Microsoft has launched a new Windows Autopatch tool, designed to take some of the sting out of “patch Tuesday” by automating the process of installing security and maintenance updates for enterprise customers. It will be widely available from next month but launched in preview today.
Windows Autopatch was first revealed by Microsoft in April this year as a new feature for enterprise users, and this new public preview, available to those customers enrolled in the company’s Insider programme, comes a month ahead of the formal public release in July.
When enabled, Autopatch will automatically manage new Windows 10 and 11 updates, including drivers, firmware, app and security patches with minimal configuration, and is available as a free add-on for Windows 10/11 Enterprise E3 customers.
Microsoft says Autopatch will help to “close the security gap” by keeping software current and reducing the risk of vulnerabilities threatening devices within a network, and to “optimise IT admin resources” by providing more time for admins.
“Windows Autopatch is scoped to make it easy to enrol and minimises the time investment from your IT Admins to get started,” the firm explained in a blog post, that also said it would “minimise end-user disruption by releasing in sequential update rings, and responding to reliability and compatibility signals, user disruptions due to updates are minimised.”
Does Windows Autopatch spell the end for patch Tuesday?
Currently, system administrators have to implement Windows updates themselves. Microsoft releases these updates in bulk once a month during “patch Tuesday”, which was introduced by the company in October 2003 to try and make the deployment of patches to fix security vulnerabilities and software bugs easier.
Now it is an institution among IT vendors, with many others, including Adobe and Oracle, also releasing updates at the same time. It has proved controversial with some due to the impact on bandwidth and the time it takes to deploy a swathe of updates at once.
In April, when Autopatch was first revealed, Microsoft’s senior product marketing manager, Lior Bela, wrote: “This service will keep Windows and Office software on enrolled endpoints up-to-date automatically, at no additional cost,” adding that “IT admins can gain time and resources to drive value. The second Tuesday of every month will be ‘Just another Tuesday'”.
Though updating can be time-consuming, Paul Brucciani, cybersecurity advisor at WithSecure told Tech Monitor it would “take a brave admin to take their hands off the corporate software juggernaut and let Microsoft steer instead.”
Jake Moore, global cybersecurity adviser at ESET, says: “Automation is the most efficient way of working, however, there is still an element of human overview as no one should become complacent or fully rely on these automated updates.
“Microsoft clearly listened to companies desperate to automate some areas of the businesses and when configured correctly this is a very effective way of not missing any available patches which maximises the time of a protected workflow.”
Will Windows Autopatch be widely adopted?
Brucciani says he “can see why Microsoft wants to do this”, as “it reduces the friction of keeping Microsoft software safe from known threats and will improve security”. However, he believes it may take some effort to encourage wide-scale adoption, especially in larger network environments.
“Microsoft cannot know the vagaries of every business, which are the critical applications, who are the critical users, or when is the least risky or disruptive time to update their software,” he says. “Microsoft Autopatch would be better suited to small and medium-sized businesses.”
The initial release isn’t available for users of Microsoft’s Azure education and government industry clouds, but is available for those with Enterprise E3 and above, Azure AD Premium or Microsoft Intune accounts.
Autopatch also does not cover third-party applications for Windows, meaning there is likely to still be plenty of updating to keep system administrators busy.