Let’s check how you can Customize Windows Update Autopatch Settings for automatic patch management. You can customize the Windows Update deployment schedule for each deployment ring per your business and organizational needs.
Windows Autopatch is a cloud service that updates Windows, Microsoft 365 Apps for Enterprise, Microsoft Edge, and Microsoft Teams automatically to make your organization safer and more productive.
The Customize Windows Update settings feature is in the public preview. When the deployment cadence is customized, Windows Autopatch will override our service defaults with your preferred deployment cadence.
Once you have enrolled devices into Autopatch, the service does most of the work. But through the Autopatch blade in Intune Portal, you can fine-tune ring membership, access the service health dashboard, generate reports, and file support requests.
When the deployment cadence is customized, Windows Autopatch will override our service defaults with your preferred deployment cadence. In addition to the cadence type, you can also manage the end-user notification settings. End users will receive all update notifications by default.
- Windows Autopatch Implementation Setup Guide
- Intune Design Decisions Free Training | Version 1 Starter Kit | Basic
Video Tutorial on Windows Autopatch Decoded
Let’s have a deep dive video Tutorial on Windows Autopatch Decoded to get more details. In this video, let’s discuss about Windows Autopatch Decoded | Azure AD Groups – Configuration Policies created and managed by Service.
Customize Windows Update Autopatch Settings for Automatic Patch
To customize the Windows Update deployment cadence, You need to follow the steps below in Intune Portal. It is recommended to use the Windows Autopatch service default. However, you may have devices that need different schedules for update deployment you might find it useful.
- Sign in to the Microsoft Intune Admin Center https://intune.microsoft.com/.
- Navigate to Devices > Windows Autopatch > Release management > Release settings select Customize Windows Update cadence (preview).
In Windows update settings, you will get a list of the existing settings for each of the rings in the tenant. Each of the update rings has a different purpose and is assigned a set of policies to control the rollout of updates in each management area.
- Test: Select this group for devices used for testing purposes only.
- First: It is best for early adopters to receive and validate changes.
- Fast: Best for assessing quality issues prior to broad deployment.
- Broad: Use for business-critical devices.
Select the horizontal ellipses (…) across each ring to manage the deployment cadence or notification settings. Select Manage deployment cadence to customize Windows Update settings or Select Manage notifications for managing end-user notifications for the update deployment.
Select Manage deployment cadence to customize Windows Update settings. For each tenant, at the deployment ring level, there are two cadence types to configure and manage your Windows Update deployments for all the devices in those deployment rings:
- Deadline-driven – With the deadline-drive cadence type, you can control and customize the deferral, deadline, and grace period to meet your specific business needs and organizational requirements.
- Scheduled install – The Scheduled install cadence type will prevent forced restarts and interruptions to critical business activities for end users, thereby minimizing disruptions.
Once you select Deadline-driven configure the deferral, deadline, and grace periods. This option will enforce forced restarts based on the selected deadline and grace period. In the event you want to switch back to the service recommended defaults, for each of the settings, select the option tagged as “default”.
|Deferrals and deadlines||Windows Autopatch will enforce that deadline plus deferral days for a deployment ring to be less than or equal to 14 days.|
|Grace period||The permitted customization range is zero to seven days.|
Select Scheduled install to opt-out of the deadline-based forced restart. Select either Active hours or Schedule install and restart time. Select Save.
Select Manage notifications. A fly-in pane opens. Select one of the following Windows Update restart notifications for your devices that are part of the selected deployment ring. For each tenant, at the deployment ring level, there are four options for you to configure end-user update notification settings:
- Not configured
- Use the default Windows Update notifications
- Turn off all notifications excluding restart warnings
- Turn off all notifications including restart warnings
By default, Windows Autopatch recommends that you enable all notifications. Select Save once you select the preferred setting.
You can follow the same steps to customize each of the rings. Once done, select Next. In Review + apply, you will be able to review the selected settings for each of the rings.
Select Apply to apply the changes to the ring policy. Once the settings are applied, the saved changes can be verified in the Release schedule tab. The Windows quality update schedule on the Release schedule tab will be updated as per the customized settings.
Video Guide Automatic Patch Management for Windows 365 Cloud PC
Let’s understand the options for Automatic Patch Management for Windows 365 Cloud PC without any additional cost in this Video Guide.
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.