Last month we took a deep dive into the update powers available to IT teams from Microsoft – including two videos to explain the differences between the solutions on offer. This month we're back to talk about what's new in the service.
New Windows Autopatch tenant health status
The new ‘Inactive Status' feature is intended to make IT admins' lives easier. To help administrators recognize critically urgent issues that require immediate action, the status of their Windows Autopatch instance will be set to ‘inactive.' This will limit administrator access to only the Windows Autopatch blades and controls that need attention. Examples include misconfigured tenant access settings that would prevent the service from operating properly or software licensing issues. All other Intune features will remain accessible, and tenants that are in good health won't experience any changes.
Independent insights into the impact of Windows Autopatch from Forrester
Forrester has just released a study that features real Windows Autopatch customers talking about the impact the service has had on their organization and has prepared some projections so you can gauge what real value you might expect from enrolling your devices. The executive summary is a great starting point, but if you're looking for the full Forrester Consulting Total Economic Impact™ Study Commissioned by Microsoft, read New Technology: The Projected Total Economic Impact™ Of Windows Autopatch.
We think these real customer quotes will make you want to read more:
|
"By making sure that our software is current, there are fewer vulnerabilities and threats for those devices. It reduces that security gap for us." - CISO and chief data protection officer, digital services |
|
"We want to make sure that we are hitting full compliance each month, and we want to be able to get this stuff out as quickly as we can. [Windows] Autopatch gives us that visibility and the reliability of getting better patch results than we've had before." - Manager of computing solutions, chemicals |
The value of keeping security up to date
New security technology was the hot topic at Microsoft Secure, but The Microsoft Digital Defense Report 2022, released late last year, shared an important finding: 98% of cyber-attacks can be prevented with ‘basic security hygiene' of which ‘Keep up to date' is a key component.
While this statement alone should encourage all security-minded decision makers to take a keen interest in patching, there's even more to the security value of Windows Autopatch. We dive into that story in this episode of our YouTube series Behind The Screens with Windows Autopatch and in some exciting assets you'll see soon, especially if you subscribe to this blog.
New feature in public preview: customize quality updates deployment cadence with Windows Autopatch
Windows Autopatch now allows you to set custom schedules for the deployment of quality updates for each of your rings. While we recommend the default settings, we acknowledge that some organizations have unique needs. With the public preview release of this feature this month, we hope you'll test the ability for this feature to meet those needs. Offer your feedback via our community page.
Custom cadence types
In short, admins will now be able to define when updates are released to rings with custom deadline-driven or scheduled install settings from the Devices > Windows Autopatch > Release management blade in Microsoft Intune.
Deadline-driven customizations allow customers to change deferrals and deadlines (within a 14-day window) and grace periods (within a 7-day window) for each deployment ring.
Scheduled install customizations prevent forced restarts or interruptions and allow admins to specify when an update is applied—either outside active hours (if defined) or at a defined occurrence. For an in-depth explanation of how these features work, see the documentation here.
Now in general availability: the ability to opt-out of updates for Microsoft 365 Apps
Announced last month, and now generally available, Intune administrators can now block Windows Autopatch from offering Microsoft 365 apps updates. Since Windows Autopatch currently sets enrolled devices to Microsoft 365 app updates via the Monthly Enterprise Channel, this feature allows organizations subscribed to different channels to still take advantage of Windows Autopatch.
Autopatch is turning 1!
Major milestones are often a time for looking back, but the Windows Autopatch team is instead moving full steam ahead to make the next year one to remember. Currently enrolled customers have seen some message center posts that hint at features that are coming soon to public preview.
For those still waiting to enroll their tenants, here's a peek at what's coming:
- Custom ring configurations and a new 5-ring default
- Autopatch groups to apply different cadences and ring configurations to discrete populations of devices
- Update to Windows 11 with Windows Autopatch
- New reports with more granular detail, including feature updates
- New guardrails and controls to keep policies and configurations working smoothly
Continue the conversation. Find best practices. Bookmark the Windows Tech Community and follow us @MSWindowsITPro on Twitter. Looking for support? Visit Windows on Microsoft Q&A.