Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Before deploying updates with Windows Autopatch, ensure you meet the prerequisites. Use either Microsoft Intune or Microsoft Graph to manage updates with Windows Autopatch.
Use Microsoft Intune for Windows Autopatch
Microsoft Intune provides a full-service management suite for Windows devices. Windows Autopatch is embedded natively in that console.
Patch compliance and velocity
Windows Autopatch aims to update 95% of devices by their target compliance date. That date is calculated based on when the content is offered and when the client is configured to finish the installation. Configure those settings in Intune using a Windows Autopatch group or Update Ring policy.
To get secure as fast as possible, enable hotpatching on your devices. Full security updates are applied as soon as the content is installed, instead of waiting for a restart. Hotpatching often gets devices up to date days sooner. Learn more about hotpatch updates.
Content controls
Windows Autopatch lets you control which Windows updates get deployed to your devices. For each content type, you can choose to either deploy those updates automatically or require manual approval.
Once content is approved for deployment, it’s best practice to roll it out gradually to your devices. That way, if an update causes an issue, you detect it early and can respond quickly.
The easiest way to set up a safe rollout and configure the approval strategy for a group of devices is to create a Windows Autopatch group. They help you do three things:
- Distribute devices into Microsoft Entra groups on an ongoing basis.
- Let you configure your approval strategy for different content types.
- Let you configure your rollout schedule for each ring.
Alternatively, you can do the same things by creating individual policies for each content type:
Update reporting
Once a device is a member of a policy, Windows Autopatch provides reporting on both quality and feature updates. Client devices reflect changes in under four hours. Reports allow you to see both trends over time as well as detailed status for each device. Device alerts help you understand any issues preventing a device from updating.
Windows Autopatch in Microsoft Graph
You can use Windows Autopatch programmatic controls to approve and schedule software updates through Microsoft Graph API. Choose whether to call the API directly, through a Graph SDK, or integrate them with a management tool such as Microsoft Intune.
There are currently programmatic controls for the following features of Windows Autopatch: