Windows Autopatch

IT professionals suffer a lot when trying to update operating systems and software. Usually, every second Tuesday of the month will be a huge struggle for IT admins as they have to check and update every software.

Microsoft came up with a new solution for this. They have introduced a new feature called “Windows Autopatch” which on enrolling keeps the Windows and Office software up-to-date for enrolled endpoints. This feature is available in Windows Enterprise E3.

How Does it Benefit?

Autopatch was created in reaction to the changing nature of technology. Changes like the virus outbreak urge for more remote or hybrid employment are significant, but they are just one part of a bigger cycle with no beginning or end. Market changes demand changes in business requirements. As new threats emerge, cybersecurity positions must be toughened. Innovations in hardware and software enhance usability and productivity. To compete effectively, improve security, and optimize performance, businesses must respond on a routine basis.

Complexity Management

Introducing new changes in an environment is very complex as it requires time and resources. As technology emerges everyday, the introduction of new changes is also increasing. This results in a security gap. A security gap is formed when the updates against security issues are not done within the time frame. A productivity gap is formed when updates relating to users’ ability to create and collaborate are not provided within the time frame.

How to Close these Gaps?

The Autopatch features manage the updates which in turn reduces the gaps that arise with security and productivity. As Microsoft stated, “The value should be felt immediately by IT admins who won’t have to plan update rollout and sequencing, and over the long term as increased bandwidth allows them more time to focus on driving value”. As Quality update improves performance, features updates can increase optimal experience.

The Approach

Windows Autopatch feature dynamically creates four test rings which represent the group of devices that are responsible for diversity in an enterprise.Image

Looking deep at every ring, the ‘Test’ ring has a minimum number of devices whereas the ‘First’ ring has about 1% of all the devices. The ‘Fast’ ring has nearly 9% of all the endpoints and all the rest of the devices come under the ‘Broad’ ring.


The devices inside these rings are managed automatically. Moving the devices from one ring to the other can be done by enterprise IT admins.

Progressive update Deployment

The alignment of these ring device populations is critical as the updates are done in a progressive way. The updates are initially installed in the ‘Test’ ring. After a validation period, they move to the next ring where testing is done. Progressively many devices receive updates which are monitored by Autopatch. Autopatch compares the present performance with the performance of pre-update metrics to the previous ring in case applicable. This balances speed and efficiency.

Quality updates – Security, firmware, and other functionality

Feature updates – UI/UX updates are given slowly. 30 days is afforded to each ring to interact with the software and report issues that can’t be detected automatically.

Autopatch remediates any issues and applies the remediation to future deployments which can get better with more updates.
Microsoft posted entire documentation about Windows Autopatch which can help IT, admins, work with ease.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.