Bewerken

Delen via


Windows quality updates

You can manage Windows quality update profiles for Windows 10 and later devices. You can expedite a specific Windows quality update using targeted policies.

For more information about how to expedite quality update for Windows 10 or later in Microsoft Intune, see Use Intune to expedite Windows quality updates.

Service level objective

Important

The information in this article or section only applies if you have Windows Enterprise E3+ or F3 licenses (included in Microsoft 365 F3, E3, or E5) licenses and have activated Windows Autopatch features.

Feature activation is optional and at no additional cost to you if you have Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) licenses.

For more information, see Licenses and entitlements. If you choose not to go through feature activation, you can still use the Windows Autopatch service for the features included in Business premium and A3+ licenses.

Windows Autopatch aims to keep at least 95% of Up to Date devices on the latest quality update. Autopatch uses the previously defined release schedule on a per ring basis with a five-day reporting period to calculate and evaluate the service level objective (SLO). The result of the service level objective is the column "% with the latest quality update" displayed in the Windows updates blade and reporting.

Service level objective calculation

Important

The information in this article or section only applies if you have Windows Enterprise E3+ or F3 licenses (included in Microsoft 365 F3, E3, or E5) licenses and have activated Windows Autopatch features.

Feature activation is optional and at no additional cost to you if you have Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) licenses.

For more information, see Licenses and entitlements. If you choose not to go through feature activation, you can still use the Windows Autopatch service for the features included in Business premium and A3+ licenses.

There are two states a device can be in when calculating the service level objective (SLO):

  • Devices that are active during the release
  • Devices that become active after the release

The service level objective for each of these states is calculated as:

State Calculation
Device that is active during release This service level objective calculation assumes the device has typical activity during the scheduled release period. Calculated by:

Deferral + Deadline + Reporting Period = service level objective

Device that becomes active after release This service level objective calculation refers to offline devices during the scheduled release period but come back online later. Calculated by:

Grace Period + Reporting period = service level objective

Timeframe Value defined in
Deferral Targeted deployment ring
Deadline Targeted deployment ring
Grace period Targeted deployment ring
Reporting period Five days. Value defined by Windows Autopatch.

Note

Targeted deployment ring refers to the deployment ring value of the device in question. If a device has a five day deferral with a two day deadline, and two day grace period, the SLO for the device would be calculated to 5 + 2 + 5 = 12-day service level objective from the second Tuesday of the month. The five day reporting period is one established by Windows Autopatch to allow enough time for device check-in reporting and data evaluation within the service.

Important

Windows Autopatch supports registering Windows 10 and Windows 11 Long-Term Servicing Channel (LTSC) devices that are being currently serviced by the Windows 10 LTSC or Windows 11 LTSC. The service only supports managing the Windows quality updates workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use LTSC media or the Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade for Windows devices that are part of the LTSC.

Out of Band releases

Important

The information in section applies to Business premium, A3+, E3+ and F3 licenses. For more information, see Features and capabilities and Licenses and entitlements.

Windows Autopatch schedules and deploys required Out of Band (OOB) updates released outside of the normal schedule.

For the deployment rings that pass quality updates deferral date, the OOB release schedule is expedited and deployed on the same day. For the deployment rings that have deferral upcoming, OOBs are released as per the specified deferral dates.

Pause and resume a release

Important

Due to a recent change, we have identified an issue that prevents the Paused and Pause status columns from being displayed in reporting. Until a fix is deployed, you must keep track of your paused releases so you can resume them at a later date. The team is actively working on resolving this issue and we'll provide an update when a fix is deployed.

The service-level pause is driven by the various software update deployment-related signals. Windows Autopatch receives from Windows Update for Business, and several other product groups within Microsoft.

If Windows Autopatch detects a significant issue with a release, we might decide to pause that release.

Important

Pausing or resuming an update can take up to eight hours to be applied to devices. Windows Autopatch uses Microsoft Intune as its device management solution and that's the average frequency Windows devices take to communicate back to Microsoft Intune with new instructions to pause, resume or rollback updates.

For more information, see how long does it take for devices to get a policy, profile, or app after they are assigned from Microsoft Intune.

To pause and resume a release:

Important

You can only pause an Autopatch group if you have Windows Enterprise E3+ or F3 licenses (included in Microsoft 365 F3, E3, or E5) licenses and have activated Windows Autopatch features.

Feature activation is optional and at no additional cost to you if you have Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) licenses.

For more information, see Licenses and entitlements. If you choose not to go through feature activation, you can still use the Windows Autopatch service for the features included in Business premium and A3+ licenses.

  1. Go to the Microsoft Intune admin center.
  2. Select Devices from the left navigation menu.
  3. Under the Manage updates section, select Windows updates.
  4. In the Windows updates blade, select the Update rings tab.
  5. Select the Autopatch group or deployment ring that you want to pause or resume. Select either: Pause or Resume. Alternatively, you can select the horizontal ellipses (...) of the Autopatch group or deployment ring you want to pause or resume. Select, Pause, or Resume from the dropdown menu.
  6. If you're resuming an update, you can select one or more Autopatch groups or deployment rings.
  7. Select Pause or Resume deployment.

The following statuses are associated with paused quality updates:

Status Description
Paused by Service If the Windows Autopatch service paused an update, the release has the Paused by Service status. The Paused by Service status only applies to rings that aren't Paused by the Tenant.
Paused by Tenant If you paused an update, the release has the Paused by Tenant status. The Windows Autopatch service can't overwrite a tenant pause. You must select Resume to resume the update.

Remediating Not ready and/or Not up to Date devices

Important

The information in this article or section only applies if you have Windows Enterprise E3+ or F3 licenses (included in Microsoft 365 F3, E3, or E5) licenses and have activated Windows Autopatch features.

Feature activation is optional and at no additional cost to you if you have Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) licenses.

For more information, see Licenses and entitlements. If you choose not to go through feature activation, you can still use the Windows Autopatch service for the features included in Business premium and A3+ licenses.

To ensure your devices receive Windows quality updates, Windows Autopatch provides information on how you can remediate Windows Autopatch device alerts.