Microsoft plans to release a new tool that will automate the patch management process, virtually eliminating Patch Tuesdays for many organizations.
The company's new Windows Autopatch service will keep business PCs continuously up-to-date as part of a new feature included in the Windows Enterprise E3 subscription service.
Organizations running systems with a Windows 10 or Windows 11 Enterprise E3 license will be eligible for the new patch service, which is expected to be generally available in July.
"This service will automatically keep Windows and Office software on enrolled devices up to date at no additional cost," Lior Bela, Microsoft's senior product marketing manager, wrote in a blog post. “IT managers can save time and resources to drive value. The second Tuesday of every month will be 'just another Tuesday'."
Microsoft
The Microsoft Autopatch feature requires one-click approval to work.
Patch Tuesday (more recently Update Tuesday) is a colloquial term used in the computer industry to refer to when Microsoft and others release unique fixes for your operating system and other software. Patch Tuesday is always the second Tuesday of every month.
Microsoft said it automates software updates in response to the "evolving nature of technology." For example, the pandemic has increased the demand for remote or hybrid work, making performance and security upgrades even more crucial as systems are more often outside an organization's firewall.
“IT administrators should feel the value immediately, since they won't have to plan for deployment and sequencing of updates, and in the long term, since the increased bandwidth frees them up to focus on value creation,” he said. beautiful. "Quality updates should improve device performance and reduce support tickets. Feature updates should provide users with a better user experience, with higher availability and new tools for creating and collaborating."
Windows Autopatch will be able to detect differences between endpoints and place them in four "test rings," or groups, then dynamically check them for necessary updates.
First there will be a "test ring" containing a minimum number of devices representative of all device types and configurations under management. The next ring is slightly larger, containing about 1% of all managed devices. A third "fast" ring contains approximately 9% of the devices, and the remaining 90% of the devices will be assigned to a "wide" ring. The percentages do not change when devices are added or removed from the service network.
The purpose of the four rings is to ensure that there are no software issues associated with firmware or software updates. As each group passes testing, updates are installed until all devices in an organization are patched.
Windows Autopatch will manage all aspects of device group deployments for Windows 10 and Windows 11 feature and quality updates, drivers, firmware, and Microsoft 365 Apps for enterprise updates, Bella said.
From an endpoint management perspective, the primary prerequisite for Autopatch is Intune or co-management. The service has a built-in readiness assessment tool that will check the relevant settings in Intune, Azure Active Directory, and Microsoft 365 Apps for enterprise to see if they are configured to work with Autopatch.
The online tool checks all of an organization's settings in Microsoft Endpoint Manager, specifically Microsoft Intune, Azure Active Director, and Microsoft 365, to make sure they work with the Autopatch service. If any settings show up as "not ready," the service has one-click instructions on how to fix the problems, Microsoft said.
"After you provide your consent, Microsoft automatically performs all other steps for you and will manage the creation of the correct policies and groups so that updates are ready to deploy," said Mark Florida, Microsoft Principal Engineering product manager at a video. presentation. “Speaking of saving time. Imagine doing all the policy configuration and group definitions yourself. »
Copyright © 2022 IDG Communications, Inc.