overview and prereq edits

windows/deployment/update/deployment-service-drivers.md

@@ -32,7 +32,7 @@ This article uses [Graph Explorer](/graph/graph-explorer/graph-explorer-overview
 
 ## Prerequisites
 
-All of the [prerequisites for the Windows Update for Business deployment service](deployment-service-overview.md#prerequisites) must be met.
+All of the [prerequisites for the Windows Update for Business deployment service](deployment-service-prerequisites.md) must be met.
 
 ### Permissions
 

windows/deployment/update/deployment-service-expedited-updates.md

@@ -28,7 +28,7 @@ In this article, you will:
 
 ## Prerequisites
 
-All of the [prerequisites for the Windows Update for Business deployment service](deployment-service-overview.md#prerequisites) must be met.
+All of the [prerequisites for the Windows Update for Business deployment service](deployment-service-prerequisites.md) must be met.
 
 ### Permissions
 

windows/deployment/update/deployment-service-feature-updates.md

@@ -33,7 +33,7 @@ In this article, you will:
 
 ## Prerequisites
 
-All of the [prerequisites for the Windows Update for Business deployment service](deployment-service-overview.md#prerequisites) must be met.
+All of the [prerequisites for the Windows Update for Business deployment service](deployment-service-prerequisites.md) must be met.
 
 ### Permissions
 

windows/deployment/update/deployment-service-overview.md

@@ -23,7 +23,7 @@ Windows Update for Business product family has three elements:
 - [Windows Update for Business reports](wufb-reports-overview.md) to monitor update deployment
 - Deployment service APIs to approve and schedule specific updates for deployment, which are available through the Microsoft Graph and associated SDKs (including PowerShell)
 
-The deployment service complements existing Windows Update for Business capabilities, including existing device policies and [Windows Update for Business reports](wufb-reports-overview.md).
+The deployment service complements existing Windows Update for Business capabilities, including existing device policies and the[Windows Update for Business reports workbook](wufb-reports-workbook.md).
 
 :::image type="content" source="media/7512398-deployment-service-overview.png" alt-text="Diagram displaying the three elements that are parts of the Windows Update for Business family.":::
 
@@ -54,7 +54,7 @@ The deployment service is designed for IT Pros who are looking for more control
 
 Certain capabilities are available for specific update classifications:
 
-|Capabilities | Quality updates | Feature updates | Drivers and firmware|
+|Capabilities | [Quality updates](deployment-service-expedited-updates.md) | [Feature updates](deployment-service-feature-updates.md) | [Drivers and firmware](deployment-service-drivers.md)|
 |---|---|---|---|
 |Approval and scheduling | | Yes | Yes |
 |Gradual rollout | | Yes | Yes |
@@ -66,7 +66,7 @@ Certain capabilities are available for specific update classifications:
 
 The deployment service protects deployments through a combination of rollout controls and machine-learning algorithms that monitor deployments and react to issues during the rollout.
 
-### Schedule rollouts with automatic piloting
+### Gradual rollout
 
 The deployment service allows any update to be deployed over a period of days or weeks. Once an update has been scheduled, the deployment service optimizes the deployment based on the scheduling parameters and unique attributes spanning the devices being updated. The service follows these steps:
 
@@ -75,24 +75,28 @@ The deployment service allows any update to be deployed over a period of days or
 3. Start deploying to earlier waves to build coverage of device attributes present in the population.
 4. Continue deploying at a uniform rate until all waves are complete and all devices are updated.
 
-This built-in piloting capability complements your existing ring structure and provides another support for reducing and managing risk during an update. Unlike tools such as Desktop Analytics, this capability is intended to operate within each ring. The deployment service doesn't provide a workflow for creating rings themselves.
-
-You should continue to use deployment rings as part of the servicing strategy for your organization, but use gradual rollouts to add scheduling convenience and other protections within each ring.
+This built-in piloting capability complements your existing [deployment ring](waas-quick-start.md) structure and provides another support for reducing and managing risk during an update. This capability is intended to operate within each ring. The deployment service doesn't provide a workflow for creating rings themselves. Continue to use deployment rings as part of the servicing strategy for your organization, but use gradual rollouts to add scheduling convenience and other protections within each ring.
 
 ### Safeguard holds against likely and known issues
 
-Microsoft uses [safeguard holds](/windows/deployment/update/safeguard-holds) to protect devices from encountering known quality or compatibility issues by preventing them from installing the update or upgrade. For Windows 11 deployments, the deployment service extends these safeguard holds to also protect devices that Microsoft identifies as being at a higher risk of experiencing problems after an update (such as operating system rollbacks, app crashes, or graphics issues). The service temporarily holds the deployment for these devices while Microsoft investigates the likely issue. Safeguard holds apply to deployments by default, but you can opt out.
-
-To verify whether a device is affected by a safeguard hold, see [Am I affected by a safeguard hold?](/windows/deployment/update/safeguard-holds#am-i-affected-by-a-safeguard-hold)
+Microsoft uses [safeguard holds](/windows/deployment/update/safeguard-holds) to protect devices from encountering known quality or compatibility issues by preventing them from installing the update or upgrade. For Windows 11 deployments, the deployment service extends these safeguard holds to also protect devices that Microsoft identifies as being at a higher risk of experiencing problems after an update (such as operating system rollbacks, app crashes, or graphics issues). The service temporarily holds the deployment for these devices while Microsoft investigates the likely issue. Safeguard holds apply to deployments by default, but you can opt out. To verify whether a device is affected by a safeguard hold, see [Am I affected by a safeguard hold?](/windows/deployment/update/safeguard-holds#am-i-affected-by-a-safeguard-hold).
 
 ### Monitoring deployments to detect rollback issues
 
 During deployments of Windows 11 or Windows 10 feature updates, driver combinations can sometimes result in an unexpected update failure that makes the device revert to the previously installed operating system version. The deployment service can monitor devices for such issues and automatically pause deployments when this happens, giving you time to detect and mitigate issues.
-## Getting started with the deployment service
 
-To use the deployment service, you use a management tool built on the platform, script common actions using PowerShell, or build your own application.
+## Get started with the deployment service
 
-### Using Microsoft Intune
+To use the deployment service, you use a management tool built on the platform like Microsoft Intune, script common actions using PowerShell, or build your own application.
+
+To learn more about the deployment service, see:
+
+- [Prerequisites for Windows Update for Business deployment service](deployment-service-prerequisites.md)
+- [Deploy feature updates using Graph Explorer](deployment-service-feature-updates.md)
+- [Deploy expedited updates using Graph Explorer](deployment-service-expedited-updates.md)
+- [Deploy driver and firmware updates using Graph Explorer](deployment-service-drivers.md)
+
+### Use Microsoft Intune
 
 Microsoft Intune integrates with the deployment service to provide Windows client update management capabilities. For more information, see:
 

windows/deployment/update/deployment-service-prerequisites.md

@@ -38,12 +38,21 @@ Windows Update for Business deployment service requires users of the devices to
 - Windows 11 Professional, Education, Enterprise, Pro Education, or Pro for Workstations editions
 - Windows 10 Professional, Education, Enterprise, Pro Education, or Pro for Workstations editions
 
-## Windows client servicing channels
+### Windows operating system updates
+
+- Expediting updates requires the *Update Health Tools* on the clients. The tools are are installed starting with [KB 4023057](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a). To confirm the presence of the Update Health Tools on a device:
+  - Look for the folder **C:\Program Files\Microsoft Update Health Tools** or review *Add Remove Programs* for **Microsoft Update Health Tools**.
+  - As an Admin, run the following PowerShell script:  `Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -match "Microsoft Update Health Tools"}`
+
+- Installing the 2023-02 Cumulative Update is highly recommended to take advantage of [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data).
+
+- ## Windows client servicing channels
 
 Windows Update for Business deployment service supports Windows client devices on the following channels:
 
 - General Availability Channel
 
+
 ## Diagnostic data requirements
 
 Deployment scheduling controls are always available. However, to take advantage of the unique deployment protections tailored to your population and to [deploy driver updates](deployment-service-drivers.md), devices must share diagnostic data with Microsoft. At minimum, the deployment service requires devices to send [diagnostic data](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-settings) at the *Required* level (previously called *Basic*) for these features. Some options for the deployment service require devices to send diagnostic data at the following levels:
@@ -59,21 +68,38 @@ Deployment scheduling controls are always available. However, to take advantage
 > [!NOTE]
 > Leveraging other parts of the Graph API might require additional permissions. For example, to display [device](/graph/api/resources/device) information, a minimum of [Device.Read.All](/graph/permissions-reference#device-permissions) permission is needed.
 
+## Required endpoints
+
+- Have access to the following endpoints:
+
+- [Windows Update endpoints](/windows/privacy/manage-windows-1809-endpoints#windows-update)
+    - *.prod.do.dsp.mp.microsoft.com
+    - *.windowsupdate.com
+    - *.dl.delivery.mp.microsoft.com
+    - *.update.microsoft.com
+    - *.delivery.mp.microsoft.com
+    - tsfe.trafficshaping.dsp.mp.microsoft.com
+- Windows Update for Business deployment service endpoints 
+
+    - devicelistenerprod.microsoft.com
+    - login.windows.net
+    - payloadprod*.blob.core.windows.net
+
+- [Windows Push Notification Services](/windows/uwp/design/shell/tiles-and-notifications/firewall-allowlist-config): *(Recommended, but not required. Without this access, devices might not expedite updates until their next daily check for updates.)*
+    - *.notify.windows.com
+
+
 ## Limitations
 
 <!--Using include for deployment service limitations-->
 [!INCLUDE [Windows Update for Business deployment service limitations](./includes/wufb-deployment-limitations.md)]
 
+## General tips for the deployment service
 
-## Best practices
-Follow these suggestions for the best results with the service.
-
-### Device onboarding
+Follow these suggestions for the best results with the service:
 
 - Wait until devices finish provisioning before managing with the service. If a device is being provisioned by Autopilot, it can only be managed by the deployment service after it finishes provisioning (typically one day).
 
 - Use the deployment service for feature update management without feature update deferral policy. If you want to use the deployment service to manage feature updates on a device that previously used a feature update deferral policy, it's best to set the feature update deferral policy to **0** days to avoid having multiple conditions governing feature updates. You should only change the feature update deferral policy value to 0 days after you've confirmed that the device was enrolled in the service with no errors.
 
-### General
-
-Avoid using different channels to manage the same resources. If you use Microsoft Intune along with Microsoft Graph APIs or PowerShell, aspects of resources (such as devices, deployments, updatable asset groups) might be overwritten if you use both channels to manage the same resources. Instead, only manage each resource through the channel that created it.
+- Avoid using different channels to manage the same resources. If you use Microsoft Intune along with Microsoft Graph APIs or PowerShell, aspects of resources (such as devices, deployments, updatable asset groups) might be overwritten if you use both channels to manage the same resources. Instead, only manage each resource through the channel that created it.

windows/deployment/update/deployment-service-troubleshoot.md

@@ -19,6 +19,11 @@ ms.date: 12/31/2017
 
 This troubleshooting guide addresses the most common issues that IT administrators face when using the Windows Update for Business [deployment service](deployment-service-overview.md). For a general troubleshooting guide for Windows Update, see [Windows Update troubleshooting](/troubleshoot/windows-client/deployment/windows-update-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json).
 
+
+## General tips for the deployment service
+
+
+
 ## The device isn't receiving an update that I deployed
 
 - Check that the device doesn't have updates of the relevant category paused. See [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates).