Microsoft Windows Autopatch Available for E3 and E5 License Holders - Binary Defense

Threat Watch

Threat Watch Microsoft Windows Autopatch Available for E3 and E5 License Holders

Microsoft Windows Autopatch Available for E3 and E5 License Holders

On Monday Microsoft announced that E3 and E5 license holders now have Windows Autopatch available to them. Autopatch is a feature that leverages Azure Active Directory (AD) to roll out quality and feature updates to four different rings in a staggered deployment. The feature requires Microsoft Intune, and for devices to be either Hybrid Azure or Azure AD-joined. For critical security updates, Autopatch has an expedited release schedule. In addition to quality and feature updates, Autopatch also supports Microsoft Edge, Teams, and 365 software.

Windows Autopatch has a target for standard quality and feature updates of 95% of devices patched within 21 days of the patch release. It accomplishes this by deploying to a manually defined Test ring, followed by the First, Fast, and Broad rings, which represent 1%, 9%, and 90% of devices, respectively. The test ring is intended for administrators to vet new patches; by the time the Fast ring has been deployed, companies should have enough systems patched to identify potential issues with the Broad release. For expedited releases, all devices receive the patch as soon as possible, ignoring the ring assignments entirely.

ANALYST NOTES

Native automation of patch deployment is a huge step forward, and companies with E3 and E5 licenses are highly encouraged to test Autopatch in their environment. Autopatch will enable administrators in charge of patching to focus more time on vetting patches and remediating issues by reducing the amount of time spent planning and deploying patches. Enrollment of devices is managed by group membership, which means particularly sensitive systems can be left out of Autopatch for manual or more targeted patching.

It’s worth noting that the Test ring, by default, is not assigned any systems, so administrators must assign systems they wish to use for testing manually, but the other rings are automatically populated. Companies may find value in moving high-output employees into the First or Fast rings to quickly identify potential issues, though there is some risk of impact to operations if an issue does arise.

https://thehackernews.com/2022/07/microsoft-windows-autopatch-is-now.html

https://docs.microsoft.com/en-us/windows/deployment/windows-autopatch/