Autopatch, Microsoft’s Cloud-based update service for Windows, has just received its April 2025 update – introducing official support for Microsoft Business Premium licenses.
We break down what Autopatch is, what it does, and why this new update is excellent news for users of both Microsoft Business Premium and inforcer.
What is Windows Autopatch?
Introduced in 2022, Autopatch is Microsoft’s Cloud-based, automated update service for Windows, Microsoft Edge, Microsoft Teams and Microsoft 365 Enterprise Apps. By automating patch testing, deployment schedules, device updates and live conflict monitoring, Autopatch helps IT administrators to significantly streamline their update management.
Crucially, Autopatch doesn’t take authority away from the end user or administrator; managers can still control which devices are enrolled, schedule their own update cadence, and determine their own best practice deployment settings. Essentially: you schedule, Microsoft deploys.
The service – which is offered at no extra cost for Enterprise E3 subscribers – now officially supports Microsoft Business Premium with the arrival of the April update.
Autopatch benefits
That Microsoft has seen fit to bring this premium service to a comparatively mid-range license is commendable - and the key features of this April update suggest they’re committed to helping businesses standardize their protections.
- Hotpatching. While this has been a key feature of Windows Server since 2022, Autopatch’s April update brings Hotpatching client side. Now, users can expect far more security updates without the need for timely system restarts. This alone is a huge productivity boost for end-users.
- A Least Privileged Access model. With Autopatch, Intune now only runs updates that match the permissions of the current signed-in user. Previously, Intune would run at the highest system level – which didn’t always align with users’ zero trust policies.
- Support for all Intune-managed Windows devices, with much faster latency for security reports. Microsoft anticipates a drastic decrease - from 12-14 hours to less than 4 – with the April update.
- Smarter Autopatch group management, which allows administrators to target updates to different departments or groups, each with bespoke update policies.
You can explore these features in greater detail on Microsoft’s IT Pro Blog.
A quick-start guide to Autopatch
A detailed guide on Autopatch, including licensing, infrastructure, and permission requirements, can be found in this Windows Learn article.
In the meantime, some of your key infrastructure requirements include:
- Corporate-owned devices only - BYOD devices are blocked
- Devices must have been in communication with Microsoft Intune in the last 28 days
- Serial Numbers, Models, and Manufacturers of any physical and virtual devices must be specified in Intune
- Network configuration must allow connectivity to Microsoft services
- Microsoft Entra ID must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Microsoft Entra Connect
Scaling Autopatch for inforcer
inforcer is already optimized for Business Premium - so combined with Autopatch, our users can now take advantage of a powerful policy management combination, including:
Wider coverage
inforcer already supports Microsoft update rings, which are used for the phased deployment of Autopatch updates. Now, administrators can standardize deployment schedules and, with inforcer, deploy them to more of their customers than ever before.
Improved security posture
Autopatch’s Least Privileged Access model is consistent with inforcer’s own best practice security policies, so your Microsoft updates are delivered with the high security standards you expect.
Reduced configuration drift
With inforcer managing your policies, and Microsoft managing your update schedule, you have a rigid set of security standards and a regular cadence of updates – making it easier than ever to track the when and why of any policy drifts.
With inforcer, Microsoft partners have effective multi-tenant policy management, helping them to deliver security, productization, and continuity across their customer base. To find out more, book a demo below.
