Getting started with Windows Autopatch has been designed to be easy. This article outlines the infrastructure requirements you must meet to assure success with Windows Autopatch.


For those who used the promo code to access Windows Autopatch during public preview, you'll continue to have access to Windows Autopatch even when the promo code expires. There is no additional action you have to take to continue using Windows Autopatch.

Area Prerequisite details
Licensing Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher) to be assigned to your users. Additionally, Azure Active Directory Premium and Microsoft Intune are required. For details about the specific service plans, see more about licenses.

For more information on available licenses, see Microsoft 365 licensing.

For more information about licensing terms and conditions for products and services purchased through Microsoft Commercial Volume Licensing Programs, see the Product Terms site.

Connectivity All Windows Autopatch devices require connectivity to multiple Microsoft service endpoints from the corporate network.

For the full list of required IPs and URLs, see Configure your network.

Azure Active Directory Azure Active Directory must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Azure Active Directory Connect to enable Hybrid Azure Active Directory join.
Device management Windows Autopatch devices must be managed by Microsoft Intune. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.

At a minimum, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see co-management requirements for Windows Autopatch.

Other device management prerequisites include:

  • Devices must be corporate-owned. Windows bring-your-own-devices (BYOD) are blocked during device registration prerequisite checks.
  • Devices must be managed by either Intune or Configuration Manager co-management. Devices only managed by Configuration Manager aren't supported.
  • Devices must be in communication with Microsoft Intune in the last 28 days. Otherwise, the devices won't be registered with Autopatch.
  • Devices must be connected to the internet.
  • Devices must have a Serial number, Model and Manufacturer. Device emulators that don't generate this information fail to meet Intune or Cloud-attached prerequisite check.

See Register your devices for more details on device prerequisites and on how the device registration process works.

For more information on co-management, see co-management for Windows devices.

Data and privacy For more information on Windows Autopatch privacy practices, see Windows Autopatch Privacy.

More about licenses

Windows Autopatch is included with Window 10/11 Enterprise E3 or higher (user-based only). The following are the service plan SKUs that are eligible for Windows Autopatch:

License ID GUID number
Microsoft 365 E3 SPE_E3 05e9a617-0261-4cee-bb44-138d3ef5d965
Microsoft 365 E5 SPE_E5 06ebc4ee-1bb5-47dd-8120-11324bc54e06
Windows 10/11 Enterprise E3 WIN10_VDA_E3 6a0f6da5-0b87-4190-a6ae-9bb5a2b9546a
Windows 10/11 Enterprise E5 WIN10_VDA_E5 488ba24a-39a9-4473-8ee5-19291e71b002
Windows 10/11 Enterprise VDA E3_VDA_only d13ef257-988a-46f3-8fce-f47484dd4550

The following Windows OS 10 editions, 1809 builds and architecture are supported in Windows Autopatch:

  • Windows 10 (1809+)/11 Pro
  • Windows 10 (1809+)/11 Enterprise
  • Windows 10 (1809+)/11 Pro for Workstations

Configuration Manager co-management requirements

Windows Autopatch fully supports co-management. The following co-management requirements apply:

For more information, see paths to co-management.