Microsoft Makes Improvements to Automatic Window Patching —



Microsoft makes improvements to automatic window patching

Microsoft this week described improvements for Windows Autopatch version 2208 for IT professionals, plus some extras.

Windows Autopatch is a service where Microsoft takes over the installation of “quality” and “feature” software updates on Enterprise and Pro editions of Windows 10 and Windows 11 devices for organizations. The service also handles updates to Microsoft 365 Apps for Enterprise, plus the Microsoft Edge browser.

Improvements in version 2208
An improvement in Windows Autopatch concerns detecting the status of devices and their readiness to receive software updates. Microsoft has improved this aspect in version 2208, stating that “IT administrators can easily detect configuration mismatches or other issues in their environment and take action” that can block software updates.

Windows Autopatch now also lists the devices that fail Microsoft’s readiness checklist to be managed under the service. These devices are now listed under the new “tab” called “Unregistered” in the Microsoft Endpoint Manager Admin Center portal. Devices must pass about eight checks, including a check for the use of “Windows Update policy conflicts.”

Organizations with devices that fail Microsoft’s readiness checks can “get specific fix steps directly in the Devices blade” from that portal, the announcement said. Microsoft has also added a “Windows Quality Updates” reporting capability to the Microsoft Endpoint Manager Admin Center portal.

Another new improvement Microsoft has made to Windows Autopatch is the way IT departments can access it. Microsoft streamlined the process with “a 50% reduction in requirements”. It also added “new core service permissions, based on a least access approach and a service scope limit.”

The less cumbersome access to Windows Autopatch happened after Microsoft switched its “Modern Workplace Management” app to a “certificate-based authentication” approach, the announcement explained. The Modern Workplace Management app is described as “a service principal created by Windows Autopatch”. It is used to specify groups with different device configurations, according to this Microsoft document description.

Microsoft’s announcement also suggested it fixed issues for Windows Autopatch users who also tried to use Microsoft’s Conditional Access.


Leave a Comment