Event details

nlmitchell's avatar
nlmitchell
Iron Contributor
Apr 17, 2025

Intune/Patching query...

Our team (Win11 24H2) have a Windows Update Ring applied through Intune to configure the OS on our devices for 'Windows Insider Release - Preview'. This was working a treat and we were receiving preview OS patches each month before they were released into Retail Channel (all our other devices) on Patch Tuesday.......until......we applied a Quality Updates policy through Intune enabling Windows Hotpatch. Since this was applied, we receive the 'Hotpatch capable' patches each month, but not the preview patches. Is this expected behaviour? We're hoping it just affects Quality Updates (monthly OS cumulatives) and not feature updates as 25H2 is due for preview release next month, or at least it has been May for the last few years.

We are also in the process of enabling Windows Autopatch and trying to ascertain how it all fits together, and Hotpatch is part of that as well. 

We like the idea of Hotpatching, 8 months of the year devices receive the security updates with not only a much smaller filesize, but without the need for devices to reboot in order to be fully protected, much less annoying for the end users. The other 4 months they get the usual monthly cumulative patch which does still require a reboot to finalise.

CaseyB's avatar
CaseyB
Iron Contributor
Apr 17, 2025

To tag onto this comment -- for Autopatch, after we activate that in Intune, there is no impact from activation -- we need to populate the groups for Autopatch, before anything would be triggered from a patch perspective?  We use Update Rings today and looking at doing some testing with Autopatch -- any suggestions on the best approach for that?

  • EricMoe's avatar
    EricMoe
    Icon for Microsoft rankMicrosoft
    Apr 17, 2025

    Hi CaseyB, 

    Start here: Manage Windows Autopatch groups | Microsoft Learn which will walk through how to use and manage Autopatch groups. If you already had Windows Update for Business rings configured, those remain. You can elect to move devices into new rings, or continue using those existing rings. We are trying to reduce the barrier of entry as much as possible.

    One of the biggest advantage of using Autopatch Groups is you can dynamically allocate devices across rings using percentages of a parent group. You don't need to define the group membership explicitly for every ring. That helps reduce admin overhead and makes management long-term a lot easier.