使用 Windows Update for Business 部署服务部署功能更新Deploy a feature update using the Windows Update for Business deployment service

使用 Windows Update for Business 部署服务,Windows Azure AD 租户中的设备部署更新。With the Windows Update for Business deployment service, you can deploy Windows updates to devices in an Azure AD tenant. 如今,部署服务支持部署Windows 10更新和加速安全更新。Today, the deployment service supports deployments of Windows 10 feature updates and expedited security updates. 本主题重点介绍功能更新的部署。This topic focuses on deployments of feature updates. 有关部署快速安全更新的信息,请参阅 D部署加速安全更新For information on deploying expedited security updates, see Deploy an expedited security update.

将功能更新部署到设备时,Windows更新会向设备提供指定的更新(如果设备尚未收到更新)。When you deploy a feature update to a device, Windows Update offers the specified update to the device if it has not yet received the update. 例如,如果将 Windows 10 功能更新版本 20H2 部署到在功能更新管理中注册并且当前位于较旧版本的 Windows 10 的设备,则设备将更新到版本 20H2。For example, if you deploy Windows 10 feature update version 20H2 to a device that is enrolled in feature update management and is currently on an older version of Windows 10, the device updates to version 20H2. 如果设备已位于或高于 20H2 版本,它将保持其当前版本。If the device is already at or above version 20H2, it stays on its current version. 如果设备未注册功能更新管理,则此操作不会影响设备。If the device is not enrolled in feature update management, the device is not affected by this operation.

只要设备仍在功能更新管理中注册,设备就不会从 Windows Update 接收任何其他功能更新,除非使用部署服务显式部署。As long as a device remains enrolled in feature update management, the device does not receive any other feature updates from Windows Update unless explicitly deployed using the deployment service.

先决条件Prerequisites

步骤 1: (可选) 获取可部署更新的列表Step 1: (Optional) Get a list of deployable updates

你可以查询部署服务目录,获取可以部署中的内容部署到设备的更新列表。You can query the deployment service catalog to get a list of updates that can be deployed to devices as content in a deployment.

下面是查询部署服务可部署的所有Windows 10功能更新的示例。Below is an example of querying for all Windows 10 feature updates that are deployable by the deployment service.

请求Request

GET https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries?$filter=isof('microsoft.graph.windowsUpdates.featureUpdateCatalogEntry')

响应Response

HTTP/1.1 200 OK
Content-Type: application/json

{
    "value": [
        {
            "@odata.type": "#microsoft.graph.windowsUpdates.featureUpdateCatalogEntry",
            "id": "560a186a-1434-4364-8330-deb944b494ff",
            "displayName": "Windows 10, version 20H2",
            "releaseDate": "String (timestamp)",
            "deployableUntilDateTime": "String (timestamp)",
            "version": "20H2"
        },
        {
            "@odata.type": "#microsoft.graph.windowsUpdates.featureUpdateCatalogEntry",
            "id": "5e436dae-56bd-4925-bf8b-acf550e07227",
            "displayName": "Windows 10, version 2004",
            "releaseDate": "String (timestamp)",
            "deployableUntilDateTime": "String (timestamp)",
            "version": "2004"
        }
    ]
}

步骤 2:创建部署Step 2: Create a deployment

部署指定要部署的内容、如何以及何时部署内容以及目标设备。A deployment specifies content to deploy, how and when to deploy the content, and the targeted devices. 创建部署后,将自动将部署访问群体创建为关系。When a deployment is created, a deployment audience is automatically created as a relationship.

下面是使用配置部署计划及监视规则的可选设置创建功能更新部署的示例Below is an example of creating a deployment of a feature update, with optional settings configuring the deployment schedule and monitoring rules. 目标设备在下一步中指定。The targeted devices are specified in the next step.

备注

如果在创建 部署时未指定 监视规则,则创建默认监视规则。If you do not specify a monitoring rule when creating a deployment, a default monitoring rule is created. 此默认监视规则具有 信号、阈值 和 rollback 20 操作 alertErrorThis default monitoring rule has a signal of rollback, a threshold of 20, and an action of alertError. 在 API 的未来更新中,此行为将更改,并且不会创建默认监视规则。In a future update of the API, this behavior will change and a default monitoring rule will not be created.

请求Request

POST https://graph.microsoft.com/beta/admin/windows/updates/deployments
Content-type: application/json

{
    "@odata.type": "#microsoft.graph.windowsUpdates.deployment",
    "content": {
        "@odata.type": "microsoft.graph.windowsUpdates.featureUpdateReference",
        "version": "20H2"
    },
    "settings": {
        "@odata.type": "microsoft.graph.windowsUpdates.windowsDeploymentSettings",
        "rollout": {
            "devicesPerOffer": 100,
            "durationBetweenOffers": "P7D"
        },
        "monitoring": {
            "monitoringRules": [
                {
                    "@odata.type": "#microsoft.graph.windowsUpdates.monitoringRule",
                    "signal": "rollback",
                    "threshold": 5,
                    "action": "pauseDeployment"
                }
            ]
        }
    }
}

响应Response

HTTP/1.1 201 Created
Content-Type: application/json

{
    "@odata.type": "#microsoft.graph.windowsUpdates.deployment",
    "id": "b5171742-1742-b517-4217-17b5421717b5",
    "state": {
        "@odata.type": "microsoft.graph.windowsUpdates.deploymentState",
        "value": "offering",
        "reasons": [
            {
                "@odata.type": "microsoft.graph.windowsUpdates.deploymentStateReason",
                "value": "offeringByRequest"
            }
        ],
        "requestedValue": "none",
        "effectiveSinceDate": "String (timestamp)"
    },
    "content": {
        "@odata.type": "microsoft.graph.windowsUpdates.featureUpdateReference",
        "version": "20H2"
    },
    "settings": {
        "@odata.type": "microsoft.graph.windowsUpdates.windowsDeploymentSettings",
        "rollout": {
            "devicesPerOffer": 100,
            "durationBetweenOffers": "P7D",
            "startDateTime": null,
            "endDateTime": null
        },
        "monitoring": {
            "monitoringRules": [
                {
                    "@odata.type": "#microsoft.graph.windowsUpdates.monitoringRule",
                    "signal": "rollback",
                    "threshold": 5,
                    "action": "pauseDeployment"
                }
            ]
        },
        "userExperience": null
    },
    "createdDateTime": "String (timestamp)",
    "lastModifiedDateTime": "String (timestamp)"
}

步骤 3:将设备分配给部署访问群体Step 3: Assign devices to the deployment audience

创建部署后,你可以将设备分配给部署 访问群体After a deployment is created, you can assign devices to the deployment audience. 设备可以直接分配,或通过可 更新的资产组进行分配Devices can be assigned directly, or via updatable asset groups. 成功更新部署访问群体后,Windows更新开始根据部署设置向相关设备提供更新。Once the deployment audience is successfully updated, Windows Update starts offering the update to the relevant devices according to the deployment settings.

当设备添加到部署访问群体的成员或排除集合时 (将自动注册服务,即 azureADDevice 对象在部署访问群体中) 。Devices are automatically registered with the service when added to the members or exclusions collections of a deployment audience (i.e. an azureADDevice object is automatically created if it does not already exist).

下面是添加可更新资源组和 Azure AD 设备作为部署受众成员的示例,同时还排除特定的 Azure AD 设备。Below is an example of adding updatable asset groups and Azure AD devices as members of the deployment audience, while also excluding a specific Azure AD device.

请求Request

POST https://graph.microsoft.com/beta/admin/windows/updates/deployments/{deploymentId}/audience/updateAudience
Content-type: application/json

{
    "addMembers": [
        {
            "@odata.type": "#microsoft.graph.windowsUpdates.updatableAssetGroup",
            "id": "String (identifier)"
        },
        {
            "@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
            "id": "String (identifier)"
        },
        {
            "@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
            "id": "String (identifier)"
        }
    ],
    "addExclusions": [
        {
            "@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
            "id": "String (identifier)"
        }
    ]
}

响应Response

HTTP/1.1 202 Accepted

部署期间During a deployment

在部署过程中,可以通过更新部署的状态来暂停部署,也可以更新其访问群体成员和排除项。While a deployment is in progress, you can pause the deployment by updating its state, as well as update its audience members and exclusions.

部署后After a deployment

在最初向部署访问群体分配的所有设备都提供更新后,由于设备连接等因素,并非所有设备都启动或完成了更新。After all devices assigned to a deployment audience have been initially offered the update, it is possible that not all devices have started or completed the update, due to factors like device connectivity. 只要部署仍然存在,Windows只要重新连接,更新就会继续为分配的设备提供更新。As long as the deployment still exists, Windows Update continues to offer the update to the assigned devices whenever they reconnect.