On Monday Microsoft announced that E3 and E5 license holders now have Windows Autopatch available to them. Autopatch is a feature that leverages Azure Active Directory (AD) to roll out quality and feature updates to four different rings in a staggered deployment. The feature requires Microsoft Intune, and for devices to be either Hybrid Azure or Azure AD-joined. For critical security updates, Autopatch has an expedited release schedule. In addition to quality and feature updates, Autopatch also supports Microsoft Edge, Teams, and 365 software.
Windows Autopatch has a target for standard quality and feature updates of 95% of devices patched within 21 days of the patch release. It accomplishes this by deploying to a manually defined Test ring, followed by the First, Fast, and Broad rings, which represent 1%, 9%, and 90% of devices, respectively. The test ring is intended for administrators to vet new patches; by the time the Fast ring has been deployed, companies should have enough systems patched to identify potential issues with the Broad release. For expedited releases, all devices receive the patch as soon as possible, ignoring the ring assignments entirely.