I was recently configuring updates for a client’s Windows devices managed by Intune and came across the feature Windows Autopatch.
What is Windows Autopatch?
Autopatch is a service in Intune that automates the updates to Windows devices, the updates included Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams.
Pre-requisites
Windows Autopatch requires the following licences:
Microsoft 365 E3, Microsoft 365 E5, Windows 10/11 Enterprise E3, Windows 10/11 Enterprise E5 or Windows 10/11 Enterprise VDA
Azure Active Directory Premium
Devices must be already enrolled with Microsoft Intune prior to registering with Windows Autopatch
The following Windows OS 10 editions, 1809 builds and architecture are supported in Windows Autopatch:
- Windows 10 (1809+)/11 Pro
- Windows 10 (1809+)/11 Enterprise
- Windows 10 (1809+)/11 Pro for Workstations
Configuration
The first step is to run the Readiness assessment tool. This will make sure that the pre-reqs are met
Providing the pre-reqs are met the next step is to enroll your tenant to the Autopatch service:
Once enrolled you will see the following Feature updates and update rings for Windows 10 are created:
The next step is to add your Windows devices to the group “Windows Autopatch Device Registration”.
You can then assign the device(s) to the correct group. The group aligns with the update rings:
Test:
- Best for testing to validate compatibility of applications or operating system changes
First:
Can be used by eearly software adopters/devices that could be subject to pre-release updates
Fast:
- Detect quality issues before they’re offered to the whole business. Typically more stable than the Test and First groups
Broad:
This group is the last group to have feature and quality updates available
Upgrading to Windows 11
To update to Windows 11 you will see a profile called “Modern Workplace DSS Policy [Windows 11] in the feature updates section of Intune.
Add the device(s) to the group “Modern Workplace – Windows 11 Pre-Release Test Devices”
