Would it be possible to add filter in the Autopatch reports to only show corporate devices?

Right now there's no way to filter those and it's making it harder to have true compliance and to troubleshoot problematic corporate devices.

Thks

Would you be able to explain what role Windows Autopatch Client Broker and Microsoft Update Health Tools play in autopatch?  Are those things that we should be deploying to devices as well?

Morning, we have received notification that applying updates during OOBE is going to be reintroduced in January. For us it aligns nicely with a hardware refresh that will be beginning in January.

Are you able to share any details regarding what has changed since it was first introduced and subsequently removed due to issues?

Also, do the updates apply during pre-provisioning or user OOBE stage? Is it just OS cumulatives or will it support Feature Updates as well?

Thank you for participating in today’s AMA! Below are the questions our panelists answered during the session and associated timestamps: 

Question – How do you recommend that we transition from Cloud update (config.office.com) to Autopatch for Office patches? – answered at 4:23.

Question – Any news/eta on the WUFB drivers improvements to align with WUFB deadlines and better visibility on which devices each drivers apply to? – answered at 6:22.

Question – How do I know which devices are getting hotpatched in my environment? – answered at 8:49.

Question – Is there a way to mitigate or control the reboots of extension drivers so not to have random reboots because devices get those driver updates in an uncontrolled manner when using wufb driver updates? – answered at 10:44.

• Share your feedback at https://aka.ms/IntuneFeedback

Question – I have seen some information about an upcoming CVE dashboard for Windows Autopatch. What all will be needed to have access to that? Is Windows Defender agent required? – answered at 12:48.

Question – Will we be getting KB level reporting soon? Seeing exact KB updates per device, failed updates etc.? – answered at 16:08.

Question – With regards to Autopatch, what are the benefits it offers if we are not using a ring approach to patching? We currently patch using WUfB via Intune. – answered at 17:29.

• For more info, go to https://aka.ms/HotpatchWithAutopatch

Question – How do I know if devices in my tenant are hotpatch eligible? – answered at 21:12.

Question – Any ways to have feature updates install right away (like we can in ConfigMgr) and not have to wait hours/days for the update agent to decide that's it's time to start the installation after having create the update deployment? – answered at 22:27.

Question – We're still using WufB (i.e. Autopatch, but not proper Autopatch) on our Intune managed devices. How easy it to transition to proper Autopatch? Do any WuFB policies tattoo, or any gotchas we should be aware of please? – answered at 25:18.

• To learn more about what was announced at Ignite, go to https://aka.ms/Ignite2025/Autopatch

Question – Is WUFB reports still a good place to check for updates compliance/issues or all improvements are coming to Intune reports, like shown at Ignite? – answered at 28:37.

• For more info, go to https://aka.ms/Autopatch/Reports

Question – How do you suggest we troubleshoot locally on the device if it's not getting the Autopatch updates? – answered at 31:55.

Question – Where can I see if a hotpatch was properly applied or failed to apply? – answered at 34:26.

Question – Are hotpatch events captured in ETW (event viewer)? – answered at 34:34.

Question – Does hotpatching work for Arm64 devices? – answered at 35:09.

Question  – Is it possible to use Autopatch to just update Microsoft apps for Enterprise? – answered at 36:05.

Question – How do you recommend being able to just pause a specific update (for example 24h2) and not affect the other Win 11 builds (23-25h2) updates without having to create a new Update ring and exclude the devices we want to pause so we can pause them in the newly created ring. – answered at 38:00.

Question – Does hotpatching respect existing compliance deadline policies or active hours for baseline months? – answered at 41:26.

Question – Is there any update on including KB numbers in the expedite policy dropdown to make it more detailed and easier to identify the KB numbers? – answered at 43:45.

Question – If I need to rollback a hotpatch update, does it require a reboot for the rollback to get applied? – answered at 44:57.

• For more info, go to https://aka.ms/WindowsReleaseHealth and https://aka.ms/HotpatchFAQ

Question – Is it possible to make sure drivers land during the Windows Update reboot phase? When display adapter drivers land it can cause the screen to go blank, and network adapters can result in interruption to service. – answered at 48:16.

• Join our customer connection program at https://aka.ms/JoinCommunity

I'm noticing that the Microsoft page to add Defender Platform Updates to offline images hasn't been updated since August. Has this been depreciated and if so, is there a new way to update offline images? Our client does not want the SCCM config app installed on their devices at any point. https://support.microsoft.com/en-au/topic/microsoft-defender-update-for-windows-operating-system-installation-images-1c89630b-61ff-00a1-04e2-2d1f3865450d

Thank you for joining us! Q&A will remain open until 12:00 PT this Friday. Keep your questions coming, and we'll keep working to get you the answers you need to manage Windows updates. Make sure to visit https://aka.ms/TCL/Windows for more great sessions.

Thank you guys, really appreciate your time doing these sessions 🙏

In config.office.com under Health > Security Update Status > 'Office Devices not up to date'
Is there currently a way to extract this list in a report? Perhaps in the future?

When talking about driver updates, should we use Windows Update for Business or the device vendor driver management tools?

If we notice an issue with Windows update, what is the best way to report the problem to Microsoft?