the expedited updates you can initiate without changing your existing monthly update policies.

For more information about tailoring the management of your Windows 11 Enterprise updates, see Skilling snack: Managing Windows 11 updates.

Industry certified security

Windows Autopatch has achieved System and Organization Controls 2 (SOC 2) certification. SOC 2 is a benchmark for security established by the American Institute of Certified Public Accountants (AICPA). It evaluates how well an organization handles customer data against five trust principles: security, availability, processing integrity, confidentiality, and privacy.  Achieving SOC certification underscores the continuous dedication of Microsoft to maintaining stringent security and privacy standards in its practices.

Hotpatching for Windows 11 Enterprise

Cybercrimes are growing in volume and sophistication. Hotpatching in Windows is a new way that you can respond to this threat by keeping devices secure and productive and doing so without interruptions.

While keeping devices secure is critical, we recognize that, as an IT admin, you’re under significant pressure to reduce the impacts of deploying patches to employee devices. Hotpatching allows you to deploy the monthly security updates for Windows without requiring device restarts. Security updates take effect immediately upon installation, which reduces exposure to cyberattacks and minimizes the pressure you’re under to manage user satisfaction and reduce support costs.

This enhancement, which complements the Hotpatching available for Windows Server VMs on Azure, is accomplished by modifying in-memory code without restarting the process. The smaller code changes mean there is less risk, including to APIs, and the download and installation in the background means there’s limited disruption for employees.

For more details, including prerequisites, see Hotpatch for client comes to Windows 11 Enterprise.

What’s next?

We hope these enhancements will help you keep your devices secure and up to date with fewer challenges and more control.

If you want to learn more about Windows Autopatch, join us at Microsoft Ignite November 19-22, 2024. You can also check out the Windows Autopatch documentation or watch a demo.

The ideas behind these announcements originated from conversations, input, and requests from you. We'd love to hear your feedback and suggestions on how we can continue to make Windows Autopatch even better. Share your thoughts and ideas with us on our feedback hub, join our community forum, or come talk with us at Microsoft Ignite if you’ll be in Chicago.

Thank you for being a part of this exciting journey toward a smarter, more efficient future. Stay tuned for more updates.

Hear more about what's new with Windows and Windows 365

Bookmark our guide to Windows at Microsoft Ignite 2024, then dive into the Microsoft Ignite announcements that reinforce our commitment to getting you and your organization future-ready:

 

Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X and on LinkedIn. Looking for support? Visit Windows on Microsoft Q&A.

Updated Nov 19, 2024
Version 1.0
security
servicing and updates
windows 11
windows autopatch
  • KurtShintaku's avatar
    KurtShintaku
    Icon for Microsoft rankMicrosoft
    Nov 23, 2024

    Will Windows Autopatch be roadmapped for Microsoft 365 GCC cloud instances?

    There are 1000s of State & Local Government customers in the US with limited support personnel such as law enforcement, justice entities like Superior Courts & District Attorneys offices, fire departments & authorities, city financial & employee retirement depts, etc. that would REALLY appreciate the availability of Windows Autopatch.

    • Pearl-Angeles's avatar
      Pearl-Angeles
      Icon for Community Manager rankCommunity Manager
      Dec 13, 2024

      KurtShintaku - thanks for your feedback. For reference, this question was answered in a recent Windows Tech Community Live session, Feedback wanted: Adopting new features with agility and control session around 19:23.