Enhance update management decisions with metadata and insights

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

We’re excited to announce significant enhancements to the Windows Update for Business deployment service catalog. You can now easily access granular details about Windows quality and feature updates with Microsoft Graph API. The two main improvements include:

  • Greater detail about each update
  • Wider spectrum of update types

In addition to the security updates, the catalog now includes monthly non-security updates and out-of-band updates, providing a comprehensive view of what’s available to you. Furthermore, each of these updates is now accompanied by additional relevant KB references, CVE information, revision history, and other metadata!

Explore new metadata

Enhance your update management decisions with insights from expanded metadata. Ever had to search multiple sites for update classification, cadence, naming, vulnerabilities, or revision details? Now you can look all of it up in seconds in the Windows Update for Business deployment service catalog via Microsoft Graph API. Let’s see what’s new!

 

Note: To utilize the catalog and view all available metadata, please ensure that your tenant meets all of the prerequisite requirements of the Windows Update for Business deployment service.

Update classification and cadence

The updated catalog introduces two new properties: qualityUpdateClassification and qualityUpdateCadence. Use these additions for a more refined understanding of each update released. The classification property helps categorize updates, distinguishing between security and non-security updates. The cadence property clarifies release frequency (i.e., monthly or out-of-band), allowing you to align your deployment strategies accordingly. To brush up on the various update types, see Windows monthly updates explained.

User-friendly naming convention

To facilitate easier association with each release, a user-friendly name has been introduced. For example, the August security release will now be labeled as "2023. 08B." Track and reference updates easily with this simplified naming convention.

CVE severity information

The catalog now includes crucial common vulnerabilities and exposures (CVE) severity information for each security release. With it, gain insights into the maximum severity rating and maximum score from CVSS (Common Vulnerability Scoring System). Additionally, you'll find details about exploited CVEs fixed under each release. To further investigate these specific CVEs, follow the provided URL to navigate to the corresponding Microsoft Security Response Center (MSRC) webpage. All other CVEs can be found here: Vulnerabilities - Security Update Guide.

Product revision details

In addition to CVE information, we have incorporated product revision details for each quality update. Access an expandable array of all OS builds with specific build revisions. This enables you to identify the update build revision and associated KB (knowledge base) article number. Furthermore, if you require additional information, you can find and follow a URL to the release notes of that KB article.

Try out sample queries

In order to view all new metadata added to the catalog, use the below Microsoft Graph API calls for monthly quality updates and for feature updates. Copy and paste them into the GET field in Microsoft Graph Explorer. If needed, refresh your memory on how to do this with Try Windows Update for Business with Microsoft Graph.

Feature updates

View all feature updates currently in support by running the below query in Microsoft Graph.

Element

Entry

Request type

GET

URI

https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries?$filter=isof('microsoft.graph.windowsUpdates.featureUpdateCatalogEntry')

Screenshot of a portion of the feature update responseScreenshot of a portion of the feature update response

Quality updates

Additional metadata has been added to the catalog for quality updates. Right now, the latest release available is the August monthly security release: “2023. 08B.”

Let’s view the new properties added to the catalog. Start by using the following request query:

Element

Entry

Request type

GET

URI

https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries?$filter=microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/qualityUpdateClassification eq 'Security'&$orderby=releaseDateTime desc&$top=1

Now, let’s walk through the response details to explore the new information about the August 2023 security update.

    1. Locate the release details, such as release name, date, and update type:

Screenshot of a portion of the response focused on the release details for the August security updateScreenshot of a portion of the response focused on the release details for the August security update

    1. Scroll down through the response to locate the CVE information, such as severity, number, and URL to read more:

Screenshot of a portion of the response focused on the CVE information for the August security updateScreenshot of a portion of the response focused on the CVE information for the August security update

    1. Keep scrolling to find product revisions and Knowledge Base article details. For all Windows OS versions in support the response will return the below:

Screenshot of a portion of the response focused on product version and KB details for the August security updateScreenshot of a portion of the response focused on product version and KB details for the August security update

View new fields for all quality updates using the following query in MS Graph:

Element

Entry

Request type

GET

URI

https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries?$expand=microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions&$orderby=releaseDateTime desc

Next, use the following sample queries to retrieve information about quality updates and to make operational decisions. Note: this information is available for updates released in or after January 2023.

  1. Show the non-security updates from the last 3 months.

Element

Entry

Request type

GET

URI

https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries?$filter= microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/qualityUpdateClassification eq ‘nonSecurity’&$orderby=releaseDateTime desc&$top=3

  1. Show the updates from the last 3 months that address exploited CVEs.

Element

Entry

Request type

GET

URI

https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries?$filter= microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/cveSeverityInformation/exploitedCves/$count gt 0&$orderby=releaseDateTime desc

  1. Show the updates from the last 3 months where the highest CVE base score is at least 9.0.

Element

Entry

Request type

GET

URI

https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries?$filter= microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/cveSeverityInformation/maxBaseScore gt 9.0&$orderby=releaseDateTime desc

In addition to these queries, you can use the standard OData filters and retrieve the required information about each release. Consult Query options overview - OData for additional information.

What this all means

Without Windows Update for Business deployment service, you have to look these details up in separate channels, such as:

But you don’t have to! The enriched metadata in the Windows Update for Business deployment service catalog empowers you with comprehensive insights and streamlined access to critical update details. Track and manage updates more efficiently with the new classification and cadence properties, along with user-friendly naming conventions. The inclusion of CVE severity information and product revision details ensures a more informed approach to update deployment.

Check out the following resources to learn more:


Continue the conversation. Find best practices. Bookmark the Windows Tech Community and follow us @MSWindowsITPro on Twitter. Looking for support? Visit Windows on Microsoft Q&A.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.