ANAVEM
FR
IT administrator monitoring Windows Autopatch deployment dashboard on multiple screens
Microsoft 365

Microsoft makes Autopatch default for Windows security updates

Microsoft enabled Windows Autopatch by default for enterprise customers to automatically deploy security updates across managed devices.

Emanuel DE ALMEIDA 10 Mar 2026, 18:41 2 min read 0 views 0 Comments

Last updated 11 Mar 2026, 02:49

Key Takeaways

  • What: Windows Autopatch now enabled by default for enterprise customers
  • Who's affected: Organizations using Microsoft Intune and Configuration Manager
  • Availability: Rolling out March 10, 2026
  • Key change: Automatic security update deployment without manual intervention

Microsoft Enables Autopatch by Default for Windows Updates

Microsoft activated Windows Autopatch as the default setting for enterprise customers on March 10, 2026. The service automatically deploys security updates across managed Windows devices without requiring manual administrator intervention.

The change affects organizations using Microsoft Intune and System Center Configuration Manager to manage their Windows fleets. Help Net Security confirmed the rollout began Tuesday morning across Microsoft's enterprise management platforms.

Enterprise Customers See Automatic Update Management

Organizations with Windows 11 devices enrolled in Microsoft's device management services will see Autopatch enabled automatically. The service targets businesses running Windows 11 versions 23H2, 24H2, and 25H2 through Intune or Configuration Manager.

IT administrators can still override the default setting and maintain manual control over update deployment schedules. Microsoft designed the feature to reduce the administrative burden on enterprise IT teams while maintaining security compliance.

How Windows Autopatch Works for IT Teams

Autopatch creates deployment rings that gradually roll out security updates across an organization's devices. The service monitors update success rates and can pause deployments if issues arise during the rollout process.

Administrators can access Autopatch controls through the Microsoft Intune admin center or Configuration Manager console. The service provides detailed reporting on update status and device compliance across the managed fleet.

Frequently Asked Questions

What is Windows Autopatch and how does it work?
Windows Autopatch automatically deploys security updates across enterprise Windows devices using deployment rings that gradually roll out updates while monitoring success rates.
Can IT administrators disable Windows Autopatch?
Yes, administrators can override the default Autopatch setting and maintain manual control over update deployment through Intune admin center or Configuration Manager.
Which Windows versions support Autopatch?
Windows Autopatch supports Windows 11 versions 23H2, 24H2, and 25H2 for devices managed through Microsoft Intune or Configuration Manager.
#windows-autopatch#microsoft-intune#enterprise-updates

About the Author

Emanuel DE ALMEIDA

Emanuel DE ALMEIDA

Senior IT Journalist & Cloud Architect

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Discussion

Share your thoughts and insights

You must be logged in to comment.

Log in
Loading comments...

Related Tutorials

Learn more about this topic with our step-by-step guides

How to Check if Your PC Has the New Secure Boot 2023 Certificates (Windows UEFI CA 2023)
Intermediate
Cybersecurity

How to Check if Your PC Has the New Secure Boot 2023 Certificates (Windows UEFI CA 2023)

Microsoft's three original Secure Boot certificates (issued in 2011) begin expiring in June 2026. Windows is automatically rolling out the replacement 2023 certificates (Windows UEFI CA 2023, Microsoft UEFI CA 2023, KEK 2K CA 2023) via Windows Update. This guide shows you exactly how to check if your Windows 10 or 11 PC has already received the new certificates — using one PowerShell command.

8 steps
IT administrator configuring USB blocking policies in Microsoft Intune admin center
Intermediate
Cybersecurity

How to Block USB Drives Using Microsoft Intune Attack Surface Reduction Policies

Configure Microsoft Intune Attack Surface Reduction policies to prevent USB drive access on Windows 10/11 devices, protecting against data breaches and malware threats through removable storage restrictions.

10 steps
IT administrator configuring Windows LAPS with Microsoft Intune on multiple monitors
Intermediate
Cybersecurity

How to Set Up Windows LAPS with Microsoft Intune for Enhanced Security

Configure Windows Local Administrator Password Solution (LAPS) with Microsoft Intune to automatically manage and secure local administrator passwords across Windows devices in your organization.

6 steps
All Tutorials

Related Intelligence

Windows 10 computers in office showing security update installation process
High
Windows

Microsoft releases Windows 10 KB5078885 security update

Mar 10, 07:23 PM2 min
Microsoft 365 Backup: Granular File and Folder Restoration Now Available for SharePoint, OneDrive & Teams
Microsoft 365

Microsoft 365 Backup: Granular File and Folder Restoration Now Available for SharePoint, OneDrive & Teams

Mar 9, 07:13 AM2 min
Corporate office setup showing Microsoft 365 AI features on computer screens
Microsoft 365

Microsoft 365 E7 at $99/User/Month: Copilot AI + Agent 365 Bundled in New Enterprise Plan

Mar 10, 11:18 AM2 min
Professional using fingerprint authentication on Windows laptop with modern office background
Microsoft 365

Microsoft Entra adds passkey support for Windows sign-ins

Mar 10, 04:27 PM2 min