Frequently Asked Questions about Windows Autopatch

This article answers frequently asked questions about Windows Autopatch.

General

What Windows versions are supported?

Windows Autopatch works with all supported versions of Windows 10 and Windows 11 Enterprise and Professional editions.

What is the difference between Windows Update for Business and Windows Autopatch?

Windows Autopatch is a service that removes the need for organizations to plan and operate the update process. Windows Autopatch moves the burden from your IT to Microsoft. Windows Autopatch uses Windows Update for Business and other service components to update devices. Both are part of Windows Enterprise E3.

Is Windows 365 for Enterprise supported with Windows Autopatch?

Windows Autopatch supports Windows 365 for Enterprise. Windows 365 for Business isn't supported.

Does Windows Autopatch support Windows Education (A3/A5) or Windows Front Line Worker (F3) licensing?

Autopatch isn't available for 'A' or 'F' series licensing.

Will Windows Autopatch support local domain join Windows 10?

Windows Autopatch doesn't support local (on-premise) domain join. Windows Autopatch supports Hybrid AD join or pure Azure AD join.

Will Windows Autopatch be available for state and local government customers?

Windows Autopatch is available for all Windows E3 customers using Azure commercial cloud. However, Autopatch isn't currently supported for government cloud (GCC) customers.

What if I enrolled into Windows Autopatch using the promo code? Will I still have access to the service?

Yes. For those who used the promo code to access Windows Autopatch during public preview, you'll continue to have access to Windows Autopatch even when the promo code expires. There is no additional action you have to take to continue using Windows Autopatch.

Requirements

What are the prerequisites for Windows Autopatch?

What are the licensing requirements for Windows Autopatch?

  • Windows Autopatch is included with Window 10/11 Enterprise E3 or higher (user-based only). For more information, see More about licenses.
  • Azure AD Premium (for Co-management)
  • Microsoft Intune (includes Configuration Manager 2010 or greater via co-management)

Are there hardware requirements for Windows Autopatch?

No, Windows Autopatch doesn't require any specific hardware. However, general hardware requirements for updates are still applicable. For example, to deliver Windows 11 to your Autopatch devices they must meet specific hardware requirements. Windows devices must be supported by your hardware OEM.

Device registration

Can Autopatch customers individually approve or deny devices?

No you can't individually approve or deny devices. Once a device is registered with Windows Autopatch, updates are rolled out to the devices according to its ring assignment. Individual device level control isn't supported.

Does Autopatch on Windows 365 Cloud PCs have any feature difference from a physical device?

No, Windows 365 Enterprise Cloud PC's support all features of Windows Autopatch. For more information, see Virtual devices.

Do my Cloud PCs appear any differently in the Windows Autopatch admin center?

Cloud PC displays the model as the license type you have provisioned. For more information, see Windows Autopatch on Windows 365 Enterprise Workloads.

Can I run Autopatch on my Windows 365 Business Workloads?

No. Autopatch is only available on enterprise workloads. For more information, see Windows Autopatch on Windows 365 Enterprise Workloads.

Update Management

What systems does Windows Autopatch update?

  • Windows 10/11 quality updates: Windows Autopatch manages all aspects of update rings.
  • Windows 10/11 feature updates: Windows Autopatch manages all aspects of update rings.
  • Microsoft 365 Apps for enterprise updates: All devices registered for Windows Autopatch will receive updates from the Monthly Enterprise Channel.
  • Microsoft Edge: Windows Autopatch configures eligible devices to benefit from Microsoft Edge's progressive rollouts on the Stable channel and will provide support for issues with Microsoft Edge updates.
  • Microsoft Teams: Windows Autopatch allows eligible devices to benefit from the standard automatic update channels and will provide support for issues with Teams updates.

What does Windows Autopatch do to ensure updates are done successfully?

For Windows quality updates, updates are applied to devices in the Test ring first. The devices are evaluated, and then rolled out to the First, Fast then Broad rings. There's an evaluation period at each progression. This process is dependent on customer testing and verification of all updates during these rollout stages. The outcome is to ensure that registered devices are always up to date and disruption to business operations is minimized to free up your IT department from that ongoing task.

What happens if there's an issue with an update?

Autopatch relies on the following capabilities to help resolve update issues:

  • Pausing and resuming: If Windows Autopatch detects an issue with a Windows quality release, we may decide that it's necessary to pause that release. Once the issue is resolved, the release will be resumed. For more information, see Pausing and resuming a Windows quality release.
  • Rollback: If Windows Autopatch detects issues between versions of Microsoft 365 Apps for enterprise, we might force all devices to roll back to the previous version. For more information, see Update controls for Microsoft 365 Apps for enterprise.

Will Windows quality updates be released more quickly after vulnerabilities are identified, or what is the regular cadence of updates?

For zero-day threats, Autopatch will have an expedited release cadence. For normal updates Autopatch uses a regular release cadence starting with devices in the Test ring and completing with general rollout to the Broad ring.

Can customers configure when to move to the next ring or is it controlled by Windows Autopatch?

The decision of when to move to the next ring is handled by Windows Autopatch; it isn't customer configurable.

Can you customize the scheduling of an update rollout to only install on certain days and times?

No, you can't customize update scheduling. However, you can specify active hours to prevent users from updating during business hours.

Does Autopatch support include and exclude groups, or dynamic groups to define deployment ring membership?

Windows Autopatch doesn't support managing update deployment ring membership using your Azure AD groups. For more information, see Moving devices in between deployment rings.

Does Autopatch have two release cadences per update or are there two release cadences per-ring?

The release cadences are defined based on the update type. For example, a regular cadence (for a Windows quality update would be a gradual rollout from the Test ring to the Broad ring over 14 days whereas an expedited release would roll out more rapidly.

Support

What support is available for customers who need help with onboarding to Windows Autopatch?

The FastTrack Center is the primary mode of support for customers who need assistance from Microsoft to meet the pre-requisites (such as Intune and Azure or Hybrid AD) for onboarding to Windows Autopatch. For more information, see Microsoft FastTrack for Windows Autopatch. When you've onboarded with Windows Autopatch, you can submit a support request with the Windows Autopatch Service Engineering Team.

Other

Are there Autopatch specific APIs or PowerShell scripts available?

Programmatic access to Autopatch isn't currently available.

Additional Content

Provide feedback or start a discussion in our Windows Autopatch Tech Community