Control Windows Update for Business using the deployment service and PowerShell | 4sysops

Control Windows Update for Business using the deployment service and PowerShell | 4sysops
The new Windows Update for Business deployment service falls in the portfolio of services offered in the Microsoft Windows Update for Business (WUfB) product family. With it, Microsoft strives to provide more granular controls over WUfB and allow organizations to manage the approval, scheduling, monitoring, and safeguarding of updates delivered from the Windows Update platform.
Brandon Lee has been in the IT industry 15+ years and focuses on networking and virtualization. He contributes to the community through various blog posts and technical documentation primarily at
Latest posts by Brandon Lee (see all)

The new service is designed to work in conjunction with the WUfB policies you have in place today and integrates seamlessly with Microsoft’s Endpoint Manager cloud offering. In addition, it provides IT admins with more granular features from a management perspective and allows controlling updates in a programmatic way using PowerShell.

While the plain WUfB provides deferral policies and deployment rings, this may not provide the control granularity admins need in their environment. So how does the deployment service enhance WUfB?

How the deployment works ^

The deployment service uses existing device policies and update compliance settings. It controls them using a new cloud-based mechanism that is exposed programmatically.

Windows Update for Business deployment service direct API communication

Instead of interacting with clients directly, the deployment service’s cloud controls communicate with the Windows Update service using a management tool such as Windows PowerShell. PowerShell interacts with the Microsoft Graph REST APIs. This direct communication provides management granularity and features that were not possible before the WUfB deployment service.

Using the WUfB deployment service ^

First, to use the WUfB deployment service, you need to have one of the following Windows 10 or Windows 11 editions installed:

Additionally, your organization must have one of the following subscriptions:

Install the SDK and connect to Microsoft Graph ^

The Microsoft Graph PowerShell SDK allows admins to interact directly with the Microsoft Graph service using PowerShell. In addition, the included libraries provide commands to deploy and control updates from the WUfB deployment service.

To install the SDK, create a profile (required), and connect to the API, run the following:

Examples of using the WUfB deployment service ^

Let’s consider examples and code snippets using the PowerShell SDK connected to Microsoft Graph to control Windows Updates.

Enroll a device:

Check enrollment status:

Create a deployment for a feature update (21H1):

Deploy a feature update at a specific date and time:

The new WUfB deployment service will provide IT admins with much more granular control over how Windows updates are applied across the Windows client estate.

Subscribe to 4sysops newsletter!

0% Complete

By interacting directly with the Microsoft Graph REST API using the PowerShell SDK, admins can programmatically control how Windows Updates are approved, scheduled, monitored, and applied, including safeguards from problematic updates.

This content was originally published here.

Laat een reactie achter

Het e-mailadres wordt niet gepubliceerd.