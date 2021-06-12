



Microsoft describes how to use PowerShell and Windows Update for Business Deployment Services to control Windows 10 updates

This week, Microsoft explained how to use PowerShell to better manage Windows 10 updates when using the addition of new deployment services for Windows Update for Business.

Windows Update for Business is an amorphous set of policies stored in Microsoft’s data centers. Organizations can implement Windows Update for Business policies for Windows 10 client devices, such as by using Group Policy settings. For example, you might use Windows Update for Business to delay the arrival of feature updates for Windows 10 for a short period of time.

Deployment Service Preview At the Ignite event in March, Microsoft announced the new Windows Update for Business Deployment Service.

The Windows Update for Business Deployment Service appears to be still in preview since its announcement. The March announcement of Ignite predicted that it would be available to all Windows Enterprise customers in the first half of 2021. An organization must have at least an E3 type license to use it.

According to Microsoft’s announcement in late April, the Windows Update for Business Deployment Service leverages the Microsoft Graph API released during the April preview phase.

In its April announcement, Microsoft described the Windows Update for Business Deployment Service as a “bridge between users and Windows Update.” This allows IT professionals to more finely schedule Windows 10 updates on their devices. IT professionals can specify that a particular number of devices receive updates on a particular day, and so on. This can be useful when planning a gradual rollout of feature updates for Windows 10. You can also specify a “quick update” for emergency patching that bypasses the default update settings.

The Windows Update for Business Deployment Service provides a variety of tools and management solutions, such as PowerShell, Microsoft Graph apps, or a complete endpoint management solution such as Microsoft Endpoint Manager.

Using PowerShell This week’s Microsoft announcement was about using PowerShell as a tool to specify Windows 10 update details using the Windows Update for Business Deployment Service. We’ve found that using PowerShell with this service isn’t for the timid. This is a project to roll up sleeves.

The announcement clarifies that IT professionals can use the preview Microsoft Graph API or Microsoft Graph PowerShell SDK to script Windows Update actions for Windows 10 clients under the Windows Update for Business Deployment Service scheme.

IT professionals can use PowerShell scripts to get a list of updates. You can then use a second PowerShell script to schedule the deployment of updates, including rapid deployment. Finally, you can use another PowerShell script to specify the device to get the updates for. A sample script for that was included in Microsoft’s announcement.

Requirements Prerequisites for using Windows Update for Business Deployment Services include a Windows 10 E3 (minimum) subscription, a Windows Virtual Desktop Access E3 (minimum) subscription, or a Microsoft 365 Business Premium subscription.

The device must be using Windows 10, version 1790 or later. These must be joined to Azure Active Directory or “joined to Hybrid AD”. That is, it uses a combination of Azure AD services and local Active Directory.

IT professionals must have the appropriate permissions to use the Windows Update for Business Deployment Service. The allowed roles are:

Azure Active Directory Global Administrator role Intune Azure Active Directory Policy Administrator role and Microsoft Intune Profile Manager role

Microsoft will add the “New Windows Update Administrator Role” to this list. The announcement explained that the role would come “soon.”

About the author

Kurt Mackie is a Senior News Producer for the Converge360 Group at 1105 Media.

