How to configure RBAC for Windows Autopatch

Use expanded role-based access control (RBAC) to better manage access permissions to Windows Autopatch resources. Start by enforcing least privilege access with the new Windows Autopatch administrator and the Windows Autopatch reader roles. Learn how to assign the right permissions, apply Microsoft Intune scope tags as needed, and manage Windows Autopatch groups as a scoped admin.  

 

When will this happen: 

You could already use RBAC with Windows Autopatch in a limited way with the Microsoft Intune Policy and profile manager role.  

 

In late May, all RBAC capabilities in Windows Autopatch started to roll out gradually.  

 

How this will affect your organization: 

If you’re part of a larger, more distributed organization with delegated administration, you might have struggled with enforcing least privileged access to further enhance security. Not anymore! New RBAC capabilities in Windows Autopatch integrated with Intune roles now enhance your update management administration including read-only access and scope of control.  

 

What you need to do to prepare: 

To manage updates with Windows Autopatch at an advanced level with full access, you need both of the following roles: Policy and profile manager and Windows Autopatch administrator. Then you can assign limited permissions to other admin users. See Additional information to get started.