Windows Autopatch vs. MECM or WSUS Windows Update for Business for deploying Update & patches?

Question

Windows Autopatch vs. MECM or WSUS Windows Update for Business for deploying Update & patches?

EnterpriseArchitect 6,021

Hi All,

What are the differences between Windows Autopatch vs. MECM or WSUS for deploying Updates & patches?

My goal here is to be able to deploy Windows updates & patches globally without the need to establish a VPN connection to the Head Office for all 8000 users spread across different continents.

From this page, I can see that I am licensed for Intune https://endpoint.microsoft.com/#view/Microsoft_Intune_DeviceSettings/TenantAdminMenu/~/tenantStatus however, the Windows auto patch https://endpoint.microsoft.com/#view/Microsoft_Intune_DeviceSettings/TenantAdminMenu/~/windowsAutopatchTenantEnrollment may require additional licensing for agentless deployment or with Intune agent.

Any help would be greatly appreciated.

2 answers

Your answer

Answer 1

Jason Sandys 31,406 Microsoft Employee Moderator

This is not really a valid question. Autopatch is a managed service offering that leverages Windows Update for Business (and a couple of other mechanisms).

If your goal is to enable updates for remote devices, this can easily be achieved using ConfigMgr by adding a CMG. You can also enable co-management and move the Windows Updates workload to Intune to leverage Windows Update for Business yourself.

The advantage of Autopatch is not in the mechanism used, i.e. Windows Update for Business, but in the fact that it is a service managed by us (Microsoft) to deploy updates and uses telemetry and machine learning to increase success and satisfaction.

As for your licensing question, there are a lot of "depends" answers so it's best to decide your strategy and then discuss licensing with a licensing expert.

EnterpriseArchitect 6,021 Reputation points

2022-11-23T03:49:50.797+00:00

Hi @Jason Sandys , My company is willing to invest in Intune only, not the SCCM, as it is pretty complex legacy software.

So in my case here, to perform Autopatch & Windows Update through the cloud to each device without VPN connectivity to the DataCenter, I must use a combination of Windows Update for Business + Autopatch is the product combination I must be using, instead of Intune.
Jason Sandys 31,406 Reputation points Microsoft Employee Moderator

2022-11-28T17:30:40.507+00:00

to perform Autopatch

As called out, this is not valid. you don't "perform" Autopatch; it's a "White Glove" service that we provide that manages the update process for you. Also as called out, Autopatch uses Windows Update for Business and a couple of other mechanisms to provide this service for our customers. Thus, saying/writing "combination of Windows Update for Business + Autopatch" is redundant as you can't have Autopatch without Windows Update for Business. Autopatch leverages Intune to configure Windows Update for Business policies.

The prerequisites for Autopatch are fully detailed at https://learn.microsoft.com/en-us/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites

To deploy updates to remote devices without VPN, you don't need Autopatch though. Autopatch is simply our offering to manage the update process for your organization. It's a great service as it takes this burden and associated overhead away from you, but if your goal is simply to deploy updates, then you can do this yourself using Windows Update for Business.

Answer 2

Ranjithkumar Duraisamy 226

May I know how are you thinking of patching servers without ConfigMgr?

Share via

Windows Autopatch vs. MECM or WSUS Windows Update for Business for deploying Update & patches?

2 answers

Your answer