From 211cddd5580fcc8ae662054f5ff38d32645640d8 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Tue, 14 Feb 2023 11:08:50 -0800
Subject: [PATCH 1/9] add policy considerations include

---
 .../wufb-deployment-policy-considerations.md  | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 windows/deployment/update/includes/wufb-deployment-policy-considerations.md

diff --git a/windows/deployment/update/includes/wufb-deployment-policy-considerations.md b/windows/deployment/update/includes/wufb-deployment-policy-considerations.md
new file mode 100644
index 0000000000..d94f08d213
--- /dev/null
+++ b/windows/deployment/update/includes/wufb-deployment-policy-considerations.md
@@ -0,0 +1,21 @@
+---
+author: mestew
+ms.author: mstewart
+manager: aaroncz
+ms.technology: itpro-updates
+ms.prod: windows-client
+ms.topic: include
+ms.date: 02/14/2023
+ms.localizationpriority: medium
+---
+<!--This file is shared by deployment-service-drivers.md, deployment-service-troubleshoot.md, and the deployment-service-prerequisites.md articles. Headings may be driven by article context. 7512398 -->
+
+## Policy considerations
+
+It's possible for the service to receive content approval but the content doesn't get installed on the device because of a Group Policy, CSP, or registry setting on the device. In some cases, organizations specifically configure policies to fit their needs. For instance, they may want to review applicable driver content, but not approve it for install through the deployment service. Configuring this sort of behavior can be useful, especially when transitioning driver update management due to changing organizational needs.
+
+| Policy | Behavior |
+|---|---|
+| 
+
+

From 9e32a7a7790d74fe029642890b4974b45246d9e4 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Tue, 14 Feb 2023 15:40:31 -0800
Subject: [PATCH 2/9] driver-policy-edit

---
 .../update/deployment-service-drivers.md      |  5 +++++
 .../deployment-service-prerequisites.md       |  6 ++++++
 .../update/deployment-service-troubleshoot.md |  5 +++++
 ...deployment-driver-policy-considerations.md | 18 ++++++++++++++++
 .../wufb-deployment-policy-considerations.md  | 21 -------------------
 windows/deployment/update/waas-wu-settings.md |  2 +-
 .../update/waas-wufb-group-policy.md          |  2 +-
 7 files changed, 36 insertions(+), 23 deletions(-)
 create mode 100644 windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
 delete mode 100644 windows/deployment/update/includes/wufb-deployment-policy-considerations.md

diff --git a/windows/deployment/update/deployment-service-drivers.md b/windows/deployment/update/deployment-service-drivers.md
index cb9c80bdd4..2063dfd073 100644
--- a/windows/deployment/update/deployment-service-drivers.md
+++ b/windows/deployment/update/deployment-service-drivers.md
@@ -330,3 +330,8 @@ GET https://graph.microsoft.com/beta/admin/windows/updates/deployments?orderby=c
 
 <!--Using include for removing device enrollment-->
 [!INCLUDE [Graph Explorer enroll devices](./includes/wufb-deployment-graph-unenroll.md)]
+
+## Policy considerations for drivers
+
+<!--Using include for Policy considerations for drivers-->
+[!INCLUDE [Windows Update for Business deployment service driver policy considerations](./includes/wufb-deployment-driver-policy-considerations.md)]
\ No newline at end of file
diff --git a/windows/deployment/update/deployment-service-prerequisites.md b/windows/deployment/update/deployment-service-prerequisites.md
index 40b91b4b9f..8a35986ded 100644
--- a/windows/deployment/update/deployment-service-prerequisites.md
+++ b/windows/deployment/update/deployment-service-prerequisites.md
@@ -91,6 +91,12 @@ When you use [Windows Update for Business reports](wufb-reports-overview.md) in
 <!--Using include for deployment service limitations-->
 [!INCLUDE [Windows Update for Business deployment service limitations](./includes/wufb-deployment-limitations.md)]
 
+## Policy considerations for drivers
+
+<!--Using include for Policy considerations for drivers-->
+[!INCLUDE [Windows Update for Business deployment service driver policy considerations](./includes/wufb-deployment-driver-policy-considerations.md)]
+
+
 ## General tips for the deployment service
 
 Follow these suggestions for the best results with the service:
diff --git a/windows/deployment/update/deployment-service-troubleshoot.md b/windows/deployment/update/deployment-service-troubleshoot.md
index de2a896cad..f6be148c37 100644
--- a/windows/deployment/update/deployment-service-troubleshoot.md
+++ b/windows/deployment/update/deployment-service-troubleshoot.md
@@ -54,3 +54,8 @@ While expedite update deployments will override an update deferral for the updat
 
 <!--Using include for Update Health Tools log location-->
 [!INCLUDE [Windows Update for Business deployment service permissions using Graph Explorer](./includes/wufb-deployment-update-health-tools-logs.md)]
+
+## Policy considerations for drivers
+
+<!--Using include for Policy considerations for drivers-->
+[!INCLUDE [Windows Update for Business deployment service driver policy considerations](./includes/wufb-deployment-driver-policy-considerations.md)]
diff --git a/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md b/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
new file mode 100644
index 0000000000..0e01d0543b
--- /dev/null
+++ b/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
@@ -0,0 +1,18 @@
+---
+author: mestew
+ms.author: mstewart
+manager: aaroncz
+ms.technology: itpro-updates
+ms.prod: windows-client
+ms.topic: include
+ms.date: 02/14/2023
+ms.localizationpriority: medium
+---
+<!--This file is shared by deployment-service-drivers.md, deployment-service-troubleshoot.md, and the deployment-service-prerequisites.md articles. Headings may be driven by article context. 7512398 -->
+
+It's possible for the service to receive content approval but the content doesn't get installed on the device because of a Group Policy, CSP, or registry setting on the device. In some cases, organizations specifically configure these policies to fit their current or future needs. For instance, organizations may want to review applicable driver content through the deployment service, but not allow installation. Configuring this sort of behavior can be useful, especially when transitioning management of driver updates due to changing organizational needs. The following table describes driver related update policies that can affect deployments through the deployment service: 
+
+| Description of policies | Locations | Behavior with the deployment service|
+|---|---|---| 
+| Policies that exclude drivers from Windows Update for a device | - **Group Policy**: `\Windows Components\Windows Update\Do not include drivers with Windows Updates` set to `enabled` </br> - **CSP**: [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-csp-update#excludewudriversinqualityupdate) set to `1`  </br> - **Registry**:  `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversFromQualityUpdates` set to `1`</br> - **Intune**: [**Windows Drivers** update setting](/mem/intune/protect/windows-update-settings#update-settings) for the update ring set to `Allow` | Devices that are enrolled for **drivers** and added to an audience though the deployment service: </br></br> - Won't install drivers that are approved from the deployment service </br> - Will display the applicable driver content in the deployment service  | 
+| Policies that define the source for driver updates as either Windows Update or Windows Server Update Service (WSUS)|  - **Group Policy**: `\Windows Components\Windows Update\Manage updates offered from Windows Server Update Service\Specify source service for specific classes of Windows Updates` set to `enabled` with the `Driver Updates` option set to `Windows Update`</br> - **CSP**: [SetPolicyDrivenUpdateSourceForDriverUpdates](/windows/client-management/mdm/policy-csp-update#setpolicydrivenupdatesourcefordriverupdates) set to `0` for Windows Update as the source</br> - **Registry**:  `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\SetPolicyDrivenUpdateSourceForDriverUpdates` set to `0`. Under `\AU`, `UseUpdateClassPolicySource` also needs to be set to `1`</br> - **Intune**: Not applicable. Intune deploys updates using Windows Update for Business. [Co-managed clients from Configuration Manager](/mem/configmgr/comanage/overview?toc=/mem/configmgr/cloud-attach/toc.json&bc=/mem/configmgr/cloud-attach/breadcrumb/toc.json) with the workload for Windows Update policies set to Intune will also use Windows Update for Business. | Devices that are enrolled for **drivers** and added to an audience though the deployment service: </br></br> - Will display the applicable driver content in the deployment service </br> - Will install drivers that are approved from the deployment service  | 
diff --git a/windows/deployment/update/includes/wufb-deployment-policy-considerations.md b/windows/deployment/update/includes/wufb-deployment-policy-considerations.md
deleted file mode 100644
index d94f08d213..0000000000
--- a/windows/deployment/update/includes/wufb-deployment-policy-considerations.md
+++ /dev/null
@@ -1,21 +0,0 @@
----
-author: mestew
-ms.author: mstewart
-manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
-ms.topic: include
-ms.date: 02/14/2023
-ms.localizationpriority: medium
----
-<!--This file is shared by deployment-service-drivers.md, deployment-service-troubleshoot.md, and the deployment-service-prerequisites.md articles. Headings may be driven by article context. 7512398 -->
-
-## Policy considerations
-
-It's possible for the service to receive content approval but the content doesn't get installed on the device because of a Group Policy, CSP, or registry setting on the device. In some cases, organizations specifically configure policies to fit their needs. For instance, they may want to review applicable driver content, but not approve it for install through the deployment service. Configuring this sort of behavior can be useful, especially when transitioning driver update management due to changing organizational needs.
-
-| Policy | Behavior |
-|---|---|
-| 
-
-
diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md
index 6bcdbc9cde..a0c68c2f09 100644
--- a/windows/deployment/update/waas-wu-settings.md
+++ b/windows/deployment/update/waas-wu-settings.md
@@ -142,7 +142,7 @@ To add more flexibility to the update process, settings are available to control
 
 [Configure Automatic Updates](#configure-automatic-updates) offers four different options for automatic update installation, while [Do not include drivers with Windows Updates](#do-not-include-drivers-with-windows-updates) makes sure drivers are not installed with the rest of the received updates.
 
-### Do not include drivers with Windows Updates
+### Do not include drivers with Windows Updates 
 
 Allows admins to exclude Windows Update drivers during updates.
 
diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md
index 286ed2119c..3a9b231764 100644
--- a/windows/deployment/update/waas-wufb-group-policy.md
+++ b/windows/deployment/update/waas-wufb-group-policy.md
@@ -71,7 +71,7 @@ Drivers are automatically enabled because they are beneficial to device systems.
  We also recommend that you allow Microsoft product updates as discussed previously.
 
 ### Set when devices receive feature and quality updates
-
+ 
 #### I want to receive pre-release versions of the next feature update
 
 1. Ensure that you are enrolled in the Windows Insider Program for Business. This is a completely free program available to commercial customers to aid them in their validation of feature updates before they are released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates. 

From 151de96be08a48e27596b8be4f59e3c9c1637a18 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Tue, 14 Feb 2023 15:45:01 -0800
Subject: [PATCH 3/9] remove added spaces

---
 windows/deployment/update/waas-wu-settings.md       | 2 +-
 windows/deployment/update/waas-wufb-group-policy.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md
index a0c68c2f09..6bcdbc9cde 100644
--- a/windows/deployment/update/waas-wu-settings.md
+++ b/windows/deployment/update/waas-wu-settings.md
@@ -142,7 +142,7 @@ To add more flexibility to the update process, settings are available to control
 
 [Configure Automatic Updates](#configure-automatic-updates) offers four different options for automatic update installation, while [Do not include drivers with Windows Updates](#do-not-include-drivers-with-windows-updates) makes sure drivers are not installed with the rest of the received updates.
 
-### Do not include drivers with Windows Updates 
+### Do not include drivers with Windows Updates
 
 Allows admins to exclude Windows Update drivers during updates.
 
diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md
index 3a9b231764..286ed2119c 100644
--- a/windows/deployment/update/waas-wufb-group-policy.md
+++ b/windows/deployment/update/waas-wufb-group-policy.md
@@ -71,7 +71,7 @@ Drivers are automatically enabled because they are beneficial to device systems.
  We also recommend that you allow Microsoft product updates as discussed previously.
 
 ### Set when devices receive feature and quality updates
- 
+
 #### I want to receive pre-release versions of the next feature update
 
 1. Ensure that you are enrolled in the Windows Insider Program for Business. This is a completely free program available to commercial customers to aid them in their validation of feature updates before they are released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates. 

From 2590e3a22b2467a58901468a002b68552284b1db Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Wed, 15 Feb 2023 09:15:12 -0800
Subject: [PATCH 4/9] formatting

---
 ...deployment-driver-policy-considerations.md | 36 ++++++++++++++++---
 1 file changed, 31 insertions(+), 5 deletions(-)

diff --git a/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md b/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
index 0e01d0543b..7896c2acf9 100644
--- a/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
+++ b/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
@@ -10,9 +10,35 @@ ms.localizationpriority: medium
 ---
 <!--This file is shared by deployment-service-drivers.md, deployment-service-troubleshoot.md, and the deployment-service-prerequisites.md articles. Headings may be driven by article context. 7512398 -->
 
-It's possible for the service to receive content approval but the content doesn't get installed on the device because of a Group Policy, CSP, or registry setting on the device. In some cases, organizations specifically configure these policies to fit their current or future needs. For instance, organizations may want to review applicable driver content through the deployment service, but not allow installation. Configuring this sort of behavior can be useful, especially when transitioning management of driver updates due to changing organizational needs. The following table describes driver related update policies that can affect deployments through the deployment service: 
+It's possible for the service to receive content approval but the content doesn't get installed on the device because of a Group Policy, CSP, or registry setting on the device. In some cases, organizations specifically configure these policies to fit their current or future needs. For instance, organizations may want to review applicable driver content through the deployment service, but not allow installation. Configuring this sort of behavior can be useful, especially when transitioning management of driver updates due to changing organizational needs. The following list describes driver related update policies that can affect deployments through the deployment service: 
+
+
+
+### Policies that exclude drivers from Windows Update for a device
+
+The following policies exclude drivers from Windows Update for a device:
+
+- **Locations of policies that exclude drivers**:
+  -  **Group Policy**: `\Windows Components\Windows Update\Do not include drivers with Windows Updates` set to `enabled`
+  - **CSP**: [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-csp-update#excludewudriversinqualityupdate) set to `1`
+  - **Registry**:  `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversFromQualityUpdates` set to `1`
+  - **Intune**: [**Windows Drivers** update setting](/mem/intune/protect/windows-update-settings#update-settings) for the update ring set to `Allow` 
+
+**Behavior with the deployment service**: Devices with driver exclusion polices that are enrolled for **drivers** and added to an audience though the deployment service:
+  - Won't install drivers that are approved from the deployment service
+  - Will display the applicable driver content in the deployment service
+
+### Policies that define the source for driver updates
+
+The following policies define the source for driver updates as either Windows Update or Windows Server Update Service (WSUS):
+
+- **Locations of policies that define an update source**:
+  -  **Group Policy**: `\Windows Components\Windows Update\Manage updates offered from Windows Server Update Service\Specify source service for specific classes of Windows Updates` set to `enabled` with the `Driver Updates` option set to `Windows Update`
+  - **CSP**: [SetPolicyDrivenUpdateSourceForDriverUpdates](/windows/client-management/mdm/policy-csp-update#setpolicydrivenupdatesourcefordriverupdates) set to `0` for Windows Update as the source
+  - **Registry**:  `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\SetPolicyDrivenUpdateSourceForDriverUpdates` set to `0`. Under `\AU`, `UseUpdateClassPolicySource` also needs to be set to `1`
+  - **Intune**: Not applicable. Intune deploys updates using Windows Update for Business. [Co-managed clients from Configuration Manager](/mem/configmgr/comanage/overview?toc=/mem/configmgr/cloud-attach/toc.json&bc=/mem/configmgr/cloud-attach/breadcrumb/toc.json) with the workload for Windows Update policies set to Intune will also use Windows Update for Business.
+
+**Behavior with the deployment service**: Devices with these update source policies that are enrolled for **drivers** and added to an audience though the deployment service:
+  - Will display the applicable driver content in the deployment service
+  - Will install drivers that are approved from the deployment service
 
-| Description of policies | Locations | Behavior with the deployment service|
-|---|---|---| 
-| Policies that exclude drivers from Windows Update for a device | - **Group Policy**: `\Windows Components\Windows Update\Do not include drivers with Windows Updates` set to `enabled` </br> - **CSP**: [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-csp-update#excludewudriversinqualityupdate) set to `1`  </br> - **Registry**:  `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversFromQualityUpdates` set to `1`</br> - **Intune**: [**Windows Drivers** update setting](/mem/intune/protect/windows-update-settings#update-settings) for the update ring set to `Allow` | Devices that are enrolled for **drivers** and added to an audience though the deployment service: </br></br> - Won't install drivers that are approved from the deployment service </br> - Will display the applicable driver content in the deployment service  | 
-| Policies that define the source for driver updates as either Windows Update or Windows Server Update Service (WSUS)|  - **Group Policy**: `\Windows Components\Windows Update\Manage updates offered from Windows Server Update Service\Specify source service for specific classes of Windows Updates` set to `enabled` with the `Driver Updates` option set to `Windows Update`</br> - **CSP**: [SetPolicyDrivenUpdateSourceForDriverUpdates](/windows/client-management/mdm/policy-csp-update#setpolicydrivenupdatesourcefordriverupdates) set to `0` for Windows Update as the source</br> - **Registry**:  `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\SetPolicyDrivenUpdateSourceForDriverUpdates` set to `0`. Under `\AU`, `UseUpdateClassPolicySource` also needs to be set to `1`</br> - **Intune**: Not applicable. Intune deploys updates using Windows Update for Business. [Co-managed clients from Configuration Manager](/mem/configmgr/comanage/overview?toc=/mem/configmgr/cloud-attach/toc.json&bc=/mem/configmgr/cloud-attach/breadcrumb/toc.json) with the workload for Windows Update policies set to Intune will also use Windows Update for Business. | Devices that are enrolled for **drivers** and added to an audience though the deployment service: </br></br> - Will display the applicable driver content in the deployment service </br> - Will install drivers that are approved from the deployment service  | 

From 1387aad57ad2b8a1651926c78731883f5dfa0d50 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Wed, 15 Feb 2023 09:49:28 -0800
Subject: [PATCH 5/9] formatting and edits

---
 .../wufb-deployment-driver-policy-considerations.md         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md b/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
index 7896c2acf9..734b9cde8b 100644
--- a/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
+++ b/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
@@ -12,8 +12,6 @@ ms.localizationpriority: medium
 
 It's possible for the service to receive content approval but the content doesn't get installed on the device because of a Group Policy, CSP, or registry setting on the device. In some cases, organizations specifically configure these policies to fit their current or future needs. For instance, organizations may want to review applicable driver content through the deployment service, but not allow installation. Configuring this sort of behavior can be useful, especially when transitioning management of driver updates due to changing organizational needs. The following list describes driver related update policies that can affect deployments through the deployment service: 
 
-
-
 ### Policies that exclude drivers from Windows Update for a device
 
 The following policies exclude drivers from Windows Update for a device:
@@ -25,8 +23,9 @@ The following policies exclude drivers from Windows Update for a device:
   - **Intune**: [**Windows Drivers** update setting](/mem/intune/protect/windows-update-settings#update-settings) for the update ring set to `Allow` 
 
 **Behavior with the deployment service**: Devices with driver exclusion polices that are enrolled for **drivers** and added to an audience though the deployment service:
-  - Won't install drivers that are approved from the deployment service
   - Will display the applicable driver content in the deployment service
+  - Won't install drivers that are approved from the deployment service
+    - If drivers are deployed to a device that's blocking them, the deployment service displays the driver is being offered and reporting displays the install is pending.
 
 ### Policies that define the source for driver updates
 
@@ -42,3 +41,4 @@ The following policies define the source for driver updates as either Windows Up
   - Will display the applicable driver content in the deployment service
   - Will install drivers that are approved from the deployment service
 
+> [!NOTE] When the scan source for drivers is set to WSUS, the deployment service doesn't get inventory events from devices. This means that the deployment service won't be able to report the applicability of a driver for the device. 
\ No newline at end of file

From 3c273d76b964485d9d346d86cdf3d1f8f68fed46 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Wed, 15 Feb 2023 10:41:33 -0800
Subject: [PATCH 6/9] edits clarifying consent for graph

---
 .../update/includes/wufb-deployment-graph-explorer.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/includes/wufb-deployment-graph-explorer.md b/windows/deployment/update/includes/wufb-deployment-graph-explorer.md
index 31b45d8227..92d5814b27 100644
--- a/windows/deployment/update/includes/wufb-deployment-graph-explorer.md
+++ b/windows/deployment/update/includes/wufb-deployment-graph-explorer.md
@@ -15,7 +15,7 @@ For this article, you'll use Graph Explorer to make requests to the [Microsoft G
 > [!WARNING]
 >
 > - Requests listed in this article require signing in with a Microsoft 365 account. If needed, a free one month trial is available for [Microsoft 365 Business Premium](https://www.microsoft.com/microsoft-365/business/microsoft-365-business-premium).
-> - Using a test tenant to verify the deployment process first is highly recommended. If you use a production tenant, ensure you verify which client devices you're targeting with deployments.
+> - Using a test tenant to learn and verify the deployment process is highly recommended. Graph Explorer is intended to be a learning tool. Ensure you understand  [granting consent](/graph/security-authorization) and the [consent type](/graph/api/resources/oauth2permissiongrant?view=graph-rest-1.0#properties) for Graph Explorer before proceeding.
 
 1. From a browser, go to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer) and sign in using an Azure Active Directory (Azure AD) user account.
 1. You may need to enable the [`WindowsUpdates.ReadWrite.All` permission](/graph/permissions-reference#windows-updates-permissions) to use the queries in this article. To enable the permission:

From 24d50976b7523d4d07061a91d1563d58123a28c4 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Wed, 15 Feb 2023 14:35:45 -0800
Subject: [PATCH 7/9] edit

---
 .../includes/wufb-deployment-driver-policy-considerations.md   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md b/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
index 734b9cde8b..d8c96ee718 100644
--- a/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
+++ b/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
@@ -41,4 +41,5 @@ The following policies define the source for driver updates as either Windows Up
   - Will display the applicable driver content in the deployment service
   - Will install drivers that are approved from the deployment service
 
-> [!NOTE] When the scan source for drivers is set to WSUS, the deployment service doesn't get inventory events from devices. This means that the deployment service won't be able to report the applicability of a driver for the device. 
\ No newline at end of file
+> [!NOTE] 
+> When the scan source for drivers is set to WSUS, the deployment service doesn't get inventory events from devices. This means that the deployment service won't be able to report the applicability of a driver for the device. 
\ No newline at end of file

From 4c3bb710b6fd49be5845453cbe918d117f1c5ad2 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Wed, 15 Feb 2023 14:38:08 -0800
Subject: [PATCH 8/9] edit

---
 .../update/includes/wufb-deployment-graph-explorer.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/includes/wufb-deployment-graph-explorer.md b/windows/deployment/update/includes/wufb-deployment-graph-explorer.md
index 92d5814b27..ca1b4d103a 100644
--- a/windows/deployment/update/includes/wufb-deployment-graph-explorer.md
+++ b/windows/deployment/update/includes/wufb-deployment-graph-explorer.md
@@ -15,7 +15,7 @@ For this article, you'll use Graph Explorer to make requests to the [Microsoft G
 > [!WARNING]
 >
 > - Requests listed in this article require signing in with a Microsoft 365 account. If needed, a free one month trial is available for [Microsoft 365 Business Premium](https://www.microsoft.com/microsoft-365/business/microsoft-365-business-premium).
-> - Using a test tenant to learn and verify the deployment process is highly recommended. Graph Explorer is intended to be a learning tool. Ensure you understand  [granting consent](/graph/security-authorization) and the [consent type](/graph/api/resources/oauth2permissiongrant?view=graph-rest-1.0#properties) for Graph Explorer before proceeding.
+> - Using a test tenant to learn and verify the deployment process is highly recommended. Graph Explorer is intended to be a learning tool. Ensure you understand  [granting consent](/graph/security-authorization) and the [consent type](/graph/api/resources/oauth2permissiongrant#properties) for Graph Explorer before proceeding.
 
 1. From a browser, go to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer) and sign in using an Azure Active Directory (Azure AD) user account.
 1. You may need to enable the [`WindowsUpdates.ReadWrite.All` permission](/graph/permissions-reference#windows-updates-permissions) to use the queries in this article. To enable the permission:

From 28f9bdb57cbdb70f173b370d45df6341c35162f2 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Wed, 15 Feb 2023 14:40:01 -0800
Subject: [PATCH 9/9] edit

---
 windows/deployment/update/deployment-service-prerequisites.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/deployment-service-prerequisites.md b/windows/deployment/update/deployment-service-prerequisites.md
index 8a35986ded..e2f45c2ee4 100644
--- a/windows/deployment/update/deployment-service-prerequisites.md
+++ b/windows/deployment/update/deployment-service-prerequisites.md
@@ -42,7 +42,7 @@ Windows Update for Business deployment service supports Windows client devices o
 
 ### Windows operating system updates
 
-- Expediting updates requires the *Update Health Tools* on the clients. The tools are are installed starting with [KB 4023057](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a). To confirm the presence of the Update Health Tools on a device:
+- Expediting updates requires the *Update Health Tools* on the clients. The tools are installed starting with [KB 4023057](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a). To confirm the presence of the Update Health Tools on a device:
   - Look for the folder **C:\Program Files\Microsoft Update Health Tools** or review *Add Remove Programs* for **Microsoft Update Health Tools**.
   - As an Admin, run the following PowerShell script:  `Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -match "Microsoft Update Health Tools"}`