Windows Autopatch FAQ
Published Apr 05 2022 08:00 AM 84.8K Views
Microsoft

Note: The Windows Autopatch FAQ has moved to Microsoft Docs! Please bookmark the new location: https://aka.ms/AutopatchFAQ. No further updates will be made to this post and Comments are now closed. If you have a question or feedback about Autopatch, please post it in the Windows Autopatch Community.

 


With the announcement of Windows Autopatch, we know you may have questions about availability, pricing, prerequisites, capabilities, and support. We hope you find this FAQ useful, and we plan to update periodically until we reach general availability. If you have a question not represented here, please leave a comment below. Thank you for your interest in Windows Autopatch!

Jump to: Availability and pricing | Eligibility/prerequisites | Product features | Support and capabilities

Availability and pricing

When will Windows Autopatch be available?
Windows Autopatch will be released in July 2022. Stay up to date by bookmarking the Windows IT Pro Blog.

How much does Windows Autopatch cost?
Windows Autopatch is offered as a feature to Windows 10/11 Enterprise E3 at no additional cost.

Will Windows Autopatch be available for state and local government customers? (New: April 29, 2022)
Windows Autopatch is available for all Windows Enterprise E3 customers using Azure commercial cloud. However, we currently do not support government cloud (GCC) customers.

Eligibility/prerequisites

What are the prerequisites for Windows Autopatch? (Updated: June 8, 2022)

Intune only:

  • Azure Active Directory (Azure AD)
  • Microsoft Intune
  • Windows 10/11 Enterprise and Professional editions

Co-management

  • Hybrid Azure AD-Joined or Azure AD-joined only
  • Microsoft Intune
  • Configuration Manager, version 2010 or later
  • Switch workloads for device configuration, Windows Update, and Microsoft 365 Apps from Configuration Manager to Intune (min Pilot Intune)
  • Co-management workloads

What are the licensing requirements for Windows Autopatch?

  • Windows 10/11 Enterprise E3 and up
  • Azure AD Premium (for co-management)
  • Microsoft Intune (includes Configuration Manager, version 2010 or greater via co-management)

Does Windows Autopatch support Education (A3) or Frontline worker (F3) licensing? (Updated: June 8, 2022)

Windows Autopatch is not currently available for ‘A’ or 'F' series licensing.

Are there hardware requirements for Windows Autopatch?
No, Windows Autopatch does not require any specific hardware. However, hardware requirements for updates are still applicable. For example, to deliver Windows 11 to your Windows Autopatch devices, those devices must meet the Windows 11 hardware requirements. Windows devices must still be in support by Hardware OEM.

Is a device reimage required for Windows Autopatch?
Reset or reimage is not required.

Product features

What systems does Windows Autopatch update?
Windows Autopatch manages all aspects of deployment groups for Windows 10 and Windows 11 quality and feature updates, drivers, firmware, and Microsoft 365 Apps for enterprise updates.

Please note: Drivers and firmware that are published to Windows Update as Automatic will be delivered as part of Windows Autopatch.

Does Windows Autopatch affect Patch Tuesday? Do I have to change the way I manage updates for the devices in my organization? (New: April 29, 2022)
Monthly security and quality updates for supported versions of the Windows and Windows Server operating systems will continue to be delivered on the second Tuesday of the month (commonly referred to Patch Tuesday or Update Tuesday) as they have been to date.

Organizations can continue to use the same processes and tools they use today—such as Microsoft Endpoint Manager, Windows Update for Business, and Windows Server Update Services (WSUS)—to manage and deploy these updates.

Windows Autopatch utilizes the same tools just referenced – and leverages proven best practices backed by Microsoft experts – to provide an alternative for those organizations seeking a more automated, hands-off approach to deploying updates.

How does Windows Autopatch ensure updates are done successfully?
Updates are applied to a small initial set of devices, evaluated, and then graduated to increasingly larger sets, with an evaluation period at each progression. This process is dependent on customer testing and verification of all updates during these rollout stages. The outcome is to ensure that registered devices are always up to date and disruption to business operations is minimized, which will free an IT department from that ongoing task.

What happens if there is an issue with an update? (Updated: April 29, 2022)
Windows Autopatch relies on three key capabilities to help resolve update issues:

  • 'Halt' feature – Updates will not progress to the next ring unless targets for stability are met. Customers can also pause the update.
  • 'Rollback' feature – If devices don't meet performance targets after being updated, the updates may be undone automatically.
  • 'Selectivity' feature – Portions of an update with no issues may be passed on while portions that don't perform to target may be halted or rolled back selectively and automatically.

Is an update compliance report included in Windows Autopatch?
Update Compliance reporting is included in Windows Autopatch.

 

What is the difference between Windows Update for Business and Windows Autopatch? (Updated: June 8, 2022)
Windows Autopatch is a service which removes the need for organizations to plan and operate the update process. Windows Autopatch moves the IT orchestration burden from the customer to Microsoft. Windows Autopatch uses Windows Update for Business as well as other service components to update devices. Both are part of Windows Enterprise E3. Learn more about Windows Update for Business.

Support and capabilities

Will Windows Autopatch support local domain join for Windows 10? (Updated: June 8, 2022)
Windows Autopatch does not support local (on-premises) domain join. Windows Autopatch does support Hybrid AD join or Azure AD join.

What Windows versions are being supported? (Updated: June 8, 2022)
Windows Autopatch works with all supported versions of Windows 10 and Windows 11 Enterprise or Professional.

Is Windows 365 for Enterprise supported with Windows Autopatch?
Windows 365 for Enterprise is supported by Windows Autopatch, with the same support for Windows versions. Windows 365 for Business is not supported.

Are there any plans to support server OS during the Windows Autopatch preview?
Support for Windows Server OS and Windows multi-session is not currently on the Windows Autopatch roadmap.

Are non-Microsoft (third party) device OEM drivers supported with Windows Autopatch?
A subset of non-Microsoft device drivers is supported. Drivers and firmware that are published to Windows Update as ‘Automatic’ will be delivered as part of Windows Autopatch. Drivers published as ‘Manual’ will not be supported. These would need to be installed by other means. All drivers for the Microsoft Surface family of devices will be managed by Windows Autopatch.

Will patches be released more quickly after vulnerabilities are identified and patched for? Or will there still be some regular cadence to patch release timing? (New: June 8, 2022)
Windows Autopatch has a default release schedule that is used to deploy updates; this will be used in normal circumstances. For an update addressing a critical vulnerability, Windows Autopatch will expedite the release, aiming to patch all devices immediately.

Will updates be released more quickly after vulnerabilities are identified, or what is the regular cadence of patches? (New: June 8, 2022)
For zero-day threats, Autopatch will have a faster release cadence. For normal updates, Autopatch uses a regular release cadence starting with devices in the test ring and completing with general rollout to broad ring.

Can my organization configure when to move to the next ring or is this controlled by Windows Autopatch? (New: June 8, 2022)
The decision to promote to the next ring is handled by Windows Autopatch and is not currently configurable at the organization level.

Can you customize the scheduling of patch rollouts to only install on certain days and times? (New: June 8, 2022)
No, this is not currently supported in Windows Autopatch.

Can organizations using Windows Autopatch individually approve or deny devices? (New: June 8, 2022)
This is not possible. Once a device is registered with Windows Autopatch, updates are rolled out to devices according to ring assignments. Individual device-level control is not supported. However, you can control pause or resume at the ring level.

Does Windows Autopatch support include and exclude groups, or dynamic groups to define ring membership? (New: June 8, 2022)
Windows Autopatch only supports explicit include groups. However, adding or moving devices between rings is supported. We will assign devices to ring groups that have static members. Windows Autopatch does not currently support dynamic (or filtered) groups.

Are there specific APIs or PowerShell scripts available for Windows Autopatch? (New: June 8, 2022)
Programmatic access to Windows Autopatch is not currently available.

Does Windows Autopatch have two release cadences per update or are there two release cadences per ring? (New: June 8, 2022)
The release cadences are defined by the update content and define the schedule for ring rollout. The normal cadence will be a gradual rollout to the 'broad' ring, but expedited updates will roll out more rapidly.

How does the Windows Enterprise E3 license relate to user and device entitlement for Windows Autopatch? (New: June 8, 2022)
Windows Enterprise E3 is a per user entitlement which grants Windows Autopatch management of five devices.

What are the supported Windows versions? (New: June 8, 2022)
Windows Autopatch works with Windows 10 and 11 Enterprise and Professional editions.

Want to learn more?

Read the Windows Autopatch announcement and contact your Microsoft Sales Representative.

 

29 Comments
Co-Authors
Version history
Last update:
‎Aug 08 2022 09:08 AM
Updated by: