News

Windows Update for Business Deployment Service To Get Gradual Rollouts Feature

Microsoft is continuing to add capabilities to its budding Windows Update for Business Deployment Service, introducing a "gradual rollouts" capability this week.

The Windows Update for Business Deployment Service is a somewhat new cloud-based service, introduced in March of last year, that aims to provide organizations with more nuanced control over Windows software updates. It has certain coming capabilities that are yet to reach the preview stage. It's designed to work with PowerShell, Microsoft Graph APIs and Microsoft Endpoint Manager (Intune), but those capabilities also seem to be at the yet-to-come stage.

Microsoft had predicted back in March that the Windows Update for Business Deployment Service would be "available to all Windows Enterprise customers in the first half of 2021," but that prediction now seems off the mark.

Gradual Rollouts Feature
The newly described gradual rollouts feature for the Windows Update for Business Deployment Service is used to stagger Windows 10 or Windows 11 client operating system updates across various device types. It's apparently modeled after Microsoft's own Windows Update triage process that's used in "updating hundreds of millions of consumer devices."

The gradual rollouts capability is designed for use by organizations with "unique" hardware and software compatibility challenges, per Microsoft's description.

To use gradual rollouts, IT pros need to enable an "AllowWUfBCloudProcessing policy," which lets them order Windows updates based on device hardware attributes, as well as based on the applications or drivers used. Enabling this policy grants Microsoft certain information processing permissions.

"By enabling the AllowWUfBCloudProcessing policy, you give Microsoft permission to collect and process information on these important device attributes and use this information to optimize the order in which devices are included within a gradual rollout," Microsoft's announcement explained.

The announcement doesn't explain if gradual rollouts feature is available or at preview for testing. However, most of the capabilities of the Windows Update for Business Deployment Service are yet to reach the public preview stage, and possibly are still at the private preview stage.

Windows Update for Business Deployment Service Timeline
Possibly, the Windows Update for Business Deployment Service will be available in preview form in the first or second half of this year, maybe as a commercial release, but it's all a bit murky.

For instance, Microsoft recently updated this November announcement to state that "the public preview for the Windows Update for Business deployment service will be available in Microsoft Graph and in Microsoft Endpoint Manager in the first half of 2022," but that claim isn't consistent with other Microsoft declarations.

The updated November announcement also included the following timeline, which illustrated when certain Microsoft Graph capabilities (Approval and Scheduling, Management Reporting) will light up in the Windows Update for Business Deployment Service:

[Click on image for larger view.] Figure 1. Timeline for certain Microsoft Graph capabilities in the Windows Update for Business Deployment Service (source: Nov. 2, 2021 Microsoft Tech Community post, updated on March 9, 2022).

Microsoft had earlier stated, in another updated announcement, that "the public preview of Microsoft Graph APIs to manage Windows updates" occurred on April 28, 2021.

Microsoft is currently planning a public preview release of Windows Update for Business Deployment Service as a Web app in July, with Windows Intune integration expected to arrive later this year (presumably in public preview form).

Here's how Microsoft's updated November article explained the Windows Update for Business Deployment Service's coming milestones.

The private preview for Microsoft Graph kicked off in December 2021 with the web application enabling approval and scheduling of drivers. In May 2022, management reporting in Update Compliance will join the private preview, and we plan to launch all capabilities in public preview in July 2022, with a fully open-sourced web application. It will be publicly available in Intune later this year.

Requirements
To use the Windows Update for Business Deployment Service, when it gets released, organizations will need subscription licensing for Windows 10 E3 (at minimum) or Windows Virtual Desktop Access E3 (at minimum), or a Microsoft 365 Business Premium subscription.

Windows devices will need to be joined to the Azure Active Directory service or they can be "hybrid" joined (Azure AD plus local Active Directory).

IT pros will need to have certain role permissions to use the Windows Update for Business Deployment Service. They'll need to be a Global Admin or an Intune Admin in Azure AD. Alternatively, they can use a Policy and Profile Manager role in Microsoft Intune for the service.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

comments powered by Disqus