Event banner
Event details
74 Comments
The video Lior mentioned is here - and you can use these links to jump to specific topics of interest
00:51 - The Vision for Windows Autopatch03:30 – Customer Input and the Evolution of Windows Autopatch
06:10 – Autopatch Service Highlights
10:33 - Incident Response
11:55 – The Windows Autopatch App Assure Promise
13:54 - Windows Update for Business and Windows Autopatch
14:55 - Roadmap - Feature Updates
16:15 - Roadmap - Upgrade to Windows 11
17:06 - Roadmap - Microsoft 365 updates
17:45 - Roadmap -Business Groups
19:02 - Roadmap - Azure Virtual Desktops
- thx for that, very comprehensive and helpful!
Are there any plans for functionality like "maintenance windows" to give more control on when updates install?
Eg I want a set of devices in the same ring to only patch at given time:
- device 1-50 patch on monday between 12.00-14.00
- device 51 - 100 patch on thu between 12.00-14.00
This would allow to communicate clearly to the business when their systems will be touched.- Thx for the answer during the session - much appreciated! If I understand correctly you are approaching this more from a "block" perspective (eg do nothing during active hours). I believe customers would also like the approach from an "allow" perspective (eg only patch during this defined time window).
- Mounica_Battula
Microsoft
We are working on a feature to enable customers to more explicitly define when updates can get installed. Since deadline can force an installation/reboot, this can cause interruptions for some customers critical devices and that must be avoided. So, we're adding options to set deployments that are more based on Schedule of availability and avoid automatic restarts at certain periods. This ensures automatic updates won't interrupt things, but the trade off is there are no deadline.
- The nervousness for adoption in our organisation is around expensive central management that we operate today with MECM and the control we apply. The concern is scenario based where a patch breaks something with a business specific app/function but only that one organisation, will Microsoft still seek to fix forward (assuming rollback is still the expected interim solution)? (Perhaps this is then offloaded to App Assure team)
That's right, App Assure backs Autopatch - they talk about it in this portion of our last video. And if you keep watching that same episode, some of your other questions around business-specific apps and increased controls may be answered with the conversation around future features.
- We had an issue where a device was registered for Autopatch, then we de-registered it, then when we tried to re-register it we couldn't. We heard a flag is added to the computer object that needs to be removed by MS before you can re-register. If true, why the flag? Is there a reason why devices shouldn't be re-registered for Autopatch?
- Andre Della Monica
Hi michelle your understanding is correct. We add an "excluded" flag in the moment to devices that you decided that should not be part of the service because most of the time, these devices are still part of our Azure AD group (Windows Autopatch Device Registration) and we don't want to automatically re-register them for you next time we scan for devices in the Windows Autopatch Device Registration group, in addition, Azure AD doesn't provide a good way of programmatically removing devices from a dynamic rule in Azure AD groups today. We're working with the Azure AD team to address this scenario in the future in Autopatch. Also, as we introduce the new Business Groups feature in Windows Autopatch, we'll remove the dependency we have today where you must add devices into our Windows Autopatch Device Registration Azure AD group, we'll register devices by leveraging your own Azure AD groups in a near future.
- Thank you Andre 🙂
How about non-Microsoft products (3rd party patching in config manager) 🙂
Hopefully the live discussion gave you the answer that you were looking for - to follow up on this topic be sure to join the Autopatch tech community.
Look for the next Windows Autopatch blog to drop by the second week of November – and find all our posts in one place at: Aka.ms/MoreAboutAutopatch
- Will there be any enhancement to autopatch for patching thirdparty software similar to the CM plugins that are available?
Will you in the future also add Firmware updates to the solution? (like bios or hardware firmware). These updates are so often forgotten or not up to date and can be absolutely necessary for security or support reasons.
- SoupAtMSFTAt present, Windows Autopatch only deploys those updates marked as "Required". We're investigating opportunities around optional updates in collaboration with the Windows Updates for Business team.
- WaagsDrivers and firmware that are published to Windows Update as Automatic will be delivered as part of Windows Autopatch. A subset of non-Microsoft device drivers is supported. Drivers and firmware that are published to Windows Update as ‘Automatic’ will be delivered as part of Windows Autopatch. Drivers published as ‘Manual’ will not be supported. These would need to be installed by other means. All drivers for the Microsoft Surface family of devices will be managed by Windows Autopatch.
- We are currently trialing autopatch in our environment and are seeing great success. With Windows 10 and 11 22H2 out now we are excited to get that out in our environment but see it is not available to our even our test group yet. For future Feature Updates, is there an expected timeline between release and when it makes its way to our autopatch rings?
- Also interested in this
- Andre Della MonicaJack Eller - This is a great question. We're moving towards a model where we want to give you the opportunity to control what's the right cadence/speed in which you want to deploy Windows Feature updates in Windows Autopatch. If that maybe it's necessary for your patch management process, and you're okay with what Windows Autopatch sets up by default in its default 4 deployment rings, you can go that route. By default, Windows Autopatch aligns to the deployment cadence represented in this documentation: https://learn.microsoft.com/en-us/windows/release-health/release-information
- When using WUfB or Autopatch will all the systems in my tenant update on the same day if they are included in the same group or will I need to continue to keep them in different rings/groups?
- Matt_Bailey
Thanks for the question Christopher. Devices will be offered updates based on the deployment ring they are allocated to. Windows Autopatch will allocate the devices to the deployment rings when the device is registered with the service. You can move devices between deployment rings manually if you want a device to be in a certain ring in order to receive updates earlier or later. More details in our docs here
- SoupAtMSFTand a reminder that you'll need to manually assign devices to your TEST ring.
