Update May 10, 2021: On April 28, 2021, we announced the public preview of Microsoft Graph APIs to manage Windows updates. Read the announcement and learn more here: Public preview of Microsoft Graph APIs to manage Windows updates.
Today, we are excited to announce the Windows Update for Business deployment service. This new service empowers IT professionals to meet the business goals of their organizations and requirements of their end users no matter where a device resides on the planet—be it in the office, at home, or on the road.
Over the past year, organizations have rapidly shifted to remote work strategies, emphasizing and leveraging cloud services more than ever before. We have evolved our approach to Windows as a service since the release of Windows 10. We added more controls, and developed frameworks to help you successfully transition to a cloud servicing cadence.
Microsoft AI powers update decisions for more than a billion devices worldwide, and we are committed to making the same controls and technology available to every device manager. The deployment service is designed as an enterprise-grade solution on top of this servicing platform.
These technologies represent an exciting next step in the evolution of Windows as a service.
A closer look at the Windows Update for Business deployment service
The deployment service is a new cloud service within the Windows Update for Business product family. It provides control over the approval, scheduling, monitoring, and safeguarding of content delivered from Windows Update, and is designed to work in harmony with your existing Windows Update for Business policies.
We have designed deployment service with your feedback in mind.
- IT is in control. Approve and schedule any Windows content delivered from Windows Update, including feature updates, quality updates, drivers, and firmware. As the IT professional responsible for your organization, if you have not approved the content, it won’t deploy.
- Easy to adopt. The deployment service is integrated with Microsoft Endpoint Manager, either through cloud-only controls or co-management so you can adopt content and features at your own pace. No need to “lift and shift” your organization at one time.
- Responsive to change. Delivering innovation through cloud services makes it easy for you to adopt. Capabilities are common across OS releases and you no longer need to install an update to access new update controls.
- Compliant and privacy-focused. ISO 27001, FedRAMP High, HiTRUST, and SOC II certified.
The deployment service significantly extends the management plane available to devices connecting to Windows Update. It will enable you to:
- Schedule update deployments to begin on a specific date (ex: deploy 20H2 to these devices on March 14, 2021)
- Stage deployments over a period of days or weeks using rich expressions (ex: deploy 20H2 to 500 devices per day, beginning on March 14, 2021)
- Bypass pre-configured Windows Update for Business policies to immediately deploy a security update across your organization when emergencies arise
- Ensure coverage of hardware and software in your organization through deployments that are tailored to your unique device population through automatic piloting
- Leverage Microsoft ML to automatically identify and pause deployments to devices which are likely to be impacted by a safeguard hold
- Manage driver and firmware updates just like feature updates and quality updates
Our Preview release of the deployment service will be available to all Windows Enterprise customers in the first half of 2021. These capabilities will be made available through new Microsoft Graph APIs and the associated PowerShell SDK. An extension to Update Compliance will provide reporting and monitoring support for the deployment service.
For customers who are looking for an integrated solution, we are delivering these capabilities through Microsoft Endpoint Manager as well. We started with the Windows 10 feature updates public preview, and we have been encouraged by the strong adoption from customers of all sizes and industries across the globe. New organizational and operational reporting capabilities are also available, with more update management capabilities coming in future releases.
For all enterprise customers, deployment service capabilities are available to Azure AD joined and Hybrid Azure AD joined devices that are covered by a Microsoft 365 or Windows 10 E3 user license. Intune support requires either a Microsoft 365 E3 license, or both Windows and EMS E3 licenses.
We are excited to see how you and your partnering application developers will use the deployment service and broader Windows Update for Business product family to simplify update management and deliver better results for your organization and users.
For more details on the scenarios and capabilities coming to you through the deployment service, we've included the following video: