Event details
71 Comments
- Did you address other Microsoft Products like: OneDrive, EDGE, C++ Redistributable, .Net Framework, Drivers, Microsoft Teams, etc.?
- ShannonFritz
Microsoft
Autopatch will manage the updates for Windows, M635 Apps, Edge and Teams https://docs.microsoft.com/en-us/windows/deployment/windows-autopatch/overview/windows-autopatch-overview#update-management
- Does Autopatch leverage configured Delivery Optimization policies? Also, any plans to make this available in M365 Business Premium sometime in the future? Thanks, and I am excited about the solution 😃
- Chris_Tulip
Great questions, appreciate it! Autopatch doesn't configure delivery optimization for you but if you have it configured for WUfB & M365 Apps for Enterprise will take advantage of those policies. As for M365 Business Premium the answer is currently no but we are investigating that as an option.
Couple of useful links:
1. Update management - Windows Deployment | Microsoft Docs
2. Delivery Optimization and Microsoft 365 Apps - Deploy Office | Microsoft Docs
- If a problem with an update is detected how does the service react in an automated way or is it reactive like wfub
- Can you omit a particular update quickly and easily? Does this apply to W365 devices? How are Out of band updates handled
- Is the patch downloaded onto each device from internet ? Wanted to know if we have anything like WSUS engine in backend?
- Andre Della MonicaHi Sharath, WSUS is not part of the scope of Autopatch, and if using SCCM, the requirement is for you to swing over the Windows Updates policies workload to either Pilot Intune or Intune. The updates management engine Autopatch uses is the Windows Updates for Business (WUfB) engine which is fully in the cloud. In this case, devices download the updates bits from either the Microsoft in the internet or from other peers utilizing delivery optimization. Let me know if you have additional questions.
- I have verified that my tenant meets all the prerequisites for AutoPatch, but it is not available under Tenant Administration on my Tenant. Is there a tool I can use to check that I have met all the Prerequisites for AutoPatch?
- Harman_Thind
Hi Theblueone
Thanks for your question! Yes, there is a tool that you can use to assess the Windows Autopatch pre-requisites, you can find this here: Run the Readiness assessment tool. If you currently are not able to see the Windows Autopatch blade in Tenant Administration, this is because your tenant may not meet the licensing requirements. Review the following for more details:
Product name
String ID
GUID
SPE_E3
05e9a617-0261-4cee-bb44-138d3ef5d965
SPE_E5
06ebc4ee-1bb5-47dd-8120-11324bc54e06
WIN10_VDA_E3
6a0f6da5-0b87-4190-a6ae-9bb5a2b9546a
WIN10_VDA_E5
488ba24a-39a9-4473-8ee5-19291e71b002
Please let me know if you have any further questions.
- Can user postpone the reboot you just mentioned?
- RichardLian
Hi Romaric. Autopatch uses a combination of active hours along with update compliance deadlines to schedule device reboots. If Windows can't find a time to update outside of active hours, users will be notified, and a reboot will need to be scheduled within active hours. In answer to your question: a user can reschedule/postpone if necessary, but isn't able to reschedule past the deadline.
This Autopatch Doc outlines the typical End user experience and some scenarios which you might find useful: End user experience - Windows Deployment | Microsoft Docs
- If an important zero day vulnerability definition remediation is needed will the CVE be deployed faster or will it still have to wait until patch Tuesday.
- Thanks for flagging this gap in our service, it's great feedback. Right now Autopatch doesn't have a great Out of Band Update story. Action in this space means that we would likely need to change the service pre-requisites for Co-management to include Applications Workload so requires some thinking and planning.
- If we already use WUfB, what's the benefit of Autopatch ?
- Chris_Tulip
The analogy I use is that using WUfB is like owning a tool box and Autopatch is like hiring a carpenter. Autopatch not only configures update policies for you but also monitors release health to identify if devices will be impacted by those changes. On top of that Autopatch delivers an SLO around different update types which WUfB doesn't. There's a lot more to say but hopefully helps a little!
- How are the machine reboots handled by autopatch? The main issue is getting the users to reboot their machines once patched can this controlled in Autopatch?
- Cameron_KingAt launch, reboot timing can be controlled using active hours, allowing windows to find a time to update while the device isn't in use. Autopatch uses update compliance deadlines so if windows can't find a time to update outside of active hours, users will be notified, and a reboot will need to be scheduled within active hours. Additionally, this doc outlines a few scenarios around the end user experience and how they are handled in Autopatch: https://docs.microsoft.com/en-us/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-end-user-exp
