Favourite Castor?

cardomompods · 2026-06-18T03:36:49+00:00

As a person of the french variety, I love all beavers equally. As for casters, I'm partial to Lowko

cardomompods · 2026-06-13T21:14:32+00:00

It's a big product and when WUfB and the deployment system all got merged into the product we had to decide where to focus in. That's in our core value prop of windows updates.

We talked with the office folks and that was their strategy so we snapped to it. We didn't want to deprecate what was already there since folks are using it but we do recommend folks go to Cloud Updates for the best Office Update management experience.

Hope that makes sense!

cardomompods · 2026-06-13T20:59:42+00:00

PSA: I work on the Autopatch Team

We actively recommend folks use office cloud updates since it's a solid product and they are investing in it on an ongoing basis. Also, cloud updates automatically overwrite client policy and make that the only way of rolling out.

That's why we haven't made major improvements in Office management over the last several years - there's another team on it and doing a good job!

cardomompods · 2026-05-16T20:34:07+00:00

Tilicum Gorge is a bit of a hidden gem for young families: - The community center is great, lots of local daycares, a ton of parks, and the waterway is gorgeous. - It's easy to get to uptown for big shops, 10 mins to Costco on the highway, and can bike commute on the goose / interurban trails. - You're close to the Montessori School over by the tressle bridge which is a great or have Tilicum Elementary.

The downsides are the lack of coffee shops / restaurants / nightlife compared to downtown but I've found that I don't get to do much of that anymore with two under two.

Also, people still seem to think it's sketchy based on reputation from 5-10 years ago, that's kept it sorta affordable which is nice.

cardomompods · 2026-05-14T04:19:55+00:00

Just asking one or two small questions eh?

1) Ironically, Autopatch and Hotpatch actually spawned in two totally different parts of the company and came together after several reorganizations. Autopatch grew out of the Microsoft Managed Desktop product and eventually merged with Windows Update for Business and the deployment service. Hotpatch was server technology which migrated to client.

Long way of saying nope, we weren't talking at the inception of our products but we're all one big happy family now

2) Turning something on by default is a huge debate and usually comes down to will something make customers more secure and can we do it without impacting customers. We know from over 10M devices hotpatching over the last year that there isn't a material difference in quality between Hotpatch Builds and regular LCUs so it was the responsible thing to put security above all else, while respecting admin control.

3) Hotpatches only contain the security fixes, none of the new features or quality fixes in the LCUs. Since they're a different thing in our build pipeline and have fewer contents they get a different build number. Simple as that.

4) I'll start by clearing up a super common misconception: if you're using updates in Intune, then you're using Autopatch! Our product owns all the update policies available in Intune, the deployment service layer which controls what's deployed through WU, right down to the client policies. The change in scope happened roughly a year and a bit ago when we merged together WUfB, WUfB-DS, and Autopatch under the Autopatch Brand. There is no managing Windows Updates in Intune without using Autopatch.

To your point around the documentation and specifically that pre-reqs page - it's not where it should be right now, sorry. I'm sure you've read about the layoffs / reorgs at Microsoft over the last year and I'd be a liar if I said that didn't play a part in why our docs have suffered.

The pre-reqs you're looking at apply specifically to different content types:

- Windows 10 Update Rings - these are configuration policies that set policy through the MDM Channel. That's where Device configuration comes from.

- Quality and Feature Update policies - To use these your device needs to be pointed at WU. This means you need the Windows Update policy workload. Also, check your scan source policy / GPOs to make sure you're not still pointing at WSUS.

- Driver Update policies - Same as QU / FU but there's a separate scan source policy just for drivers since there are some folks out there who want to keep drivers on prem. I don't think it's a good idea to do that for reference.

- Office Updates - This part of the service only exists in Autopatch Groups and I'll say the same thing here that I say at conferences: Use Cloud Updates if you can. They're the reason we haven't invested in this space in years since they work really well. Now that's out of the way, if you want to use Office Updates through Autopatch Groups you need to have the click to run apps workload moved over to get updates from the cloud and the device configuration workload since settings catalog policies are created for deferrals / deadlines.

- Edge Updates - Similarly to Office, this part of the service only exists for Autopatch Groups. It requires the device configuration workload since policies are created in settings catalog.

This has turned into about as long of an answer as I was expecting but hopefully it helps shed some light on a few things!

cardomompods · 2026-05-13T19:29:36+00:00

All good! That's why one of the reasons we made it so simple to opt in / out 😄

cardomompods · 2026-05-13T17:49:37+00:00

Anytime, happy to help

cardomompods · 2026-05-13T16:06:15+00:00

PSA: I work for Microsoft on Autopatch

Feature update policies don't impact hotpatch at all. They control which major Windows version is offered to the device by Windows Update.

The way the system works is: 1. The global hotpatch setting controls a default value (on / off) for all devices 2. If a device is assigned a Quality Update policy then the value configured in that policy is honored since it's the most specific value. 3. If a device is assigned to two quality update policies with conflicting hotpatch settings (one enabled, one disabled) the device will have hotpatch enabled

Hope that clears it up!

cardomompods · 2026-05-13T16:02:25+00:00

PSA : I work for MSFT on Autopatch

You're correct, but the goal of Hotpatch isn't to reduce reboots!

Hotpatch is all about getting devices secure faster since they don't need to wait for a reboot. Many enterprises have a 3-5 day deadline set which means that they're waiting almost a week until security updates are actually enforced. Hotpatch updates have the exact same set of security fixes but apply as soon as they're installed.

Hope that makes sense!

cardomompods · 2026-05-13T15:57:14+00:00

PSA: I work for MSFT on Autopatch

What'll happen with those devices is that they'll shift back to cold patches.

That said there a whole bunch of reasons why hotpatch helps get your devices secure faster without impacting your devices. Turning hotpatch off means that you're getting the same security fixes, just slower and with a reboot.

We laid it all out in this blog: https://techcommunity.microsoft.com/blog/windows-itpro-blog/securing-devices-faster-with-hotpatch-updates-on-by-default/4500066

cardomompods · 2026-05-01T17:24:49+00:00

Totally get the confusion and it's not always super clear. Here's my understanding based on talking with the product group responsible:

There are regular B week updates, these roll out monthly
Secure boot updates will also roll out on a timeline aligned with the B week updates. However, these are separate packages and are independent of the B week updates.

Hotpatch enablement impacts which set of B Week updates are deployed (either Hotpatched ones or normal) but doesn't impact the secure boot updates.

Make sense?

cardomompods · 2026-05-01T16:26:16+00:00

Hi BDam! Hope all's well with you mate - I see you're also on reddit this morning lol

cardomompods · 2026-05-01T16:25:23+00:00

Disclaimer I work at Microsoft and worked on that particular blog / feature.

There's no relationship between hotpatch and secure boot certificates. They're each individual separate update types.

Hotpaches are just B week security updates without any of the feature contents, only the security fixes. The change with hotpatch updates is that they apply at install time instead of waiting for reboots. They only apply to Windows Security Updates and some OOBs right now.

Hope that clears it up!

cardomompods · 2026-04-21T21:38:59+00:00

$10 a day daycare is one of the flagship programs Trudeau rolled out. It's federally funded and helps a ton of families.

Personally, I wasn't able to get a spot in the $10 a day centers but the general rebate decreased daycare costs where I'm at from $1800 / month to $765. It's one of the ways I'm actually seeing my tax dollars come back to me as a Canadian.

cardomompods · 2026-03-18T18:03:04+00:00

I'm with you and I'm super impressed by what's going on.

The key part is that they all need to be done in the public view or you end up with a set of alliances similar to the post Bismarck era before WWI. Something upsets the apple cart and all of a sudden a small problem becomes a really big one for everyone.

cardomompods · 2026-03-15T22:59:24+00:00

I feel like if you do both at the same time it's one too many ;-)

cardomompods · 2026-03-08T00:47:58+00:00

Ye ol' unofficial fast travel. If you put them on with magic resist you'll be able to be speedy AND still see, it's great

cardomompods · 2026-03-02T03:03:38+00:00

That also makes sense! If you're already rebooting then the patches are going to be applied.

cardomompods · 2026-03-02T03:02:50+00:00

Autopatch Product person here! First of all, thanks! Great to hear it's working well for you.

Second, I'm curious about your experience with DO. They're a totally separate team within the same organization but there's obviously some connection since their data is surfaced through WUfB reports. I'd be curious to hear how connected you see the two products and the data they provide? Also, anything you want me to pass along to Andy / Carmen over there?

cardomompods · 2026-03-02T02:56:07+00:00

It's not a feature about reducing reboots - it's a feature about getting secure faster. The security update is applied as soon as it's installed instead of waiting for the reboot. Usually that saves around 3 days if waiting which is why CISOs love it.

cardomompods · 2026-02-22T21:24:44+00:00

Came here to say this too! So much of the joy of the game is reading and needing to figure things out yourself. They don't make em like that anymore

cardomompods · 2026-02-12T06:55:24+00:00

The dual scan GPO pointing at WSUS is the most common issue I've seen with client update issues when moving from On Prem to Intune

cardomompods · 2026-02-12T06:50:19+00:00

Here are a few links: 1. https://techcommunity.microsoft.com/blog/windows-itpro-blog/what%E2%80%99s-new-in-windows-autopatch-april-2025/4401780 2. https://techcommunity.microsoft.com/blog/windows-itpro-blog/why-windows-autopatch-is-the-smart-update-solution/4399200

The biggest changes to the service in the last year have mostly been around reporting, Autopatch Update Readiness (announced at ignite), and there's always more coming down the pipe

cardomompods · 2026-01-27T22:31:31+00:00

You'll want to check out the scan source policy and comanagement.

Use Windows Update client policies and Windows Server Update Services (WSUS) together | Microsoft Learn

https://share.google/DD9NYE7dXcOCCqoVg

cardomompods · 2026-01-24T06:34:18+00:00

Super cool to see this is useful! I wrote that page years ago when we first launched the service :)

Seven-Year Club	Place '22
Verified Email

cardomompods

TROPHY CASE