And like most of the New MS Intune Features > Reporting on the each ring is not working as expected :( logged with MS Autopatch team, trobleshoot it for a week... and guess what "We can't help 😁raise the case with Intune support"😂🤣 Welcome to Disneyland 🤩😁... yay so my next job (when Boss fires me) is perfoming autopatch in McDonalds 🤩😁😂
Great video as always. With this new tool what can we expect to happen with update ring, feature and quality update options available in InTune? Are they going to stay or MS is going to retire them?
They are 2 different systems. Think of Intune update rings and windows update for business as the tools to patch things yourself and Autopatch and the mechanic who does the patching for you
Thanks Dean good video. With the lack of support for multisession OS what in your opinion is the best method for updating multisession hosts? Would you lean towards manual patch installation in a custom image and disable auto updates?
My best opinion is to submit your feedback to the product team so we can get support for multisession! And in the meantime I am working on something special for this…a video is coming soon!
So we are in a buisiness with 350+ devices that cant always be restarted because there was a update. These computers might be running simulations that may take 48+ hours. How will i control or manage devices from restarting and losing the simulation data?
This is great for smb, but I don't see a universe where this is usable in a large enterprise. Imagine trying to run these changes and permissions past 3 different systems & security teams.
Why do you think so? The permissions to set it up are a once and done, and the patches for a change cycle follow the standard patch Tuesday deployments…which any enterprise should be doing already…right?
@@AzureAcademy Systems team is going to say no, leave servers out of it--it ain't broke, why fix it? Apps team is going to say no, we need to validate patches our own way (WSUS or rings work, why introduce an additional mechanic?). Security team is going to say no, we can't grant that level of authority to some unproven service. Security won't even let me set up RDP shortpath for my AVD pools. Why? Corporate red tape. The reason almost doesn't matter--it's easier to say no. That's before even mentioning how MS consistently requires all of these things be done by a Global Admin. What's the point of RBAC if everything requires Global Admin? My only access to Global Admin is through my boss's boss and a 10 page document about why a change should be made and its impacts... after getting buy in from other stakeholders. Merely uttering the words "global admin" in a pre-req document instantly makes every approver inclined to say "no". As a cloud platform/automated endpoint management guy I think It's a great feature; just don't see it getting traction over the other first party patching options in large enterprise. Options that don't seemingly introduce additional failure points or give even a non-zero perception of loss of control.
You make interesting points, but I think you left out one of the main benefits of Autopatch…💰💰💰 I’m only half kidding Paying multiple admins to do the patching and all the other folks involved testing, troubleshooting etc. in that process is a huge investment of cash, when you already own the licenses for the tool that does it for you…which equals savings. And your admins can focus on something that brings more value to your org. As for the idea that no one in the org is willing to make any changes ever because of a level of rights or if it ain’t broke don’t fix it…I have worked for those companies too…my suggestion there is to think about your career and where you want it to go. Are you happy to be in a stable never changing environment vs pushing the edge, which means you have to know how to move fast and fail fast, be agile etc. or something in between. neither path is wrong, and neither is for everyone. You pick what’s best for you, your career and your family…and don’t sweat the rest ☺️ Thanks for the feedback and #HappyLearning
Hello, after see the video I'm still confusing in how to update AVD windows 11 multisession machines. Due to Windows Autopatch dont work with multisession machines in AVD we are trying to updating with our own WSUS server but it doesn't work. What's the correct way to update these machines?. Thanks in advance
The best way to update multisession is to not do it at all! You should update your image Build updated multisession hosts and throw the old hosts away! I will have a new video on this process soon…stay tuned! ☺️
I would suggest NOT starting Autopatch until you stop using update rings. This way you don't end up with multiple tools controlling the same PCs and end up with issues.
Really great overview, Dean! thanks for doing this
Happy to help @Lior!
Amazing Dean!
Thanks
And like most of the New MS Intune Features > Reporting on the each ring is not working as expected :( logged with MS Autopatch team, trobleshoot it for a week... and guess what "We can't help 😁raise the case with Intune support"😂🤣 Welcome to Disneyland 🤩😁... yay so my next job (when Boss fires me) is perfoming autopatch in McDonalds 🤩😁😂
At least you have a plan 🤣
@@AzureAcademy 😁😂💯🤯😁🆘💻
🤣❤️🔥
Great video Dean!
Thanks Tony!
Great like always! - for for multisession Vms, any reason why we shouldn't use an Automation account and perform update management that way?
Thanks! Azure Automation will not work. Automation account updates only work for servers operating systems. 🤦♂️
This should be included with windows 11 enterprise/server editions, why do they require an additional license
That’s a nice thought…but not how the world works. Oh and windows servers are not supported by auto patch
Great video as always. With this new tool what can we expect to happen with update ring, feature and quality update options available in InTune? Are they going to stay or MS is going to retire them?
They are 2 different systems. Think of Intune update rings and windows update for business as the tools to patch things yourself and Autopatch and the mechanic who does the patching for you
@@AzureAcademy That makes absolute sense. Don't know how I missed that.
No worries! 😉
Thanks Dean good video. With the lack of support for multisession OS what in your opinion is the best method for updating multisession hosts? Would you lean towards manual patch installation in a custom image and disable auto updates?
My best opinion is to submit your feedback to the product team so we can get support for multisession! And in the meantime I am working on something special for this…a video is coming soon!
@@AzureAcademy We need that video. It's ready?. Link please. Thanks
Sorry for the delay…but this new feature is coming soon…by end of month I hope
So we are in a buisiness with 350+ devices that cant always be restarted because there was a update.
These computers might be running simulations that may take 48+ hours.
How will i control or manage devices from restarting and losing the simulation data?
You schedule the installs, then plan those maintenance windows to be about 2 hours long so you aren’t running sims during that time
This is great for smb, but I don't see a universe where this is usable in a large enterprise. Imagine trying to run these changes and permissions past 3 different systems & security teams.
Why do you think so? The permissions to set it up are a once and done, and the patches for a change cycle follow the standard patch Tuesday deployments…which any enterprise should be doing already…right?
@@AzureAcademy Systems team is going to say no, leave servers out of it--it ain't broke, why fix it? Apps team is going to say no, we need to validate patches our own way (WSUS or rings work, why introduce an additional mechanic?). Security team is going to say no, we can't grant that level of authority to some unproven service. Security won't even let me set up RDP shortpath for my AVD pools. Why? Corporate red tape. The reason almost doesn't matter--it's easier to say no.
That's before even mentioning how MS consistently requires all of these things be done by a Global Admin. What's the point of RBAC if everything requires Global Admin? My only access to Global Admin is through my boss's boss and a 10 page document about why a change should be made and its impacts... after getting buy in from other stakeholders. Merely uttering the words "global admin" in a pre-req document instantly makes every approver inclined to say "no".
As a cloud platform/automated endpoint management guy I think It's a great feature; just don't see it getting traction over the other first party patching options in large enterprise. Options that don't seemingly introduce additional failure points or give even a non-zero perception of loss of control.
You make interesting points, but I think you left out one of the main benefits of Autopatch…💰💰💰
I’m only half kidding
Paying multiple admins to do the patching and all the other folks involved testing, troubleshooting etc. in that process is a huge investment of cash, when you already own the licenses for the tool that does it for you…which equals savings. And your admins can focus on something that brings more value to your org.
As for the idea that no one in the org is willing to make any changes ever because of a level of rights or if it ain’t broke don’t fix it…I have worked for those companies too…my suggestion there is to think about your career and where you want it to go.
Are you happy to be in a stable never changing environment vs pushing the edge, which means you have to know how to move fast and fail fast, be agile etc.
or something in between.
neither path is wrong, and neither is for everyone.
You pick what’s best for you, your career and your family…and don’t sweat the rest ☺️
Thanks for the feedback and #HappyLearning
Is this available for GCC-HIGH tenants?
Not sure, I don’t do a ton of Gov work…I’ll get back to you
But the easiest thing to do is open Intune and look ☺️
I checked with the product team and Windows Autopatch is NOT available in GCC-HIGH tenants...YET.
Stay tuned because ya never know 👍
Hello, after see the video I'm still confusing in how to update AVD windows 11 multisession machines. Due to Windows Autopatch dont work with multisession machines in AVD we are trying to updating with our own WSUS server but it doesn't work. What's the correct way to update these machines?. Thanks in advance
The best way to update multisession is to not do it at all! You should update your image
Build updated multisession hosts and throw the old hosts away! I will have a new video on this process soon…stay tuned! ☺️
Thanks!!@@AzureAcademy
Anytime
If intune update rings are in use, can we use autopatch?
I would suggest NOT starting Autopatch until you stop using update rings. This way you don't end up with multiple tools controlling the same PCs and end up with issues.