18 Jun PowerShell for the Windows Update for Business deployment service now available
You can now employ PowerShell in tandem with Microsoft Graph APIs to better utilize the Windows Update for Business deployment service. In case you aren’t yet familiar with it, the Windows Update for Business deployment service provides cloud-based control over the approval, scheduling, and safeguarding of content delivered from Windows Update—enabling you to meet your organization’s update and compliance goals no matter where your devices are on the planet.
In addition to Microsoft Graph APIs (currently in public preview), you can also use the Microsoft Graph PowerShell SDK to explore the latest functionality of the deployment service and quickly script and automate common update actions. This provides a simple way to get total control over how updates are deployed to your organization.
How this will affect your organization:
With PowerShell and the Windows Update for Business deployment service, you can deploy an expedited update, which overrides your default steady-state update settings and deploys the latest available updates so that your managed devices meet the minimum required Windows revision as quickly as possible. If Microsoft releases an update addressing a high-priority security vulnerability or a quality fix for a critical line of business application that is crucial for your organization, you may want to deploy this update faster than your default update ring configuration.
What you need to do to:
To get started, the following prerequisites must be met:
- Meet the subscription service and device prerequisites for the Windows Update for Business deployment service
- Install the update KB4023057 – Update for Windows 10 Update Service components (or newer) in target devices
Once you have confirmed that your tenant and devices meet the deployment service prerequisites, ensure your user account has one of the following permissions configured:
- Global Admin Role in Azure Active Directory
- Intune Admin Role in Azure Active Directory
- Policy and Profile Manager Role in Microsoft Intune
- At least one of these roles is required for a user to be authorized to interact with the deployment service, and a new Windows Update Administrator role will be coming to Azure AD soon.
More information:
For additional guidance,
- See Assign Azure AD roles to users and Assign a role to an Intune user.
- For the full blog with more guidance, see PowerShell for the Windows Update for Business deployment service
- Learn how to install PowerShell for your operating system
- Ensure that you are running the latest version of the Microsoft Graph PowerShell SDK
Sorry, the comment form is closed at this time.