Microsoft previews Autopatch, delays Exchange upgrade

Microsoft last week announced that a preview release of its new Windows Autopatch service is now available for enterprises.

This enterprise service was first revealed in April, when Microsoft said that it would be accessible to all customers with a Windows 10/11 Enterprise E3 licence or above. Patching for Microsoft 365 E3/E5 tenancies will also be performed as part of Autopatch feature, the company said.

Microsoft is expected to announce the general availability of Windows Autopatch feature next month.

The primary aim of the Windows Autopatch is to relieve IT administrators of the load of monthly updates by transferring it to Microsoft.

“The takeaway if you’re an IT admin? You can continue using the tools and processes you’re accustomed to for managing and deploying updates—or you can take a hands-off approach and let Windows Autopatch do it for you,” said Lior Bela, a senior product marketing manager at Microsoft.

“Changing the way things get done, even when that change makes things easier, gives pause to most people who run large IT organisations.”

By participating in the public preview, IT admin may familiarise themselves with the new service before it is rolled out across their organisation.

Admins must take the following steps to enrol a tenant in the Windows Autopatch public preview:

  • Log in to Endpoint Manager as a Global Administrator and go to the Tenant Administration menu to locate the Windows Autopatch blade. In the absence of proper licences, admins won’t see ‘Windows Autopatch.’
  • To redeem your public preview code, use an InPrivate or Incognito browser window.
  • Complete the readiness assessment, provide your admin contact information, and add devices.

According to Microsoft, the managed service will begin by deploying upgrades to a limited number of devices before expanding its reach to other machines.

Updates will be applied across four deployment rings in a corporate network.

To get things started, a small set of “test” ring will be employed, before moving on to the “first” ring, which is somewhat bigger and contains 1% of all devices under administration.

According to Microsoft, the “fast” ring contains around 9% of all endpoints, while the “wide” ring contains the remaining devices.

Autopatch also has features like Halt and Rollback, which prohibit changes from being sent to higher rings or rolled back automatically, respectively.

However, Autopatch will not cover all of a company’s patching requirements, according to Microsoft.

The Microsoft Edge browser and Microsoft Teams collaboration service, for example, have their own patching procedures and are not included in the Autopatch service.

Moreover, Microsoft has no intentions to make Autopatch accessible to government customers, and it isn’t available to academic (A3/A5) customers either.

There are no plans to support Windows 365 for Business and Windows Server with Autopatch.

Microsoft formerly said that Autopatch had no particular hardware requirements, although all devices must have processors that are still supported by their respective chipmakers.

As per the announcement, “bring-your-own-device (BYOD) scenarios are not currently supported” by Autopatch.

A compatible and up-to-date version of Windows 10 or 11 must be installed on all corporate-owned devices in addition to a valid Enterprise E3 licence.

Devices are required to be managed using either Microsoft Intune or Configuration co-management, and users accounts must be managed by Azure Active Directory or Hybrid Azure Active Directory Join, according to Microsoft.

New Exchange Server release delayed until 2025

In September 2020, Microsoft said the next version of Exchange Server would be available in the second half of 2021, however it has now put back the planned release after state-sponsored hackers successfully targeted Exchange instances in tens of thousands or businesses worldwide.

On-premises Exchange server bugs become a major issue of concern for Microsoft in 2021. Redmond attributed the attacks to  state-sponsored threat actor Hafnium, a highly sophisticated group thought to be based in China.

The company issued a series of patches for the on-premises email server in 2021, and says it will continue to offer extended support to the 2016 and 2019 versions until October 2025, and Exchange 2013 until April 2023, but says the planned new version will now be delayed until 2025.

“We have moved the release date for the next version of Exchange Server to the second half of 2025,” Microsoft said in a roadmap update.

“The next version will require Server and CAL licences and will be accessible only to customers with Software Assurance, similar to the SharePoint Server and Project Server Subscription Editions.”




Leave a Reply

Your email address will not be published.

Back to top