Editor’s note 2/27/2024: We have clarified the sequence of actions under step 3 by bringing the screenshot below the call details.
We’re excited to announce significant enhancements to the Windows Update for Business deployment service catalog. Easily access granular details about Windows quality and feature updates with Microsoft Graph API. The two main improvements include:
In addition to the security updates, the catalog now includes monthly non-security updates and out-of-band updates, providing a comprehensive view of what’s available to you. Furthermore, each of these updates are accompanied by additional relevant KB references, CVE information, revision history, and other metadata!
Enhance your update management decisions with insights from expanded metadata. Ever had to search multiple sites for update classification, cadence, naming, vulnerabilities, or revision details? Now you can look all of it up in seconds in the Windows Update for Business deployment service catalog via Microsoft Graph API. Let’s see what’s new!
Note: To utilize the catalog and view all available metadata, please ensure that your tenant meets all of the prerequisite requirements of the Windows Update for Business deployment service. |
The updated catalog introduces two new properties: qualityUpdateClassification and qualityUpdateCadence. Use these additions for a more refined understanding of each update released. The classification property helps categorize updates, distinguishing between security and non-security updates. The cadence property clarifies release frequency (i.e., monthly or out-of-band), allowing you to align your deployment strategies accordingly. To brush up on the various update types, see Windows monthly updates explained.
To facilitate easier association with each release, a user-friendly name has been introduced. For example, the August security release will now be labeled as "2023. 08B." Track and reference updates easily with this simplified naming convention.
The catalog now includes crucial common vulnerabilities and exposures (CVE) severity information for each security release. With it, gain insights into the maximum severity rating and maximum score from CVSS (Common Vulnerability Scoring System). Additionally, you'll find details about exploited CVEs fixed under each release. To further investigate these specific CVEs, follow the provided URL to navigate to the corresponding Microsoft Security Response Center (MSRC) webpage. All other CVEs can be found here: Vulnerabilities - Security Update Guide.
In addition to CVE information, we have incorporated product revision details for each quality update. Access an expandable array of all OS builds with specific build revisions. This enables you to identify the update build revision and associated KB (knowledge base) article number. Furthermore, if you require additional information, you can find and follow a URL to the release notes of that KB article.
In order to view all new metadata added to the catalog, use the below Microsoft Graph API calls for monthly quality updates and for feature updates. Copy and paste them into the GET field in Microsoft Graph Explorer. If needed, refresh your memory on how to do this with Try Windows Update for Business with Microsoft Graph.
View all feature updates currently in support by running the below query in Microsoft Graph.
Element |
Entry |
Request type |
GET |
URI |
https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries?$filter=isof('microsoft.graph.windowsUpdates.featureUpdateCatalogEntry') |
Additional metadata has been added to the catalog for quality updates. Right now, the latest release available is the August monthly security release: “2023. 08B.”
Let’s view the new properties added to the catalog. Start by using the following request query:
Element |
Entry |
Request type |
GET |
URI |
https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries?$filter=microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/qualityUpdateClassification eq 'Security'&$orderby=releaseDateTime desc&$top=1 |
Now, let’s walk through the response details to explore the new information about the August 2023 security update.
Element |
Entry |
Request type |
GET |
URI |
https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries?$expand=microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions&$orderby=releaseDateTime desc |
Keep scrolling to find product revisions and Knowledge Base article details. For all Windows OS versions in support the response will return the below:
Next, use the following sample queries to retrieve information about quality updates and to make operational decisions. Note: this information is available for updates released in or after January 2023.
Element |
Entry |
Request type |
GET |
URI |
https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries?$filter= microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/qualityUpdateClassification eq ‘nonSecurity’&$orderby=releaseDateTime desc&$top=3 |
Element |
Entry |
Request type |
GET |
URI |
https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries?$filter= microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/cveSeverityInformation/exploitedCves/$count gt 0&$orderby=releaseDateTime desc |
Element |
Entry |
Request type |
GET |
URI |
https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries?$filter= microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/cveSeverityInformation/maxBaseScore gt 9.0&$orderby=releaseDateTime desc |
In addition to these queries, you can use the standard OData filters and retrieve the required information about each release. Consult Query options overview - OData for additional information.
Without Windows Update for Business deployment service, you have to look these details up in separate channels, such as:
But you don’t have to! The enriched metadata in the Windows Update for Business deployment service catalog empowers you with comprehensive insights and streamlined access to critical update details. Track and manage updates more efficiently with the new classification and cadence properties, along with user-friendly naming conventions. The inclusion of CVE severity information and product revision details ensures a more informed approach to update deployment.
Check out the following resources to learn more:
Continue the conversation. Find best practices. Bookmark the Windows Tech Community and follow us @MSWindowsITPro on Twitter. Looking for support? Visit Windows on Microsoft Q&A.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.