Microsoft plans to release a new tool that automate the patch management processvirtually eliminating Patch Tuesdays for many organizations.
The vendor’s new Windows Autopatch service will keep business PCs up to date at all times as part of a new feature included with the Windows Enterprise E3 subscription service. Customers running systems with a Windows 10 or Windows 11 Enterprise E3 license will be eligible for the new Patch Service, which is expected to be generally available in July.
“This service will automatically keep Windows and Office software up to date on enrolled devices at no additional cost,” Microsoft senior product marketing manager Lior Bela wrote in a statement. blog post. “IT administrators can save time and resources to generate value. The second Tuesday of every month will be ‘just another Tuesday’.”
Patch Tuesday (more recently called Update Tuesday) is a colloquial term used in the computer industry to refer to when Microsoft and others typically release one-time fixes to their operating system and other software. Patch Tuesday is always the second Tuesday of each month.
Microsoft said it automates software updates in response to the “evolving nature of technology”. For example, the pandemic has increased the demand for remote or hybrid working, making performance and security updates even more crucial as systems are more often found outside an organization’s firewall.
“The value should be felt immediately by IT administrators who won’t have to plan for deployment and sequencing of updates, and in the long term, as the increased bandwidth frees them up to focus on value creation,” Bela said. “Quality updates should improve device performance and reduce support tickets. Feature updates should provide users with an optimal user experience, with increased availability and new tools to create and collaborate. “
Windows Autopatch will be able to detect differences between endpoints and place them into four “test rings” or groups, then dynamically check them for necessary updates.
There will first be a “test ring” containing a minimum number of devices representative of all device types and configurations under management. The next ring is slightly larger and contains approximately 1% of all devices under management.
A third “fast” ring contains about 9% of the devices, and the remaining 90% of the devices will be assigned to a “wide” ring. The percentages do not change when devices are added or removed from the service network.
The purpose of the four rings is to ensure that there are no software issues associated with firmware or software updates. As each group passes the tests, updates are installed until all devices in an organization are patched.
Windows Autopatch will manage all aspects of device group deployments for Windows 10 and Windows 11 quality and feature updates, drivers, firmware, and Microsoft 365 Apps for enterprise updates, a Bella said.
From an endpoint management perspective, the main prerequisite for Autopatch is Intune or co-management. The service has a built-in readiness assessment tool that will check relevant settings in Intune, Azure Active Directory, and Microsoft 365 Apps for Enterprise to see that they are configured to work with Autopatch.
The online tool checks all of an organization’s settings in Microsoft Endpoint Manager, specifically Microsoft Intune, Azure Active Director, and Microsoft 365, to make sure they work with the Autopatch service. If any settings show up as “not ready,” the service has one-click instructions on how to fix the issues, Microsoft said.
“After you provide your consent, Microsoft automatically performs all other steps for you and will manage the creation of the right policies and groups so that updates are ready to be deployed,” said Mark Florida, product manager of Principal Engineering at Microsoft in a video presentation. “Talk about saving time. Imagine doing all the policy configuration and group definitions yourself. »
Join the newsletter!
Error: Please verify your email address.