Microsoft announced the general availability of a service called Autopatch that automates the process of managing and rolling out updates to Windows and Office software. The feature is available for Windows Enterprise E3 and E5 licenses, but Windows Education (A3) or Windows Front Line Worker (F3) licenses are not covered.
Microsoft initially announced the implementation of the new feature in March 2022 that aims at keeping its systems up-to-date. The move aims at improving the patch management process in enterprises that could be exposed to cyber-attacks in case they fail in installing the available patch and upgrades.
Microsoft announced that it will continue to roll out Partch Tuesday security updates and Autopatch will help “streamline updating operations and create new opportunities for IT pros.”
A robust update process leverages update deployment rings. The Windows Autopatch feature works dynamically creating 4 testing rings, each of them representative of all the diversity in an enterprise. The updates are initially tested on a small set of devices, then if the installation creates no problems, the installation is extended to increasingly larger sets, with an evaluation period at each progression.
“The ‘test ring’ contains a minimum number of representative devices. The ‘first’ ring is slightly larger, containing about 1% of all devices under management. The ‘fast’ ring contains about 9% of endpoints, with the rest assigned to the ‘broad’ ring.” continues the announcement.
“Windows Autopatch aims to keep at least 95% of eligible devices on the latest Windows quality update 21 days after release,” states Microsoft. “When running an expedited release, the regular goal […] no longer applies. Instead, Windows Autopatch greatly accelerates the release schedule of the release to update the environment more quickly.”
(SecurityAffairs – hacking, Microsoft autopatch)