Blog Post

Windows IT Pro Blog
3 MIN READ

What’s new in Windows Autopatch: September 2024

Diana_Hoffman's avatar
Diana_Hoffman
Icon for Microsoft rankMicrosoft
Sep 05, 2024

In modern IT environments, ensuring that Windows updates are deployed quickly is critical to business productivity and worker satisfaction. Policy conflicts can disrupt the update process, preventing devices from updating and negatively affecting monthly patch compliance. That is why we are excited to highlight that you can now use PowerShell scripts with Windows Autopatch to resolve policy conflicts.

Let’s look at what causes policy conflicts and, more importantly, how you can easily resolve them with PowerShell scripts.

How conflicts originate

For Windows Autopatch to successfully deliver updates to registered devices, it’s critical for devices in the service to have policies targeted and assigned successfully.

Conflicts occur when there are two or more policies in the tenant, and they update the same setting to different values. As Windows Autopatch deploys Microsoft Intune policies to enrolled tenants, and continuously monitors the Microsoft Intune policies, policy conflicts can be more common in environments that rely on Microsoft Configuration Manager and Group Policy Objects (GPOs).

When Windows Autopatch detects policies in your tenant that conflict with a setting in an Intune device policy, the service provides an alert. The alert includes details about the conflicting policy, settings, and the Microsoft Entra ID group to which the device is assigned. It also offers recommendations and actions that can be taken so the expected policy is successfully assigned to the device. You can learn more about the preview of alerts for policy conflicts in our previous edition of What’s new in Windows Autopatch.

How you can use PowerShell to remediate policy conflicts

PowerShell scripts are versatile tools that can handle many tasks, including validating that services and resources are functioning correctly. When dealing with policy conflicts specifically, PowerShell scripts can help you automatically remediate policy conflicts affecting Windows updates in Windows Autopatch. For example, you can utilize a detection script to detect and log specific Windows Update policy settings that could prevent correct update deployments. Then you can remediate Windows Update policy conflicts with a script that removes specific registry keys that can prevent updates from being deployed successfully. The remediation script prepares a log file, defines a file name, and sets up a directory for logging the script’s output, or creates a log directory if one does not yet exist.

Once you resolve the conflict, the update takes effect on the device at the next Intune sync. This system is refreshed every 24 hours, so it can take up to 72 hours after the conflict is resolved for the change to be applied.

For step-by-step guidance, and access to recommended detection and remediation scripts please see Windows Autopatch: Auto-remediation with PowerShell scripts.

Policy health contributes to compliance and security

As IT environments become more complex and specialized skill sets increasingly rare, it can be challenging to manage everything effectively. These challenges can be amplified if your IT department is under pressure to optimize budgets while also improving service delivery. Windows Autopatch can help you maintain policy health and ensure that policies are configured and deployed correctly, making managing updates easier while also giving you more control over your update processes.

To learn more about Windows Autopatch, join us at Microsoft Ignite in November. You can also visit our website, read our documentation, and explore demos.

Stay tuned for more updates and thank you for being a part of this exciting journey towards a smarter, more efficient future.


Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X and on LinkedIn. Looking for support? Visit Windows on Microsoft Q&A.

Updated Sep 04, 2024
Version 1.0
  • miklknudsen's avatar
    miklknudsen
    Copper Contributor

    Autopatch is slick - we love it so far!

     

    Just a few questions here :

     

    When will it be possible to remove/hide feature update reports from "Reports"?

    When will it be possible to view 365 Apps / Edge / Teams Update reports in Intune?

  • Hi Diana, and thanks for the article. You are correct that PowerShell is a versatile tool!

     

    However, when I see a title like "What’s new in Windows Autopatch: September 2024", I expect to learn about new features, improvements and bug fixes. This had none of those.

     

    Moreover, a feature like Autopatch ought to automatically detect and remediate conditions such as obsolete registry keys that could prevent updates from installing. I take it that it does not?

     

    Finally, while the script you linked to may indeed remove registry values that could cause issues with updates, it does not resolve policy conflicts. If there is a conflicting Group Policy assigned, it is just going to re-create those same registry values again at policy refresh.

     

    Thanks again for the article! I look forward to seeing your work again soon 🙂

  • RyanSteele-CoV Windows Autopatch can detect conditions. The solution cannot make configuration changes such as altering GPO settings. In this context, the alert is an opportunity for your IT admin to address whatever may be at the root of the issue, e.g., domain GPO policy or, perhaps, 3rd party creating a local GPO setting on a device. See: https://learn.microsoft.com/en-us/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations

  • Marek_Belan Is your question about driver/firmware updates or something else? It would be helpful have some additional information about your need.

  • miklknudsen's avatar
    miklknudsen
    Copper Contributor

    Diana_Hoffman seems our reporting for Windows 11 24H2 does not looks correct for Autopatch. It just says OS Status N/A. Just wanted to let you know 🙂