Windows Update for Business Deployment Service Adds Expedite Readiness Report
The Windows Update for Business Deployment Service now lets organizations check if an expedited Windows quality update would meet all device prerequisites before rolling it out, per a Wednesday announcement.
This new capability is called the "device readiness test." It's a Microsoft Graph capability that supplies information about Windows device readiness for a patch without first deploying it, which may help harried IT pros responding to potential attack avenues.
Here's how Microsoft characterized the device readiness test:
Unlike the actual deployment, the new device readiness test doesn't deliver content to the devices. Instead, it scans each device and generates alerts if any prerequisites are missing. Once you resolve these alerts successfully, you'll have confidence that the deployment process will be smooth, with minimal disruptions.
IT pros can see which devices won't successfully receive an expedited patch via the "Expedite Status" report in Windows Update for Business reports. Moreover, they'll get remediation steps from Microsoft. It's the same information they might have seen after a deployment failure.
"These are the same common alerts and remediations as you could previously see post-deployment," Microsoft explained.
The Windows Update for Business Deployment Service is Microsoft's cloud-based service for managing Windows updates. It's long had an Expedite capability, which lets organizations install an individual monthly quality patch that may seem crucial. For instance, organizations may want to react to a publicized "zero-day" vulnerability by patching it quickly. A zero day is a flaw that was just discovered by the software maker.
What gets expedited when using the Expedite capability in the Windows Update for Business Deployment Service right now is just security patches, even though Microsoft's quality updates, released each month, contain both software quality patches and security patches.
"Not all updates can be expedited," Microsoft explained in this document. "Currently, only Windows 10/11 security updates that can be expedited are available to deploy with Quality updates policy."
Organizations need a Microsoft Intune license, plus E3 or E5-type licensing, to use the Windows Update for Business Deployment Service, the document explained.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.