deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' of https://github.com/MicrosoftDocs/windows-docs-pr into eudb

Browse Source
This commit is contained in:
Meghan Stewart
2023-02-14 11:38:51 -08:00
parent 4ef9910eb5 37686966c5
commit 06ba94876a
165 changed files with 3644 additions and 1829 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
windows/deployment/update/includes/wufb-deployment-audience-graph-explorer.md Normal file
View File

@ -0,0 +1,63 @@
---
author: mestew
ms.author: mstewart
manager: aaroncz
ms.technology: itpro-updates
ms.prod: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
---
<!--This file is shared by deployment-service-drivers.md and the deployment-service-feature-updates.md articles. Headings may be driven by article context. 7512398 -->
A deployment audience is a collection of devices that you want to deploy updates to. The audience needs to be created first, then members are added to the audience. Use the following steps to create a deployment audience, add members, and verify it:
1. To create a new audience, **POST** to the [deployment audience](/graph/api/resources/windowsupdates-deploymentaudience) resource with a request body of `{}`.
```msgraph-interactive
POST https://graph.microsoft.com/beta/admin/windows/updates/deploymentAudiences
content-type: application/json
{}
```
The POST returns an HTTP status code of `201 Created` as a response with the following body, where `id` is the **Audience ID**:
```json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/deploymentAudiences/$entity",
"id": "d39ad1ce-0123-4567-89ab-cdef01234567",
"reportingDeviceCount": 0,
"applicableContent": []
}
```
1. Add devices, using their **Azure AD ID**, to the deployment audience so they become audience members. Specify the deployment **Audience ID** in the URL field and the devices to add in the request body. The `id` property specifies the **Azure AD ID** of the device.
```msgraph-interactive
POST https://graph.microsoft.com/beta/admin/windows/updates/deploymentAudiences/d39ad1ce-0123-4567-89ab-cdef01234567/updateAudience
content-type: application/json
{
"addMembers": [
{
"@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
"id": "01234567-89ab-cdef-0123-456789abcdef"
},
{
"@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
"id": "01234567-89ab-cdef-0123-456789abcde0"
},
{
"@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
"id": "01234567-89ab-cdef-0123-456789abcde1"
}
]
}
```
1. To verify the devices were added to the audience, run the following query using the **Audience ID** of `d39ad1ce-0123-4567-89ab-cdef01234567`:
```msgraph-interactive
GET https://graph.microsoft.com/beta/admin/windows/updates/deploymentAudiences/d39ad1ce-0123-4567-89ab-cdef01234567/members
```

45
windows/deployment/update/includes/wufb-deployment-enroll-device-graph-explorer.md Normal file
View File

@ -0,0 +1,45 @@
---
author: mestew
ms.author: mstewart
manager: aaroncz
ms.technology: itpro-updates
ms.prod: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
---
<!--This file is shared by deployment-service-drivers.md and the deployment-service-feature-updates.md articles. Headings may be driven by article context. 7512398 -->
You enroll devices based on the types of updates you want them to receive. Currently, you can enroll devices to receive feature updates (`feature`) or drivers (`driver`). You can enroll devices to receive updates from multiple update classifications.
1. To enroll devices, POST to [updatableAssets](/graph/api/resources/windowsupdates-updatableasset) using [enrollAssets](/graph/api/windowsupdates-updatableasset-enrollassets). The following example enrolls three devices to receive driver updates:
1. In Graph Explorer, select **POST** from the drop-down list for the HTTP verb.
1. Enter the following request into the URL field: </br>
`https://graph.microsoft.com/beta/admin/windows/updates/updatableAssets/enrollAssets`
1. In the **Request body** tab, enter the following JSON, supplying the following information:
- **Azure AD Device ID** as `id`
- Either `feature` or `driver` for the updateCategory
```json
{
"updateCategory": "driver",
"assets": [
{
"@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
"id": "01234567-89ab-cdef-0123-456789abcdef"
},
{
"@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
"id": "01234567-89ab-cdef-0123-456789abcde0"
},
{
"@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
"id": "01234567-89ab-cdef-0123-456789abcde1"
}
]
}
```
1. Select the **Run query** button. The results will appear in the **Response** window. In this case, the HTTP status code of `202 Accepted`.
:::image type="content" source="../media/7512398-deployment-enroll-asset-graph.png" alt-text="Screenshot of successfully enrolling assets through Graph Explorer." lightbox="../media/7512398-deployment-enroll-asset-graph.png" :::

54
windows/deployment/update/includes/wufb-deployment-find-device-name-graph-explorer.md Normal file
View File

@ -0,0 +1,54 @@
---
author: mestew
ms.author: mstewart
manager: aaroncz
ms.technology: itpro-updates
ms.prod: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
---
<!--This file is shared by deployment-service-drivers.md, deployment-service-expedited-updates.md, and the deployment-service-feature-updates.md articles. Headings may be driven by article context. 7512398 -->
Use the [device](/graph/api/resources/device) resource type to find clients to enroll into the deployment service. Change the query parameters to fit your specific needs. For more information, see [Use query parameters](/graph/query-parameters).
- Displays the **AzureAD Device ID** and **Name** of all devices:
```msgraph-interactive
GET https://graph.microsoft.com/v1.0/devices?$select=deviceid,displayName
```
- Displays the **AzureAD Device ID** and **Name** for devices that have a name starting with `Test`:
```msgraph-interactive
GET https://graph.microsoft.com/v1.0/devices?$filter=startswith (displayName,'Test')&$select=deviceid,displayName
```
### Add a request header for advanced queries
For the next requests, set the **ConsistencyLevel** header to `eventual`. For more information about advanced query parameters, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries).
1. In Graph Explorer, select the **Request headers** tab.
1. For **Key** type in `ConsistencyLevel` and for **Value**, type `eventual`.
1. Select the **Add** button. When you're finished, remove the request header by selecting the trash can icon.
:::image type="content" source="../media/7512398-deployment-service-graph-modify-header.png" alt-text="Screenshot of the request headers tab in Graph Explorer" lightbox="../media/7512398-deployment-service-graph-modify-header.png":::
- Display the **Name** and **Operating system version** for the device that has `01234567-89ab-cdef-0123-456789abcdef` as the **AzureAD Device ID**:
```msgraph-interactive
GET https://graph.microsoft.com/v1.0/devices?$search="deviceid:01234567-89ab-cdef-0123-456789abcdef"?$select=displayName,operatingSystemVersion`
```
- To find devices that likely aren't virtual machines, filter for devices that don't have virtual machine listed as the model but do have a manufacturer listed. Display the **AzureAD Device ID**, **Name**, and **Operating system version** for each device:
```msgraph-interactive
GET https://graph.microsoft.com/v1.0/devices?$filter=model ne 'virtual machine' and NOT(manufacturer eq null)&$count=true&$select=deviceid,displayName,operatingSystemVersion`
```
> [!Tip]
> Requests using the [device](/graph/api/resources/device) resource type typically have both an `id` and a `deviceid`:
> - The `deviceid` is the **Azure AD Device ID** and will be used in this article.
> - Later in this article, this `deviceid` will be used as an `id` when you make certain requests such as adding a device to a deployment audience.
> - The `id` from the [device](/graph/api/resources/device) resource type is usually the Azure AD Object ID, which won't be used in this article.

18
windows/deployment/update/includes/wufb-deployment-graph-explorer-permissions.md Normal file
View File

@ -0,0 +1,18 @@
---
author: mestew
ms.author: mstewart
manager: aaroncz
ms.technology: itpro-updates
ms.prod: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
---
<!--This file is shared by deployment-service-drivers.md, deployment-service-expedited-updates.md, and the deployment-service-feature-updates.md articles. Headings may be driven by article context. 7512398 -->
The following permissions are needed for the queries listed in this article:
- [WindowsUpdates.ReadWrite.All](/graph/permissions-reference#windows-updates-permissions) for [Windows Update for Business deployment service](/graph/api/resources/windowsupdates) operations.
- At least [Device.Read.All](/graph/permissions-reference#device-permissions) permission to display [device](/graph/api/resources/device) information.
Some roles, such as the [Windows Update deployment administrator](/azure/active-directory/roles/permissions-reference#windows-update-deployment-administrator), already have these permissions.

34
windows/deployment/update/includes/wufb-deployment-graph-explorer.md Normal file
View File

@ -0,0 +1,34 @@
---
author: mestew
ms.author: mstewart
manager: aaroncz
ms.technology: itpro-updates
ms.prod: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
---
<!--This file is shared by deployment-service-drivers.md, deployment-service-expedited-updates.md, and the deployment-service-feature-updates.md articles. Headings may be driven by article context. 7512398 -->
For this article, you'll use Graph Explorer to make requests to the [Microsoft Graph APIs](/graph/api/resources/windowsupdates-updates?view=graph-rest-beta&preserve-view=true) to retrieve, add, delete, and update data. Graph Explorer is a developer tool that lets you learn about Microsoft Graph APIs. For more information about using Graph Explorer, see [Get started with Graph Explorer](/graph/graph-explorer/overview).
> [!WARNING]
>
> - Requests listed in this article require signing in with a Microsoft 365 account. If needed, a free one month trial is available for [Microsoft 365 Business Premium](https://www.microsoft.com/microsoft-365/business/microsoft-365-business-premium).
> - Using a test tenant to verify the deployment process first is highly recommended. If you use a production tenant, ensure you verify which client devices you're targeting with deployments.
1. From a browser, go to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer) and sign in using an Azure Active Directory (Azure AD) user account.
1. You may need to enable the [`WindowsUpdates.ReadWrite.All` permission](/graph/permissions-reference#windows-updates-permissions) to use the queries in this article. To enable the permission:
1. Select the **Modify permissions** tab in Graph Explorer.
1. In the permissions dialog box, select the **WindowsUpdates.ReadWrite.All** permission then select **Consent**. You may need to sign in again to grant consent.
:::image type="content" source="../media/7512398-wufbds-graph-modify-permission.png" alt-text="Screenshot of the modify permissions tab in Graph Explorer" lightbox="../media/7512398-wufbds-graph-modify-permission.png" :::
1. To make requests:
1. Select either GET, POST, PUT, PATCH, or DELETE from the drop-down list for the HTTP method.
1. Enter the request into the URL field. The version will populate automatically based on the URL.
1. If you need to modify the request body, edit the **Request body** tab.
1. Select the **Run query** button. The results will appear in the **Response** window.
> [!TIP]
> When reviewing [Microsoft Graph documentation](/graph/), you may notice example requests usually list `content-type: application/json`. Specifying `content-type` typically isn't required for Graph Explorer, but you can add it to the request by selecting the **Headers** tab and adding the `content-type` to the **Request headers** field as the **Key** and `application/json` as the **Value**.

42
windows/deployment/update/includes/wufb-deployment-graph-unenroll.md Normal file
View File

@ -0,0 +1,42 @@
---
author: mestew
ms.author: mstewart
manager: aaroncz
ms.technology: itpro-updates
ms.prod: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
---
<!--This file is shared by deployment-service-drivers.md and the deployment-service-feature-updates.md articles. Headings may be driven by article context. 7512398 -->
When a device no longer needs to be managed by the deployment service, unenroll it. Just like [enrolling a device](#enroll-devices), specify either `driver` or `feature` as the value for the `updateCategory`. The device will no longer receive updates from the deployment service for the specified update category. Depending on the device's configuration, it may start to receive updates from Windows Update. For instance, if a device is still enrolled for feature updates, but it's unenrolled from drivers:
- Existing driver deployments from the service won't be offered to the device
- The device will continue to receive feature updates from the deployment service
- Drivers may start being installed from Windows Update depending on the device's configuration
To unenroll a device, POST to [updatableAssets](/graph/api/resources/windowsupdates-updatableasset) using [unenrollAssets](/graph/api/windowsupdates-updatableasset-unenrollassets). In the request body, specify:
- **Azure AD Device ID** as `id` for the device
- Either `feature` or `driver` for the updateCategory
The following example removes `driver` enrollment for two devices, `01234567-89ab-cdef-0123-456789abcdef` and `01234567-89ab-cdef-0123-456789abcde0`:
```msgraph-interactive
POST https://graph.microsoft.com/beta/admin/windows/updates/updatableAssets/unenrollAssets
content-type: application/json
{
"updateCategory": "driver",
"assets": [
{
"@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
"id": "01234567-89ab-cdef-0123-456789abcdef"
},
{
"@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
"id": "01234567-89ab-cdef-0123-456789abcde0"
}
]
}
```

13
windows/deployment/update/includes/wufb-deployment-limitations.md Normal file
View File

@ -0,0 +1,13 @@
---
author: mestew
ms.author: mstewart
manager: aaroncz
ms.technology: itpro-updates
ms.prod: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
---
<!--This file is shared by deployment-service-overview.md and the deployment-service-prerequisites.md articles. Headings may be driven by article context. 7512398 -->
Windows Update for Business deployment service is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Windows Update for Business deployment service doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Windows Update for Business deployment service is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers.

21
windows/deployment/update/includes/wufb-deployment-update-health-tools-logs.md Normal file
View File

@ -0,0 +1,21 @@
---
author: mestew
ms.author: mstewart
manager: aaroncz
ms.technology: itpro-updates
ms.prod: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
---
<!--This file is shared by deployment-service-expedite.md and the deployment-service-troubleshoot.md articles. Headings may be driven by article context. 7512398 -->
## Log location for the Update Health Tools
The Update Health Tools are used when you deploy expedited updates. In some cases, you may wish to review the logs for the Update Health Tools.
**Log location**: `%ProgramFiles%\Microsoft Update Health Tools\Logs`
- The logs are in `.etl` format.
- Microsoft offers [PerfView as a download on GitHub](https://github.com/Microsoft/perfview/blob/main/documentation/Downloading.md), which displays `.etl` files.
For more information, see [Troubleshooting expedited updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-the-most-out-of-expedited-windows-quality-updates/ba-p/3659741).