If Windows Autopatch arrives in July as planned, some of you will be able to say goodbye to Patch Tuesday.
Aimed at enterprise users running Windows 10 and 11, Autopatch can, in theory, be used to replace the traditional Patch Tuesday to which administrators have become accustomed over the years. A small set of devices will get the patches first before Autopatch moves on to gradually larger sets, gated by checks to ensure that nothing breaks.
If an issue crops up, the updates can be paused, rolled back or just the bits of an update that aren’t broken rolled out. The cadence will also increase for urgent updates, such as zero-day threats.
Although Autopatch is available free for users running Windows 10/11 Enterprise E3 and above, there is a cost in terms of granular control. Earlier this month Microsoft confirmed it would not be possible to schedule rollouts only at certain days and times. It will also not be possible to individually approve or deny devices.
PowerShell fans will be disappointed to learn that “Programmatic access to Windows Autopatch is not currently available.”
As for where Autopatch pulls its fixes, Windows updates come from the General Availability Channel and Office updates come from the Monthly Enterprise Channel. Teams and Microsoft’s Edge browser are special cases – Edge has its own update service and the Teams client application is synchronized with changes to the Teams online service.
Drivers and firmware published to Windows Update as “Automatic” will also dribble down to users via Autopatch. Windows Server and Windows multi-session is not, however, supported.
While Patch Tuesday will continue for many of us, there is now an opportunity for administrators immersed in Windows at an enterprise level and tired of the monthly festival of fixes to free up resources and let Autopatch do its thing.
That’s as long as admins are willing to trust that Microsoft is better at managing updates than it is at quality control. ®