Best current practices: re-implementing Windows Autopatch

Question

Hi!

I am trying to implement Windows Autopatch in my tenant.

I think I am getting to have a bit of understanding going through the documentation, but it remains blurry in the way to properly do it.

If I understand well, I have two options for feature updates, one for quality updates for a long-term set up.

For feature updates: Update rings, and Feature updates

For quality updates: Update rings

In the long term, it looks like Update rings are better, since Feature updates looks like pushing a specific update for each feature update created.

So I would like to configure Update rings. However, here are my issues:

• In my tenant, both options are set up.
• Some rings are already created, and related to groups in Entra ID "Windows Autopatch Test, Ring1, Ring2, Ring3, Last". Some of those groups are empty.
• Some feature updates are already created, and related to groups in Entra ID "Modern Workplace Devices-Windows Autopatch-Test, First, Fast, Broad". Some of those groups are empty.

In short, I need help to clean this and to understand how to distribute my updates properly.

I am thinking of deleting everything set up in Feature update, and sending the security updates (quality updates) from the Update rings. Would that be a good thing?

And then, how do I go about distributing the devices between the different "Windows autopatch" groups in EntraID? I think I know which devices I want in the Test, Ring1 and Last groups, but how do I distribute all the other devices in the rest of the groups with hopefully percentages?

Sorry for the very broad question, but I really need the help.
I'll be looking forward for any answer, thank you in advance!

Answer 1

To properly configure Windows Autopatch in your tenant, it is essential to have a clear understanding of the different options available and how they work together.

For feature updates, you have two options: Update rings and Feature updates. Update rings allow you to control the deployment of feature updates, while Feature updates refer to the specific updates themselves.

Based on your description, it seems that you are inclined towards using Update rings for feature updates, which is a good choice for long-term setup. This approach allows you to create different rings and assign devices to each ring for more controlled and gradual deployment of updates.

To address your concerns and clean up the existing setup, you can start by deleting the feature update groups that are no longer required. It's important to note that deleting the feature updates will not delete the associated groups; it will only remove the specific update settings.

Once you have cleaned up the feature updates, you can focus on distributing the quality updates (security updates) using the Update rings. This involves assigning devices to different rings based on your requirements.

To distribute devices among the different "Windows Autopatch" groups in EntraID, consider the following steps:

1. Identify the devices you want to include in the "Test," "Ring1," and "Last" groups. These are the groups you mentioned you have already decided on.
2. Determine the percentage allocation for devices in the remaining groups (e.g., "Ring2," "Ring3," etc.). This allocation should be based on your specific needs and considerations, such as the number of devices in each group and their importance.
3. Once you have determined the percentage allocation for each group, you can distribute the devices accordingly. This distribution can be done manually or by using management tools or scripts provided by the Windows Autopatch system.

It's important to note that the exact steps to distribute devices may vary depending on the specific tools and systems you are using. It's advisable to consult the documentation or support resources provided by the Windows Autopatch system for detailed instructions on device distribution.

Overall, by focusing on using Update rings for feature updates and distributing devices among the different Windows Autopatch groups, you can effectively manage and deploy updates in your tenant.