check before: 2025-05-27
Product:
Entra, Intune, Microsoft 365 admin center, Microsoft 365 Groups, Windows Autopatch
Platform:
Online, World tenant
Status:
Change type:
New feature, User impact, Admin impact
Links:
Details:
Summary:
Windows Autopatch introduces role-based access controls for update management, available from May 27, 2025. New roles include Windows Autopatch Administrator and Reader. Custom roles and Intune scope tags are supported. Review and update permissions for users in deprecated Modern Workplace Roles. For assistance, visit the Microsoft Intune admin center.
Details:
Windows Autopatch will now provide role-based access controls to access key update management features, previously limited to Intune Service administrators. With this change, administrators can assign specific roles and permissions, so that only authorized personnel can perform update management actions and read reports. With this change you will be able to grant appropriate access rights to individuals, resulting in far fewer privileges for update management, therefore minimizing the need for Intune Service administrator privileges.
[When will this happen:]
General Availability will take place starting May 27, 2025, Pacific Standard Time, and the change will be completed in 4 weeks.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-04-24
updated:
2025-04-24
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Windows Autopatch is introducing new roles, such as Windows Autopatch Administrator and Windows Autopatch Reader, to manage system updates with specific permissions, allowing for tailored access and the removal of outdated roles.
Direct effects for Operations**
Access Control Changes
Without proper preparation, users may lose access to critical update management features due to the removal of deprecated roles, leading to potential delays in update management and increased security risks.
- roles: IT Administrators, Security Administrators
- references: https://learn.microsoft.com/en-us/windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview#who-can-access-the-reports
Role Misconfiguration
If roles are not configured correctly, unauthorized users may gain access to sensitive update management actions, leading to potential data breaches or system misconfigurations.
- roles: Windows Autopatch Administrators, Helpdesk Administrators
- references: https://go.microsoft.com/fwlink/?linkid=2109431
Configutation Options**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 4 weeks ago
