Forum Discussion
Windows Auto Patch vs Intune Update Rings
Does Microsoft have anything documented to explain the differences between Auto Patch and Update rings? Aside from the obvious of Microsoft managing Auto Patching, is that really the largest benefit here? We are currently investigating the use of Update rings vs Auto Patch. We have reviewed all of the Auto Patch documentation to date but was really hoping for some type of comparison of the two items if possible.
10 Replies
- Andre Della Monica
Microsoft
cindyjimenez - This is a great question, Windows Autopatch provides an additional layer for you to mitigate issues when deploying Windows Updates. The Windows Autopatch deployment rings are segregated at the device level, meaning, during the Windows Autopatch device registration process, we assign devices to one of our 3 deployment rings: First, Fast or Broad. We then have different WUfB policies applied with different settings for each Windows Autopatch deployment ring. The Windows Updates ring is different than Windows Autopatch’s since it provides you with controls on when to start offering updates for devices and when these devices should start installing the updates. Again, the goal here is to combine both Windows Autopatch deployment rings at the device level and the Windows Updates rings to help you mitigate risk in your environment.
We also highly encourage you to have devices added into our test ring to start testing these updates before they make to our Broad ring.
Stay tuned for a doc update here: https://docs.microsoft.com/en-us/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management, where I’ll make a clear distinction of all the deployment ring controls available and how its algorithm works during the device registration process in Windows Autopatch.- How is this different from assigning update rings to different user/device groups, each one with it deferral, delay, etc.?
What exactly does Autopatch bring that cannot be replicated with feature and security update rings?pdestefanis Windows Autopatch is a managed service. The configurations that we deploy can be deployed by organizations IT departments. For those organizations looking to offload that patch workload, reporting and associated administrivia... Windows Autopatch is an ideal way to remove the day-to-day and ongoing administrative burden for Windows clients. And, for customers with appropriate licensing already in place, it's free to turn on and use and quick to deploy and register your clients.
It appears to me that when the new feature update for Windows comes out, If we have all devices registered in Autopatch, then we will have about 5 days for all devices to get and install the new Update. That seems super fast for ~3500 devices. How would you suggest combining Autopatch and Windows Update rings? Can you give an example? Would you want all devices in Autopatch?
- ChristineEatonHi Nick_Mecimore - When the Autopatch service decides to move to a new version of Windows, the Windows Feature Updates will follow a different schedule to Quality Updates as documented here - https://docs.microsoft.com/en-us/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview#windows-feature-update-releases. For example, a device in the Broad deployment ring will not be offered the Feature Update for at least 90 days.
