(21) Windows Autopatch

Microsoft recently released this, more on what it does here

What is Windows Autopatch?

Windows Autopatch is a new service that automates the process of managing and rolling out updates for Windows and Microsoft 365 apps.

What are the prerequisites?

• Licensing: Windows Autopatch is available at no extra cost to Windows Enterprise E3 and above license holders. Available for:

• Microsoft 365 E3

• Microsoft 365 E5

• Windows 10/11 Enterprise E3

• Windows 10/11 Enterprise E5

• Windows 10/11 Enterprise VDA
  

• Specifications: Windows Autopatch works with Windows 10 and 11 Enterprise versions and, when we reach general availability, on virtual machines including Windows 365 Cloud PCs.

• Hardware requirements: Corporate-owned devices are running a current. supported version of Windows 10 or Windows 11, they can be enrolled in Windows Autopatch. Bring-your-own-device (BYOD) scenarios are not currently supported.

• Management requirements: Your devices must be managed with either Microsoft Intune or via Configuration Manager co-management.

• Identity requirements: User accounts must be managed by Azure Active Directory or Hybrid Azure Active Directory Join.

Enrol to Windows Autopatch Service

1. Navigate to https://endpoint.microsoft.com/ then select Tenant Administration

2. Then select Windows Autopatch then tick Select check box to allow Microsoft to assess and store results for the readiness assessment and then select Agree.

3. Select Run Checks, this will against what has been setup within the environment.

4. Select on View Details

5. This will advise what needs to be done in order to use Windows Autopatch

For Co-Management:

For Update Rings:

For Admins:

For Conditional Access:

6. Once all the following have been registered, it is time to register devices:

The following roles are required:

- Azure AD Global Administrator

- Intune Service Administrator

- Modern Workplace Intune Administrator