Upravit

Sdílet prostřednictvím


Frequently Asked Questions about Windows Autopatch

This article answers frequently asked questions about Windows Autopatch.

General

What is the difference between Windows Update for Business and Windows Autopatch?

Windows Autopatch is a service that removes the need for organizations to plan and operate the update process. Windows Autopatch moves the burden from your IT to Microsoft. Windows Autopatch uses Windows Update for Business and other service components to update devices. Both are part of Windows Enterprise E3+ and F3.

Is Windows 365 for Enterprise supported with Windows Autopatch?

Windows Autopatch supports Windows 365 for Enterprise. Windows 365 for Business isn't supported.

Will Windows Autopatch support local domain join Windows 10?

Windows Autopatch doesn't support local (on-premises) domain join. Windows Autopatch supports Microsoft Hybrid Entra join or Microsoft Entra join.

Will Windows Autopatch be available for state and local government customers?

Windows Autopatch is available for all Windows E3 customers using Azure commercial cloud. However, Autopatch isn't currently supported for government cloud (GCC) customers. Although Windows 365 Enterprise is in the Azure Commercial cloud, when Windows 365 Enterprise is used with a GCC customer tenant, Autopatch is not supported.

How do I access Windows Autopatch?

You can access Windows Autopatch through Intune. For more information, see Start using Windows Autopatch and Prerequisites to ensure you meet the licensing requirements to activate all Windows Autopatch features.

Requirements

What are the licensing requirements for Windows Autopatch?

Business Premium and A3+ licenses include:

  • Microsoft 365 Business Premium (for more information on available licenses, see Microsoft 365 licensing)
  • Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
  • Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
  • Windows 10/11 Enterprise E3 or E5 VDA To activate all Windows Autopatch features, you must have Windows 10/11 Enterprise E3+ or F3 (included in Microsoft 365 F3, E3, or E5) licenses. Feature activation is optional and at no additional cost to you when you have Windows 10/11 Enterprise E3+ or F3 licenses. For more information, see Licenses and entitlements. The following licenses provide access to the Windows Autopatch features included in Business premium and A3+ licenses and its additional features after you activate Windows Autopatch features:
  • Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
  • Windows 10/11 Enterprise E3 or E5 VDA

What are the prerequisites for Windows Autopatch?

Additional prerequisites for devices managed by Configuration Manager:

What are the Intune permissions needed to operate Windows Autopatch?

You must use the Microsoft Entra Global Administrator role to activate Windows Autopatch features. For registering devices, managing update deployment and reporting tasks, use the Intune Service Administrator role. For more information, see Built-in roles for device registration.

Are there hardware requirements for Windows Autopatch?

No, Windows Autopatch doesn't require any specific hardware. However, general hardware requirements for updates are still applicable. For example, to deliver Windows 11 to your Autopatch devices they must meet specific hardware requirements. Windows devices must be supported by your hardware OEM.

Device registration

Who can register devices into Windows Autopatch?

You can only register devices into Windows Autopatch if you have E3+ or F3 licenses and have activated Windows Autopatch features. For more information, see Features and capabilities.

Does Autopatch on Windows 365 Cloud PCs have any feature difference from a physical device?

No, Windows 365 Enterprise Cloud PC's support all features of Windows Autopatch. For more information, see Virtual devices.

Do my Cloud PCs appear any differently in the Windows Autopatch admin center?

Cloud PC displays the model as the license type you've provisioned. For more information, see Windows Autopatch on Windows 365 Enterprise Workloads.

Can I run Autopatch on my Windows 365 Business Workloads?

No. Autopatch is only available on enterprise workloads. For more information, see Windows Autopatch on Windows 365 Enterprise Workloads.

Can you change the policies and configurations created by Windows Autopatch?

No. Don't change, edit, add to, or remove any of the configurations. Doing so might cause unintended configuration conflicts and impact the Windows Autopatch service. For more information about policies and configurations, see Changes made at feature activation.

How can I represent our organizational structure with our own deployment cadence?

Windows Autopatch groups helps you manage updates in a way that makes sense for your businesses. For more information, see Windows Autopatch groups overview and Manage Windows Autopatch groups.

Manage updates

Who can manage updates with activated Windows Autopatch features?

This only applies if you have E3+ or F3 licenses and have activated Windows Autopatch features. For more information, see Features and capabilities.

What systems does Windows Autopatch update?

  • Windows 10/11 quality updates: Windows Autopatch manages all aspects of deployment rings.
  • Windows 10/11 feature updates: Windows Autopatch manages all aspects of deployment rings.
  • Microsoft 365 Apps for enterprise updates: All devices registered for Windows Autopatch will receive updates from the Monthly Enterprise Channel.
  • Microsoft Edge: Windows Autopatch configures eligible devices to benefit from Microsoft Edge's progressive rollouts on the Stable channel and will provide support for issues with Microsoft Edge updates.
  • Microsoft Teams: Windows Autopatch allows eligible devices to benefit from the standard automatic update channels and will provide support for issues with Teams updates.

What does Windows Autopatch do to ensure updates are done successfully?

For Windows quality and feature updates, updates are applied to devices in a gradual manner. There's an evaluation period at each progression. This process is dependent on customer testing and verification of all updates during these rollout stages. The outcome is to ensure that registered devices are always up to date and disruption to business operations is minimized to free up your IT department from that ongoing task.

What happens if there's an issue with an update?

Autopatch relies on the following capabilities to help resolve update issues:

Can I permanently pause a Windows feature update deployment?

Yes. Windows Autopatch provides a permanent pause of a feature update deployment.

Will Windows quality updates be released more quickly after vulnerabilities are identified, or what is the regular cadence of updates?

For zero-day threats, Autopatch will have an Out of Band release. For normal updates Autopatch, uses a regular release cadence starting with devices in the Test ring and completing with general rollout to the Broad ring.

Can customers configure when to move to the next ring or is it controlled by Windows Autopatch?

The decision of when to move to the next ring is handled by Windows Autopatch; it isn't customer configurable.

Does Autopatch support include and exclude groups, or dynamic groups to define deployment ring membership?

Windows Autopatch doesn't support managing update deployment ring membership using your Microsoft Entra groups. For more information, see Move devices in between deployment rings.

Does Autopatch have two release cadences per update or are there two release cadences per-ring?

The release cadences are defined based on the update type. For example, a regular cadence (for a Windows quality update would be a gradual rollout from the Test ring to the Broad ring over 14 days whereas an Out of Band release would roll out more rapidly.

Support

What support is available for customers who need help with onboarding to Windows Autopatch?

The FastTrack Center is the primary mode of support for customers who need assistance from Microsoft to meet the pre-requisites (such as Intune and Azure or Hybrid AD) for onboarding to Windows Autopatch. For more information, see Microsoft FastTrack for Windows Autopatch. If you have Windows Enterprise E3+ or E5 licenses and you've activated Windows Autopatch features, you can submit a support request with the Windows Autopatch Service Engineering Team.

Does Windows Autopatch Support Dual Scan for Windows Update?

Dual Scan for Windows has been deprecated and replaced with the scan source policy. Windows Autopatch supports the scan source policy if the Feature updates, and Windows quality updates workloads are configured for Windows update. If Feature and Windows updates are configured for WSUS, it could cause disruptions to the service and your release schedules.

Additional Content

Provide feedback or start a discussion in our Windows Autopatch Tech Community