Microsoft is rewriting Windows patch guidance because of AI
Microsoft is recommending that organizations shorten Windows update deployment timelines, warning that advances in AI are reducing the time attackers need to identify and exploit vulnerabilities after security updates are released.
The company says organizations should reassess how quickly they roll out monthly security updates, particularly on devices where shorter deployment windows can be implemented without disrupting business operations.
“If you’re not delivering critical quality updates with security fixes until a couple of weeks after they’ve been issued, that’s ample time for attackers using AI to find and exploit known security gaps,” Jeremy Chapman, Microsoft 365 Director, explained.
The recommended Windows update settings include a quality update deferral period of fewer than three days, update deadlines of zero or one day, and a grace period of no more than two days.
Using Windows Autopatch to identify unpatched devices
The new Windows Autopatch report in Microsoft Intune helps identify unpatched devices, showing which systems remain exposed after security updates become available. Administrators can then tighten update deferral policies for appropriate device groups to reduce the exposure window. The service automates the rollout of Windows, Microsoft 365 Apps, and Microsoft Edge updates across administrator-defined device groups.

Windows Autopatch report (Source: Microsoft)
Applying update policies
When updates are delivered through policy controls, the required settings can be configured in Windows Autopatch and Microsoft Intune. Equivalent time-bound policies can also be implemented using other Windows software update management tools, such as Microsoft Configuration Manager and Windows Server Update Services.
Reducing exposure with Hotpatch and Conditional Access
Microsoft recommends using Hotpatch, which is enabled by default on supported systems, to install eligible security updates without requiring a reboot, allowing organizations to deploy protections more quickly while minimizing user disruption.
Organizations should enforce compliance through Conditional Access policies that prevent devices without required updates from accessing corporate resources, reducing the risk posed by unpatched systems.