Today I am excited to announce the public preview for the Windows Update for Business deployment service will be available in Microsoft Graph and in Microsoft Endpoint Manager in the first half of 2022!
Don't miss our Microsoft Ignite depth on demand session for a closer look at the deployment service, and read on for valuable insights, including:
Note that while I will be using the term drivers exclusively from here, firmware updates are included in this definition, as they are published to Windows Update, target Windows devices, and offered to devices in the exact same way as non-firmware driver updates.
Drivers are primarily built by independent hardware vendors (IHVs) like Intel or Realtek and original equipment manufacturers (OEMs) like Dell and Lenovo. The hardware ecosystem for Windows devices includes hundreds of partners who continuously build new drivers and deliver updates to existing ones. All drivers must be certified by the Windows Hardware Dev Center and signed by Microsoft for Windows to install them, and most are published to Windows Update.
Through flighting and gradual rollout, the Microsoft Drivers and Firmware Shiproom validates all drivers before making them generally available on Windows Update.
Driver flighting in the Partner Center enables hardware partners, including IHVs and OEMs, to distribute drivers within defined Windows Insider rings, while providing automatic monitoring and evaluation. Be sure to review the driver validation program for more details on this program.
When driver validation is complete, Microsoft gradually rolls out drivers over 30 days while applying monitoring and scrutiny. At the first sign of concern, rollout is stopped, and further investigations quickly determine if the update can resume rollout or if it must be removed from Windows Update.
Drivers are built for specific hardware components that are identified by unique IDs:
Publishers can manage how Windows Update offers drivers by specifying whether an update should be offered during the automatic daily scan or offered only when an end user manually initiates a scan. Accordingly, these publishing options are called Automatic and Manual:
When a Windows device scans Windows Update, it sends the service the HWIDs that identify all hardware components in the device, CHIDs for the system, and a complete list of the drivers that are already installed on the device for each hardware component. Windows Update then goes through a two-step applicability and ranking process to determine if a better driver exists on the service.
If there are no drivers that rank higher than the one currently on the device, then no better driver exists, and Windows Update will not offer an option. However, if there are newer drivers on the list, Windows Update will pick the highest ranking one—normally by version number or version date—and will offer that better driver. Generally, Windows Update only considers automatic drivers for its ranking process. Manual drivers that are either newer or of a most recent version are not considered better than what is already installed on the scanning system during the automatic scan. The only exception is when the end user scans manually, which allows Windows Update to consider the best ranked driver across automatic and manual publications.
The Windows Update for Business deployment service is already part of Microsoft Graph, and it enables app developers who integrate with our platform to create management experiences for Windows Update servicing.
In March of 2021, we announced the deployment service at Microsoft Ignite and I offered an initial walkthrough of its capabilities, using Microsoft Intune to illustrate how a managed device experience changes when it is enrolled in the deployment service. In this week's Microsoft Ignite session, I offer a deeper look at how the deployment service is integrated with Windows Update and how Graph is used by Intune to provide browsing, approval, and scheduling capabilities in the portal.
Don't miss the November Microsoft Ignite session for more details and for demos by David Guyer on live code in the Intune portal and Aria Carley on how Configuration Manager devices can access driver management in the cloud by turning on dual-scan group policy for drivers. This leaves Configuration Manager in Windows Server Update Services unchanged while the deployment service provides net-new driver management capabilities.
Just as Intune integrates with Graph to build management experiences, any app developer can do so too. We built a web application that integrates with Graph to provide admins early access to these capabilities whether during the current private preview or the upcoming public preview. The web application allows admins to create new driver policies, browse applicable drivers, and take approval and scheduling actions. It will be open source during the public preview, and you'll have insight into the integration with Graph.
We're also excited to share a first look at the management reporting that will support driver servicing capabilities when they reach public preview. These reports will be available as Workbooks in our analytics product for Windows Update for Business: Update Compliance.
Reporting will be launched for:
The public preview for Microsoft Graph kicks off at the beginning of 2022. We'll make the web app repository available publicly and release the management reporting in Update Compliance. Mark your calendars for the public preview of the deployment service in Intune coming in first half of 2022.
Want to stay informed and to engage with other IT admins in the community? Be sure to join our engineering neighborhood in the Windows Customer Connection Program (select the option in question 5). Regular updates, including timing for all preview phases will be provided via Microsoft Teams.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.