Windows Autopatch: 3-days implementation

Windows Autopatch is a new service from the Microsoft 365 world that automates the process of deploying updates related to Windows and all Microsoft 365 apps including Microsoft Edge and Microsoft Teams to improve the security and productivity of the entire organization.

Windows Autopatch requirements

• License:‎‎ Windows Autopatch is available at no additional cost in your Windows Enterprise E3 or later license.
• ‎Directions:‎‎ Windows Autopatch works with Windows 10 and 11 Enterprise editions, on virtual machines including Windows 365 Cloud PC.‎
• ‎Hardware requirements:‎‎ If your devices are running the latest version of Windows 10/11 or a supported version of Windows 10 or Windows 11, they can be enrolled in Windows Autopatch. Bring-your-own-device (BYOD) scenarios are not currently supported.‎
• ‎Management requirements:‎‎ Devices must be managed with Microsoft Intune or through Configuration Manager co-management.‎
• ‎Identity requirements:‎‎ User accounts must be managed by Azure Active Directory or Azure Active Directory hybrid join.‎

Agenda:

• Kick-off call to define the deployment scope, expectations, and requirements
• Enabling Autopatch Features within the Endpoint Manager portal
• Configuring Administrative Contacts Required When Activating the Feature
• Enrollment Tenant for Windows Autopatch
• Assessment Tools for Windows Autopatch
• Start Windows Autopatch Enrollment
• Windows Autopatch Device Registration
• Setting Group into Windows Autopatch Update Rings
• Document the activities and follow-ups for the certification of the work done

This deployment will cover the management of a maximum of 10 devices. After that a how-to document will be released

Application Update:

• Update Microsoft 365 Apps for Enterprise:

Feature availability is guaranteed only for 64-bit Microsoft 365 Apps for enterprise applications, and the device must have been enrolled in Intune for at least 5 days.

• Update Microsoft Edge:

The device must meet certain needs, first it must be connected and have an active internet connection, it must therefore reach all the services necessary to perform updates and Microsoft Edge must be closed to apply updates.

• Update Microsoft Teams:

Microsoft Teams must necessarily be installed inside the device and the same must reach the Teams update endpoints.

Operating system update:

The Windows update portion aims to keep at least 95% of devices eligible for the latest quality update within 21 days of release.

Available scenarios:

• Typical upgrade experience:

In this case, the user can immediately restart the device to apply the patch, choose to schedule the installation, or schedule the installation outside of business hours.

• Quality update expiration forces an update:

After 5 days, the expiration period of the update, the device will no longer consider extra working hours. After this deadline, the user will receive a notification and after 15 minutes the device will restart autonomously to apply the patches.

• Quality update grace period:

This is the scenario that occurs when the device at the time of release is offline, perhaps because the end user is on vacation or not present in the office. At the time of re-power-up, the device has passed the "expiration" of the update receives a grace period of two days after which it is restarted in an automated manner