Microsoft says Windows Autopatch tool is generally live

Updated on: 12 July 2022

Vilius Petkauskas
Deputy Editor

Windows Autopatch is going live — Image by Shutterstock.

Microsoft announced that the company‘s service for automatic patching of Windows systems is generally available.

Windows Autopatch feature has gone live for customers with Windows Enterprise E3 and E5 licenses, the tech giant announced.

The service is supposed to update Windows and Microsoft 365 software automatically. Microsoft claims that the new service will automatically manage the deployment of Windows 10 and Windows 11 quality and feature updates, firmware, and drivers.

“Essentially, Microsoft engineers use the Windows Update for Business client policies and deployment service tools on your behalf. The service creates testing rings and monitors rollouts-pausing and even rolling back changes where possible,” Lior Bela, Microsoft’s senior product marketing manager, said in a blog.

The new feature should streamline software update management from organizations to Microsoft. The Windows Autopatch functionality should allow IT staff to forego the update planning process.

“Because the Autopatch service has such a broad footprint, and pushes updates around the clock, we are able to detect potential issues among an incredibly diverse array of hardware and software configurations,” reads the blog entry.

Microsoft declares that the overall aim of the functionality is to prevent impactful issues from reaching companies in the first place. The company expects to avoid misconfiguration mishaps as 99.6% of apps are said to be compatible with Microsoft’s updates.

Windows Autopatch works by applying security updates in several steps. Once set up, the feature starts by separating devices into four groups.

The first one, called a ‘testing ring,’ contains the minimum number of necessary devices. The ‘first ring’ contains around 1% of all devices in the enterprise environment, the ‘fast ring’ around 9%, and the ‘broad ring’ the remaining 90%.

The updates are applied progressively, starting from the test ring and going further. Microsoft claims that this allows monitoring device performance before and after updates are applied. The company expects that the ring system will prevent issues as imbalances would be spotted in the test ring.

The feature should allow the company to mitigate the ever-present risk of zero-day vulnerabilities to Microsoft users.

For example, recently researchers discovered that malicious hackers have been using a zero-day exploit dubbed ‘Follina’ to conduct remote code execution attacks on Microsoft Office users. Even though Microsoft released updates for the vulnerability hours after its discovery, researchers found it being exploited in the wild weeks after discovery.