Early this month, Microsoft announced Windows Autopatch, a new methodology for distributing Windows 10/11 patches at any time, not just on Patch Tuesday. This has caused some in the internet pundit-sphere to breathlessly claim that Patch Tuesday is dead.
Rumors of the death of Patch Tuesday are premature…
Windows Autopatch will be available in July, so let’s look at the facts as we know them:
- The optional service is only for Windows 10/11 and Office 365 software. No server OS’s, thrid-party apps or .Net framework components.
- It requires an E3 license or better.
- Devices are required to be managed by Intune or under co-management with Intune and SCCM.
- Azure AD is also required.
- It employs an interesting algorithm where patches can be phased into 1% of devices, then 10%, then 90%.
The advantage of this new method is that overstretched IT organizations could get critical patches out to remote workers sooner with less effort. While this may progress the security posture of some organizations, it’s uncertain if most enterprise customers will adopt this capability, as they generally do not roll out patches without testing cycles or timing controls and are averse to causing end users to endure multiple reboots (often the case with Microsoft patches). Many organizations schedule patches in line with strict maintenance windows, meaning consuming patches as they’re released simply wouldn’t work.
Microsoft introduced Patch Tuesday in October 2003 for a reason: to stop driving customers crazy with constant security updates, sometimes happening twice a day. Is this going back in time 20 years? Time will tell. In the meantime, HCL BigFix has long been used by enterprises to safely deploy patches in many ways:
- BigFix Patch policies can replicate the 1-10-90 algorithm while adding change control.
- BigFix can do it for all of your operating systems, not just Windows 10/11 and Office 365
- We also patch hundreds of third-party apps.
Our take: Patch Tuesday is not going away. Not for servers and not for enterprises who need to ensure endpoints remain productive and secure.
The HCL BigFix team will continue to stay abreast of the changes as they are announced by Microsoft as well as customer feedback on this new development. We expect that the power and flexibility of BigFix’s intelligent automation can leverage Windows Autopatch in new and productive ways. Only time will tell.
To learn more about BigFix, Contact us or your BigFix Technical Advisor.