But
But you can already automate updates.. how is this different?
Microsoft's promised service to enable automatic, continuous patching of Windows has gone live. The software giant on Monday announced Windows Autopatch is up and running. One key thing about it is that fixes are pushed out gradually rather than once a month in a bundle. Not all of you can put your feet up, today or for the …
Indeed. From looking at the documentation it appears to be no real improvement over using update rings in Intune (which also work with Windows Pro so don't require Enterprise licences).
The selling point seems to be that with this 'new' service they can detect issues as they arise and pause rollouts, but given Microsoft's track record with updates I am extremely sceptical that this will actually work effectively...
But, but, but .... there's three links in this chain.
1 - Bad patches from the source. Eg, insufficiently tested patches issued by Microsoft.
2 - Local Server that, with certain configurations, has TB of disk space caching patches and a DB that does not normally perform in any way optimally. (This is what MS are providing here). I wonder how this assists with the telemetry, i mean spying, I mean enhanced marketing experience? As bad as this is, it normally at least works.
3 - A WSUS client that falls over at the drop of a hat. That MS even had to write a support service to try and fix it.
Fix 1 and 3, THEN have a look at 2, please Microsoft.
As with your existing enterprise configuration, ring zero is 'test'. MS first pushes out the patches only to your 'test' fleet. You don't put your feet up: you watch your 'test' PC to see that all is well.
The difference here is that MS is also logging your 'test' ring, and will automagically stop the rollout if they see that you have problems.
After ring 0 comes ring 1 (limited rollout) and ring 2 (wide rollout) and ring 3 (holdoff)
For a moment I thought that AutoPatch would also patch other Apps - no such joy, basically it's windows update with a cloudy management layer isn't it?
If only ALL Apps were in the App Store, then they'd benefit from Auto Updates (Apple/Google style) - we've looked at patch management tools and they fail for large numbers of commercial applications I assume due to close source/licencing requirements - they can't patch something they don't buy?
It looks it is designed to get more users into the guinea pigs cage. Probably more and more users were waiting for *others* testing the patches for issues, so MS designed a system to apply patches to more systems and watch what happens, hoping some admins laziness might be on its side.
How long till this falls down the first time?
I give it three months, because I'm feeling generous. For the exacta I will call that a bad SSU chokes the patching train and of course disables local rollback of the failed patch in the process, but it reports telemetry showing exactly how it broke things, but to extra saucy, it breaks on the SECOND patching run, due to a permission error when it tries to write to the local copy of the telemetry file it itself created the previous month, so the SSU patch will seem to have succeeded, get deployed extensively, and be impossible to remotely roll back.
Payment accepted or given via beers or dogecoin.
Before Microsoft decided to release even important updates only once a month, we had single patches that were issued as soon as they were ready. So nothing new there.
And since Windows 10 we have automatic updates forced on us whether we like it or not. So nothing new there either.
Apart from 'cloud' and 'catching issues while they happen' (yeah, sure), am I missing something?
Given how things sometimes go with Microsoft patches, I think I'd rather be in control of when patches are distributed, thanks. I can just imagine logging into work one day to find half the clients are BSODing and spending time trying to figure out what caused it. At least if I press the GO button on patches and that happens then the first place to look are windows unpdates. I also get the option of deplying to a few machines first to see how things go.