We’re excited to announce significant enhancements to the Windows Update for Business deployment service catalog. Easily access granular details about Windows quality and feature updates with Microsoft Graph API. The two main improvements include:
Greater detail about each update
Wider spectrum of update types
In addition to the security updates, the catalog now includes monthly non-security updates and out-of-band updates, providing a comprehensive view of what’s available to you. Furthermore, each of these updates are accompanied by additional relevant KB references, CVE information, revision history, and other metadata!
Explore new metadata
Enhance your update management decisions with insights from expanded metadata. Ever had to search multiple sites for update classification, cadence, naming, vulnerabilities, or revision details? Now you can look all of it up in seconds in the Windows Update for Business deployment service catalog via Microsoft Graph API. Let’s see what’s new!
Note: To utilize the catalog and view all available metadata, please ensure that your tenant meets all of the prerequisite requirements of the Windows Update for Business deployment service.
Update classification and cadence
The updated catalog introduces two new properties: qualityUpdateClassification and qualityUpdateCadence. Use these additions for a more refined understanding of each update released. The classification property helps categorize updates, distinguishing between security and non-security updates. The cadence property clarifies release frequency (i.e., monthly or out-of-band), allowing you to align your deployment strategies accordingly. To brush up on the various update types, see Windows monthly updates explained.
User-friendly naming convention
To facilitate easier association with each release, a user-friendly name has been introduced. For example, the August security release will now be labeled as "2023. 08B." Track and reference updates easily with this simplified naming convention.
CVE severity information
The catalog now includes crucial common vulnerabilities and exposures (CVE) severity information for each security release. With it, gain insights into the maximum severity rating and maximum score from CVSS (Common Vulnerability Scoring System). Additionally, you'll find details about exploited CVEs fixed under each release. To further investigate these specific CVEs, follow the provided URL to navigate to the corresponding Microsoft Security Response Center (MSRC) webpage. All other CVEs can be found here: Vulnerabilities - Security Update Guide.
Product revision details
In addition to CVE information, we have incorporated product revision details for each quality update. Access an expandable array of all OS builds with specific build revisions. This enables you to identify the update build revision and associated KB (knowledge base) article number. Furthermore, if you require additional information, you can find and follow a URL to the release notes of that KB article.
Try out sample queries
In order to view all new metadata added to the catalog, use the below Microsoft Graph API calls for monthly quality updates and for feature updates. Copy and paste them into the GET field in Microsoft Graph Explorer. If needed, refresh your memory on how to do this with Try Windows Update for Business with Microsoft Graph.
View all feature updates currently in support by running the below query in Microsoft Graph.
Next, use the following sample queries to retrieve information about quality updates and to make operational decisions. Note: this information is available for updates released in or after January 2023.
Show the non-security updates from the last 3 months:
But you don’t have to! The enriched metadata in the Windows Update for Business deployment service catalog empowers you with comprehensive insights and streamlined access to critical update details. Track and manage updates more efficiently with the new classification and cadence properties, along with user-friendly naming conventions. The inclusion of CVE severity information and product revision details ensures a more informed approach to update deployment.