The new service is designed to work in conjunction with the WUfB policies you have in place today and integrates seamlessly with Microsoft’s Endpoint Manager cloud offering. In addition, it provides IT admins with more granular features from a management perspective and allows controlling updates in a programmatic way using PowerShell.
While the plain WUfB provides deferral policies and deployment rings, this may not provide the control granularity admins need in their environment. So how does the deployment service enhance WUfB?
How the deployment works ^
The deployment service uses existing device policies and update compliance settings. It controls them using a new cloud-based mechanism that is exposed programmatically.
Instead of interacting with clients directly, the deployment service’s cloud controls communicate with the Windows Update service using a management tool such as Windows PowerShell. PowerShell interacts with the Microsoft Graph REST APIs. This direct communication provides management granularity and features that were not possible before the WUfB deployment service.
Using the WUfB deployment service ^
First, to use the WUfB deployment service, you need to have one of the following Windows 10 or Windows 11 editions installed:
Additionally, your organization must have one of the following subscriptions:
Install the SDK and connect to Microsoft Graph ^
The Microsoft Graph PowerShell SDK allows admins to interact directly with the Microsoft Graph service using PowerShell. In addition, the included libraries provide commands to deploy and control updates from the WUfB deployment service.
To install the SDK, create a profile (required), and connect to the API, run the following:
Examples of using the WUfB deployment service ^
Let’s consider examples and code snippets using the PowerShell SDK connected to Microsoft Graph to control Windows Updates.
Enroll a device:
Check enrollment status:
Create a deployment for a feature update (21H1):
Deploy a feature update at a specific date and time:
The new WUfB deployment service will provide IT admins with much more granular control over how Windows updates are applied across the Windows client estate.
Subscribe to 4sysops newsletter!
By interacting directly with the Microsoft Graph REST API using the PowerShell SDK, admins can programmatically control how Windows Updates are approved, scheduled, monitored, and applied, including safeguards from problematic updates.
This content was originally published here.