How to Manage Windows Autopatch Groups from Intune

Let’s learn how you can manage Windows Autopatch groups from Microsoft Intune. With Windows Autopatch groups, organizations can efficiently manage updates according to their business needs without incurring additional costs or unexpected disruptions.

The Windows Autopatch groups feature is currently in public preview. As it is still under active development, you can test and utilize these capabilities in your environments and share your feedback with the Microsoft Product team.

Windows Autopatch generates device-based Azure AD assigned groups according to the deployment ring composition page selections. Furthermore, the service assigns update ring policies for every deployment ring established within the Autopatch group based on the preferences set in the Windows Update settings page, which are part of the Autopatch group’s guided end-user experience.

As organizations transition to a managed-service model, wherein Microsoft handles update processes on their behalf, they face difficulty ensuring that their organizational structures and deployment schedules are adequately represented.

Patch My PC

Windows Autopatch reporting is designed to allow visibility into update status and device health and offer insights into your estate. Check More details on Windows Autopatch Quality Updates Report In Intune MEM Portal.

Enable Windows Autopatch Groups Public Preview

The Windows Autopatch group experience is only applicable if you have chosen to opt-in and use Windows Autopatch groups. To opt-in to use Windows Autopatch groups.

Adaptiva

In the Microsoft Intune admin center and select Devices. Under Windows Autopatch, select Release Management, then select Autopatch groups (preview).

How to Manage Windows Autopatch Groups from Intune Fig.1
How to Manage Windows Autopatch Groups from Intune Fig.1

Review the Microsoft Privacy Statement and the Autopatch groups Public Preview Addendum. If you agree, select the I have reviewed and agree to the Autopatch groups Public Preview Addendum checkbox.

Next, select Use preview to test Windows Autopatch groups and its bundled feature set. If the Use Preview option is greyed out, ensure you meet all the Autopatch group prerequisites.

How to Manage Windows Autopatch Groups from Intune Fig.2
How to Manage Windows Autopatch Groups from Intune Fig.2

After enabling the Public Preview for Windows Autopatch Group, you can create an Autopatch group. When creating or editing an Autopatch group, software update policy assignments will be based on your choices and can be managed through Azure AD, Intune, and Windows Update for Business (WUfB). Specifically, Intune is responsible for assigning software update policies.

Windows Update for Business (WUfB) is accountable for several tasks, including delivering update policies, receiving update deployment statuses from devices, transmitting this status information to Microsoft Intune, and ultimately to the Windows Autopatch service.

How to Manage Windows Autopatch Groups from Intune Fig.3
How to Manage Windows Autopatch Groups from Intune Fig.3

Create Custom Autopatch Group

The next step is to Create an Autopatch group. The Default Autopatch group is recommended for organizations that can meet their business needs using the pre-configured five deployment ring composition.

Before beginning to manage Autopatch groups, please ensure that you have fulfilled the following prerequisites, Autopatch groups prerequisites.

Under Windows Autopatch, select Release Management, then select Autopatch groups (preview). In the  Autopatch groups blade, select Create.

How to Manage Windows Autopatch Groups from Intune Fig.4
How to Manage Windows Autopatch Groups from Intune Fig.4

On the Basics, enter a name and a description. Enter up to 64 characters for the Autopatch group name and 150 characters maximum for the description, then select Next: Deployment rings. The Autopatch group name is appended to both the update rings and the DSS policy names created once the Custom Autopatch group is created.

How to Manage Windows Autopatch Groups from Intune Fig.5
How to Manage Windows Autopatch Groups from Intune Fig.5

On the Deployment rings, select Add deployment ring to add the number of deployment rings to the Custom Autopatch group.

Each new deployment ring added must have either an Azure AD device group assigned to it, or an Azure AD group that is dynamically distributed across your deployments rings using defined percentages.

  • In the Dynamic groups area, select Add groups to select one or more existing device-based Azure AD groups for Dynamic group distribution.
  • In the Dynamic group distribution column, select the desired deployment ring checkbox. Then, either enter the percentage of devices that should be added from the Azure AD groups selected or select Apply default dynamic group distribution to use the default values.

In the Assigned group column, select Add group to ring to add an existing Azure AD group to any of the defined deployment rings. The Test and Last deployment rings only support Assigned group distribution. These deployment rings don’t support Dynamic distribution.

How to Manage Windows Autopatch Groups from Intune Fig.6
How to Manage Windows Autopatch Groups from Intune Fig.6

Select Next: Windows Update settings. Select the horizontal ellipses (…) > Manage deployment cadence to customize your gradual rollout of Windows quality and feature updates. Select Save.

Select the horizontal ellipses (…) > Manage notifications to customize the end-user experience when receiving Windows updates. Select Save.

How to Manage Windows Autopatch Groups from Intune Fig.7
How to Manage Windows Autopatch Groups from Intune Fig.7

Select Review + create to review all changes made. Once the review is done, select Create to save your custom Autopatch group.

How to Manage Windows Autopatch Groups from Intune Fig.8
How to Manage Windows Autopatch Groups from Intune Fig.8

Once all settings, and deployment rings are completed, A notification will appear automatically in the top right-hand corner with a message. You can see “Autopatch group created”.

How to Manage Windows Autopatch Groups from Intune Fig.9
How to Manage Windows Autopatch Groups from Intune Fig.9

Autopatch groups initiate device registration with the Windows Autopatch service when you create or modify a Custom Autopatch group. This registration can also occur when you modify the Default Autopatch group to use your pre-existing Azure AD groups instead of the default Windows Autopatch Device Registration group supplied by the service.

Author

About Author – JiteshMicrosoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.