Getting started with Windows Autopatch has been designed to be easy. This article outlines the infrastructure requirements you must meet to assure success with Windows Autopatch.
For those who used the promo code to access Windows Autopatch during public preview, you'll continue to have access to Windows Autopatch even when the promo code expires. There is no additional action you have to take to continue using Windows Autopatch.
|Licensing||Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher) to be assigned to your users. Additionally, Azure Active Directory Premium and Microsoft Intune are required. For details about the specific service plans, see more about licenses.
For more information on available licenses, see Microsoft 365 licensing.
For more information about licensing terms and conditions for products and services purchased through Microsoft Commercial Volume Licensing Programs, see the Product Terms site.
|Connectivity||All Windows Autopatch devices require connectivity to multiple Microsoft service endpoints from the corporate network.
For the full list of required IPs and URLs, see Configure your network.
|Azure Active Directory||Azure Active Directory must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Azure Active Directory Connect to enable Hybrid Azure Active Directory join.
|Device management||Windows Autopatch devices must be managed by Microsoft Intune. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.
At a minimum, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see co-management requirements for Windows Autopatch.
Other device management prerequisites include:
See Register your devices for more details on device prerequisites and on how the device registration process works.
For more information on co-management, see co-management for Windows devices.
|Data and privacy||For more information on Windows Autopatch privacy practices, see Windows Autopatch Privacy.|
More about licenses
Windows Autopatch is included with Window 10/11 Enterprise E3 or higher (user-based only). The following are the service plan SKUs that are eligible for Windows Autopatch:
|Microsoft 365 E3||SPE_E3||05e9a617-0261-4cee-bb44-138d3ef5d965|
|Microsoft 365 E5||SPE_E5||06ebc4ee-1bb5-47dd-8120-11324bc54e06|
|Windows 10/11 Enterprise E3||WIN10_VDA_E3||6a0f6da5-0b87-4190-a6ae-9bb5a2b9546a|
|Windows 10/11 Enterprise E5||WIN10_VDA_E5||488ba24a-39a9-4473-8ee5-19291e71b002|
|Windows 10/11 Enterprise VDA||E3_VDA_only||d13ef257-988a-46f3-8fce-f47484dd4550|
The following Windows OS 10 editions, 1809 builds and architecture are supported in Windows Autopatch:
- Windows 10 (1809+)/11 Pro
- Windows 10 (1809+)/11 Enterprise
- Windows 10 (1809+)/11 Pro for Workstations
Configuration Manager co-management requirements
Windows Autopatch fully supports co-management. The following co-management requirements apply:
- Use a currently supported Configuration Manager version.
- ConfigMgr must be cloud-attached with Intune (co-management) and must have the following co-management workloads enabled:
For more information, see paths to co-management.
Submit and view feedback for