Welcome to the Windows Autopatch Community!


Hi everyone, welcome to the Windows Autopatch community!!


My name is Harman Thind, I am a Product Manager on the Windows Autopatch engineering team. This community board is open for Q/A, discussions or insights for our product! Various folks from my team will monitor this page and get back to you within 3 work days. Feel free to post anything and everything Windows Autopatch related here!


Additionally, Windows Autopatch is now in public preview! You can learn more at our public docs or by checking out our latest blog at:



7 Replies

@Harman_Thind I just tried autopatch and on one of the readiness checks, it is mentioned as:

Make sure that any conditional access policies you have don’t include any Windows Autopatch devices or users.


I am sure most organizations use Conditional Access and either device/user will be part of those CA. In that case, does it mean that we cant use Autopatch?


Did you run the readiness check as a Global Admin?
Thank you for sharing
best response confirmed by Harman_Thind (Microsoft)

Hi @Ambarish RH !
No you absolutely can still use Windows Autopatch if you have Conditional Access. However, conditional access policies will block Windows Autopatch service accounts from connecting to your tenant if the accounts are not excluded. As such, part of the enrollment process includes excluding our service accounts from your conditional access policies. For more information on how we handle this, check out our public docs on this:

Hi @Harman_Thind
You talk about excluding Windows Autopatch service accounts. But the assessment tool talks about excluding autopatch devices. But that would be all my devices.. I"m confused...

3. On the Include page, change the policy to use an assignment that targets a specific Azure AD group that doesn’t include any Windows Autopatch devices, and then select Save.



I too would like to know this.

I'm looking into the Conditional Access advisory and 3 of the supposedly affected Conditional Access policies are pointing to the same group. This group only contains users, no devices.


I also have an issue with Co-Management, but one problem at a time.......

We are interested to see if this feature will allow us to patch Exchange server as well?
Thanks and looking your response on this