Device readiness checks for expedited Windows quality updates
Published Jan 31 2024 10:00 AM 6,741 Views
Microsoft

Now, you can proactively check the readiness of all devices in your organization before deploying an actual security update in an expedited way. A new addition to the Expedite capability of Windows Update for Business deployment service simplifies and enhances your workflow even further. With the device readiness test, you can perform pre-flight checks, assuring that you meet all the prerequisites for successful expedited Windows quality updates.

What’s a device readiness test for Expedite?

Expedited Windows quality updates are a feature that fast-tracks installation of security updates. Up until now, you’ve been getting post-deployment report summaries for devices that couldn’t be expedited. That’s old news now, but if you’ve missed it, read about different types of alerts and remediation guidance at Get the most out of expedited Windows quality updates. The better news is that now, you can get your hands on this report before expediting the updates.

Unlike the actual deployment, the new device readiness test doesn’t deliver content to the devices. Instead, it scans each device and generates alerts if any prerequisites are missing. Once you resolve these alerts successfully, you’ll have confidence that the deployment process will be smooth, with minimal disruptions.

This feature is available through Microsoft Graph.

Get started with the readiness report

Here’s your step-by-step guide for running an Expedite readiness report for devices using Microsoft Graph API endpoint. Let’s walk through creating your readiness report, assigning devices to an audience, and using the report.

Note: For additional information, see Deploy an expedited quality update using the Windows Update for Business deployment service.

Step 1. Create a readiness deployment

Use the new property “IsReadinessTest” under settings in your Microsoft Graph API call, as shown:

Screenshot of the MS Graph interface showing the request body including a call for readiness test.Screenshot of the MS Graph interface showing the request body including a call for readiness test.

When you make the call with the property “isReadinessTest” set to “true,” the scan begins. Notice the Audience ID in the response below.

Screenshot of the MS Graph response to the API call to run the readiness test.Screenshot of the MS Graph response to the API call to run the readiness test.

Step 2. Assign devices to the audience

To add devices to the deployment audience, use the Audience ID received in the response in the previous step to add Microsoft Entra IDs of the devices.

The example below shows that Audience ID, 353407c3-b368-4afb-847d-db850dcd083a, was created when the deployment was created. The Audience ID is used to add members to the deployment audience. After you create the deployment and update the audience, the service will check that the device meets all the prerequisites and trigger relevant alerts in the report. No content is offered to the devices.

Screenshot of the MS Graph interface showing the request body to add audience members with a successful response.Screenshot of the MS Graph interface showing the request body to add audience members with a successful response.

Once these steps are complete, please allow 2-3 days for reports to reflect the data accurately.

Step 3. Use new report under Windows Update for Business reports

Use the Expedite status report under Quality Updates in Windows update for Business reports to view the results. The intention is for you to be able to see devices that will not be successful when added to a real security Expedite policy. That gives you an opportunity to rectify errors and have an ecosystem ready for the zero-day scenarios. Note: If just getting started, see Use the workbook for Windows Update for Business reports.

Screenshot of the readiness report under Expedite status in Windows Update for Business reports.Screenshot of the readiness report under Expedite status in Windows Update for Business reports.

The report will show the devices that meet the prerequisites for Expedite and also the devices that are missing one or more requirements.

Identify any devices ineligible for Expedite by reviewing the alerts. The report shows clear remediation actions to resolve the issues causing these alerts. These are the same common alerts and remediations as you could previously see post-deployment in Get the most out of expedited Windows quality updates. Be more proactive getting these insights earlier today!

Ready to expedite updates more efficiently?

While the Expedite feature has already revolutionized how our customers handle security updates through Microsoft Intune and Microsoft Graph, our latest feature takes it a step further.

Catch up on the existing capabilities and try out this new readiness test today.


Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X/Twitter. Looking for support? Visit Windows on Microsoft Q&A.

2 Comments
Co-Authors
Version history
Last update:
‎Jan 30 2024 02:29 PM
Updated by: