Microsoft intends to replace Patch Tuesday with a new Windows Autopatch managed service, which is due to be launched in July 2022. The new automated patching service aims to speed up the patching of known vulnerabilities and reduce the cost of patch management and will turn Patch Tuesday into “just another Tuesday.”
Microsoft will be making the Windows Autopatch managed service available free of charge to Windows 10 and 11 users with the Enterprise E3 licenses or above. Under the new service, Windows and Microsoft Office software will be automatically updated on all endpoints when patches are made available. The service will manage all aspects of patch deployment groups for Windows 10 and Windows 11 quality and feature updates, drivers, firmware, and Microsoft 365 Apps for enterprise updates. IT teams will no longer need to roll out patches for Windows and Office, as the patching will be managed by Microsoft.
According to Microsoft, Windows Autopatch will consist of four deployment rings. Initially, the patches will be applied to a test ring, which will include a minimal number of devices to ensure that the patches do not cause any problems. Then the patches will be applied to a second ring, which will consist of around 1% of the organization’s devices, followed by the third ring of around 9% of devices, before the final ring that includes the remaining 90% of an organization’s devices. Throughout that process, Autopatch will monitor device performance against metrics recorded pre-deployment.
Microsoft will automate the progression from one ring to the next, and will also maintain a representative sample of devices within each deployment ring, although IT teams will have the option of manually making changes to the devices that are included in each deployment ring. There will also be the option of halting the progression of patching from one ring to the next, and there will also be the option of rolling back the patching.
The number of patches now being released often means IT teams struggle to apply patches to fix known vulnerabilities in a timely fashion, which provides a window of opportunity for hackers to take advantage. The move to automated patching should significantly reduce the burden on IT teams and will ensure that the window for exploiting vulnerabilities will be considerably reduced. Automation should also help to reduce the potential for human error, such as missing a patch and leaving a device vulnerable.
In theory, this new approach should improve security; however, patches often cause issues, and it may be too risky to have automated patching on mission-critical systems and IT teams may not yet be willing to hand over patching to Microsoft. There have been many instances over the past few years where patches have been released by Microsoft that do not work as intended and have caused issues with certain systems.