The mixture of the Microsoft Graph and Home windows Replace for Enterprise provides IT managers granular management over updates to customers’ units — on-site and at residence.
One of many benefits of a Microsoft 365 subscription is simply how a lot it helps you to automate. On the coronary heart of the platform is the Microsoft Graph, a set of APIs that hyperlink the underlying providers collectively and help you write your individual code. Microsoft has considerably expanded the graph APIs since their unique launch because the Workplace 365 APIs.
Now the APIs cowl safety and methods administration, in addition to Workplace knowledge and the cloud-hosted Workplace providers. The Graph has grow to be a strong software, with one endpoint and a constant grammar for a big selection of very completely different APIs that serve many alternative constituencies. You need to use the identical Graph to construct Workplace extensions, or to extract safety knowledge, or now, to immediately handle PCs, laptops, and telephones which can be related to your Intune service. Microsoft has even opened up incoming connections to 3rd events, permitting knowledge to cross from cloud to cloud.
Because it has grown, the Microsoft Graph has developed into a typical grammar for providers. In the event you’ve constructed code that works with one service, it is not onerous to modify to a different, with every name requiring related authorisations and having an analogous construction. It is a wise strategy, because it makes studying the Microsoft Graph comparatively easy and reduces the necessity to retrain when new providers launch.
Utilizing Home windows Replace for Enterprise as a substitute of WSUS
Among the newest additions are a brand new set of APIs that add assist for the Home windows Replace For Enterprise service. Home windows Replace for Enterprise (WUfB) is greatest considered a managed model of the patron Home windows Replace service, or as a substitute for utilizing a domestically hosted Home windows Server Replace Providers (WSUS) occasion. With increasingly more employees working remotely, utilizing Home windows Replace for managed units is smart, because it strikes updates off congested and sluggish VPNs, permitting customers to reap the advantages of their residence broadband connections.
Administration insurance policies management what’s delivered to units, working with several types of replace (characteristic updates, high quality updates, driver updates, and Microsoft product updates). You’ll be able to management whether or not customers have entry to Home windows Insider builds, managing the channels that teams of customers can use so you may monitor new releases upfront of normal availability. Directors can defer updates — for instance, holding again Patch Tuesday high quality updates till they’ve been examined by an IT division. Equally, updates will be paused in the event that they’re seen to trigger issues.
Home windows Replace for Enterprise lets you management when units replace, utilizing Home windows’ built-in tooling to decide on to deploy outdoors energetic hours. Because it depends on options like this, it is best to deal with WUfB as a light-touch administration software, setting solely fundamental insurance policies with a view to work with Home windows. Customers may even management some points of the replace course of, so you may set grace intervals for updates, requiring them to be put in after a set variety of days, controlling when units restart. Microsoft gives an Replace Baseline as a set of pre-built insurance policies which you can modify as crucial for your online business wants.
Including APIs to Home windows Replace for Enterprise
WUfB is a strong technique to management updates, however as a part of Microsoft 365 it turns into a programmable software, due to a set of APIs presently in preview. As an alternative of counting on insurance policies to regulate updates, you need to use the Microsoft Graph to offer you a extra granular management of the service, constructing functions that may handle updates through API calls. In the event you choose, you need to use the Graph calls through PowerShell. The APIs handle the deployment service, not the Home windows Replace consumer on units, though it may be used to gather monitoring alerts from them.
SEE: Comparability information: High enterprise collaboration instruments (TechRepublic obtain)
These alerts are a great tool, and the Graph helps you to set thresholds for alerts primarily based on these alerts. Not each failed replace is an indication that you must pause updates: a person could have by chance shut a PC down forcing a rollback, for instance. Nevertheless, 5 rollbacks for a single replace might be a sign that wants investigating.
Controlling and managing updates with the Microsoft Graph
Utilizing the APIs and Home windows Replace for Enterprise does require managed units to be a part of an Azure Energetic Listing (AAD). This lets you enrol them within the service, including deployment classes to a tool registration. New units are mechanically added to AAD when enrolled, creating the suitable entries within the Microsoft Graph to your organisation. You are able to do this enrolment utilizing the Graph APIs, with one name in a position to enrol a number of units into a number of providers.
SEE: 69 Excel suggestions each person ought to grasp (TechRepublic)
The power to batch up a number of units right into a single name to the WUfB API is beneficial. Administering a number of units makes quite a lot of sense, and it lets you use Azure Energetic Listing queries to pick units by person, group, and even sort, after which make the suitable settings within the Graph. If you wish to block the present characteristic replace for units in your advertising and marketing division, for instance, one question can choose the requisite gadget IDs from the Graph, and one other can block updates for all these IDs. All you want is code to make the preliminary API name, parse the returned knowledge, earlier than setting up a name that manages the service.
One helpful characteristic of the service is the flexibility to expedite updates, in the event that they repair an pressing safety subject that may impression your online business. Home windows Replace for Enterprise will set up the model specified except it, or a more moderen one, is put in. You can begin by getting an inventory of updates that may be expedited utilizing a single name, after which use that knowledge to construct a deployment request that can be utilized to power a reboot shortly after the replace has been put in. Upon getting outlined a deployment, you may then get an inventory of relevant units, which can be utilized to focus on the deployment. This strategy helps you to exclude sure units — exempting units within the finance staff, for instance, once you’re near quarter finish and expect customers to be finishing key experiences.
You’ll need an acceptable subscription to make use of the APIs — both a Home windows 10 Enterprise or Home windows 10 Schooling subscription, or the equal Microsoft 365 subscription. In addition they assist the SMB-focused Microsoft 365 Enterprise Premium subscription and Home windows Digital Desktops within the cloud.
The mixture of the Microsoft Graph and Home windows Replace for Enterprise is a strong one, supplying you with most of the options you’ll want to handle and assist updates for distant customers. As increasingly more employees transfer to working from residence a minimum of a few of the week, you may’t depend on them being on the workplace community when an vital replace is launched. Utilizing the Graph APIs to regulate Home windows Replace means you do not want further software program on consumer units, lowering administration overhead — and letting customers use their work PCs precisely as they’d their private units, with no coaching wanted.