使用 Windows 自动修补部署加速质量更新
使用 Windows 自动修补,可以将 Windows 更新部署到Microsoft Entra租户中的设备。 目前,Windows Autopatch 支持部署 Windows 10/11 功能更新、热补丁质量更新、加速质量更新和驱动程序更新。 本主题重点介绍快速质量更新的部署。 有关部署功能更新的信息,请参阅 部署功能更新。 有关如何部署热补丁质量更新的信息,请参阅 部署热补丁质量更新。 有关如何部署驱动程序更新的信息,请参阅 管理驱动程序更新。
加快质量更新将覆盖 Windows 更新 for Business 延迟策略,以便尽快安装更新。 当出现关键质量事件并且需要比平常更快地部署最新更新时,它可能很有用。 但是,虽然它有助于实现针对特定质量更新的合规性目标,但并不是每月都使用它。 相反,请考虑使用 符合性最后期限进行更新。
将加速质量更新部署到设备时,如果设备尚未收到具有指定发布日期的更新,Windows 更新会提供最新的适用更新。 例如,如果将 2021 年 4 月 13 日发布的Windows 10安全更新部署到当前没有更新的设备,则设备会收到快速更新。 如果设备已具有指定的更新或更高版本,则不会收到加速更新。
加速质量更新还具有以下特征:
- 更新立即启动,而不是等待下一次定期更新扫描,默认情况下每 22 小时进行一次。
- 更新将尽快下载和安装。
- 更新过程会覆盖配置的设备策略设置,例如,在设备被强制重启之前几天。 安装快速更新后,设备将返回到当前策略设置。
先决条件
- 设备满足 Windows 自动修补的先决条件。
- 设备安装了 KB4023057 - 更新Windows 10更新服务组件 (或更高版本) 中所述的更新。
- 若要验证设备是否满足接收加速更新的先决条件,请使用 就绪情况测试来加速更新。
步骤 1: (可选) 获取可加速更新的列表
可以查询 Windows 自动修补目录 API 以获取更新列表,这些更新可以作为部署中的内容加速到设备。
质量更新由 qualityUpdateCatalogEntry 类型表示, qualityUpdateClassification 为 security 或 nonSecurity。 分类为 security 的所有Windows 10质量更新,以及分类为 security 或 non-security 的所有Windows 11质量更新都可以加速。
所有质量更新都引用 产品修订列表。 将 添加到 $expand=microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions 请求 URL,以确定哪个操作系统生成每个质量更新都会受到影响。
以下示例演示如何查询所有Windows 10质量更新,这些更新可由 Windows 自动修补部署为快速更新。 建议仅显示三个最新更新,因此以下示例包括 $top=3。
请求
GET https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries?$top=3&$filter=isof('microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry') and microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/isExpeditable eq true&$expand=microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions&$orderby=releaseDateTime desc
响应
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries(microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions())",
"@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET admin/windows/updates/catalog/entries?$select=deployableUntilDateTime,displayName",
"value": [
{
"@odata.type": "#microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry",
"id": "7752017d0d3dd343836d0a6952d51380c8faa114466fe0944f3f40e0dcbc491e",
"displayName": "12/12/2023 - 2023.12 B SecurityUpdate for Windows 10 and later",
"deployableUntilDateTime": null,
"releaseDateTime": "2023-12-12T00:00:00Z",
"isExpeditable": true,
"qualityUpdateClassification": "security",
"catalogName": "2023-12 Cumulative Update for Windows 10 and later",
"shortName": "2023.12 B",
"qualityUpdateCadence": "monthly",
"cveSeverityInformation": {
"maxSeverity": "moderate",
"maxBaseScore": 9.6,
"exploitedCves@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('7752017d0d3dd343836d0a6952d51380c8faa114466fe0944f3f40e0dcbc491e')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/cveSeverityInformation/exploitedCves",
"exploitedCves": []
},
"productRevisions@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('7752017d0d3dd343836d0a6952d51380c8faa114466fe0944f3f40e0dcbc491e')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions",
"productRevisions": [
{
"id": "10.0.19045.3803",
"displayName": "Windows 10, version 22H2, build 19045.3803",
"releaseDateTime": "2023-12-12T00:00:00Z",
"version": "22H2",
"product": "Windows 10",
"osBuild": {
"majorVersion": 10,
"minorVersion": 0,
"buildNumber": 19045,
"updateBuildRevision": 3803
},
"knowledgeBaseArticle@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('7752017d0d3dd343836d0a6952d51380c8faa114466fe0944f3f40e0dcbc491e')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions('10.0.19045.3803')/knowledgeBaseArticle/$entity",
"knowledgeBaseArticle": {
"id": "KB5033372",
"url": "https://support.microsoft.com/help/5033372"
}
},
{
"id": "10.0.22621.2861",
"displayName": "Windows 11, version 22H2, build 22621.2861",
"releaseDateTime": "2023-12-12T00:00:00Z",
"version": "22H2",
"product": "Windows 11",
"osBuild": {
"majorVersion": 10,
"minorVersion": 0,
"buildNumber": 22621,
"updateBuildRevision": 2861
},
"knowledgeBaseArticle@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('7752017d0d3dd343836d0a6952d51380c8faa114466fe0944f3f40e0dcbc491e')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions('10.0.22621.2861')/knowledgeBaseArticle/$entity",
"knowledgeBaseArticle": {
"id": "KB5033375",
"url": "https://support.microsoft.com/help/5033375"
}
},
{
"id": "10.0.22000.2652",
"displayName": "Windows 11, version 21H2, build 22000.2652",
"releaseDateTime": "2023-12-12T00:00:00Z",
"version": "21H2",
"product": "Windows 11",
"osBuild": {
"majorVersion": 10,
"minorVersion": 0,
"buildNumber": 22000,
"updateBuildRevision": 2652
},
"knowledgeBaseArticle@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('7752017d0d3dd343836d0a6952d51380c8faa114466fe0944f3f40e0dcbc491e')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions('10.0.22000.2652')/knowledgeBaseArticle/$entity",
"knowledgeBaseArticle": {
"id": "KB5033369",
"url": "https://support.microsoft.com/help/5033369"
}
},
{
"id": "10.0.19044.3803",
"displayName": "Windows 10, version 21H2, build 19044.3803",
"releaseDateTime": "2023-12-12T00:00:00Z",
"version": "21H2",
"product": "Windows 10",
"osBuild": {
"majorVersion": 10,
"minorVersion": 0,
"buildNumber": 19044,
"updateBuildRevision": 3803
},
"knowledgeBaseArticle@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('7752017d0d3dd343836d0a6952d51380c8faa114466fe0944f3f40e0dcbc491e')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions('10.0.19044.3803')/knowledgeBaseArticle/$entity",
"knowledgeBaseArticle": {
"id": "KB5033372",
"url": "https://support.microsoft.com/help/5033372"
}
},
{
"id": "10.0.22631.2861",
"displayName": "Windows 11, version 23H2, build 22631.2861",
"releaseDateTime": "2023-12-12T00:00:00Z",
"version": "23H2",
"product": "Windows 11",
"osBuild": {
"majorVersion": 10,
"minorVersion": 0,
"buildNumber": 22631,
"updateBuildRevision": 2861
},
"knowledgeBaseArticle@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('7752017d0d3dd343836d0a6952d51380c8faa114466fe0944f3f40e0dcbc491e')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions('10.0.22631.2861')/knowledgeBaseArticle/$entity",
"knowledgeBaseArticle": {
"id": "KB5033375",
"url": "https://support.microsoft.com/help/5033375"
}
}
]
},
{
"@odata.type": "#microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry",
"id": "936705f27e4efc863ae4e6f2004da8cc6a51e035902d3367def02faf263e9fbd",
"displayName": "11/30/2023 - 2023.11 D Update for Windows 10 and later",
"deployableUntilDateTime": null,
"releaseDateTime": "2023-11-30T00:00:00Z",
"isExpeditable": true,
"qualityUpdateClassification": "nonSecurity",
"catalogName": "2023-11 Cumulative Update Preview for Windows 10 and later",
"shortName": "2023.11 D",
"qualityUpdateCadence": "monthly",
"cveSeverityInformation": null,
"productRevisions@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('936705f27e4efc863ae4e6f2004da8cc6a51e035902d3367def02faf263e9fbd')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions",
"productRevisions": [
{
"id": "10.0.19045.3758",
"displayName": "Windows 10, version 22H2, build 19045.3758",
"releaseDateTime": "2023-11-30T00:00:00Z",
"version": "22H2",
"product": "Windows 10",
"osBuild": {
"majorVersion": 10,
"minorVersion": 0,
"buildNumber": 19045,
"updateBuildRevision": 3758
},
"knowledgeBaseArticle@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('936705f27e4efc863ae4e6f2004da8cc6a51e035902d3367def02faf263e9fbd')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions('10.0.19045.3758')/knowledgeBaseArticle/$entity",
"knowledgeBaseArticle": {
"id": "KB5032278",
"url": "https://support.microsoft.com/help/5032278"
}
},
{
"id": "10.0.22621.2792",
"displayName": "Windows 11, version 22H2, build 22621.2792",
"releaseDateTime": "2023-12-04T00:00:00Z",
"version": "22H2",
"product": "Windows 11",
"osBuild": {
"majorVersion": 10,
"minorVersion": 0,
"buildNumber": 22621,
"updateBuildRevision": 2792
},
"knowledgeBaseArticle@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('936705f27e4efc863ae4e6f2004da8cc6a51e035902d3367def02faf263e9fbd')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions('10.0.22621.2792')/knowledgeBaseArticle/$entity",
"knowledgeBaseArticle": {
"id": "KB5032288",
"url": "https://support.microsoft.com/help/5032288"
}
},
{
"id": "10.0.22631.2792",
"displayName": "Windows 11, version 23H2, build 22631.2792",
"releaseDateTime": "2023-12-04T00:00:00Z",
"version": "23H2",
"product": "Windows 11",
"osBuild": {
"majorVersion": 10,
"minorVersion": 0,
"buildNumber": 22631,
"updateBuildRevision": 2792
},
"knowledgeBaseArticle@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('936705f27e4efc863ae4e6f2004da8cc6a51e035902d3367def02faf263e9fbd')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions('10.0.22631.2792')/knowledgeBaseArticle/$entity",
"knowledgeBaseArticle": {
"id": "KB5032288",
"url": "https://support.microsoft.com/help/5032288"
}
}
]
},
{
"@odata.type": "#microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry",
"id": "97b5e4baece0047a63eca88c4e7c93fb2d5fb5667cef0b417f6e51e1cc2f4c71",
"displayName": "11/14/2023 - 2023.11 B SecurityUpdate for Windows 10 and later",
"deployableUntilDateTime": null,
"releaseDateTime": "2023-11-14T00:00:00Z",
"isExpeditable": true,
"qualityUpdateClassification": "security",
"catalogName": "2023-11 Cumulative Update for Windows 10 and later",
"shortName": "2023.11 B",
"qualityUpdateCadence": "monthly",
"cveSeverityInformation": {
"maxSeverity": "critical",
"maxBaseScore": 9.8,
"exploitedCves@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('97b5e4baece0047a63eca88c4e7c93fb2d5fb5667cef0b417f6e51e1cc2f4c71')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/cveSeverityInformation/exploitedCves",
"exploitedCves": [
{
"number": "CVE-2023-36036",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36036"
},
{
"number": "CVE-2023-36033",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36033"
},
{
"number": "CVE-2023-36025",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36025"
}
]
},
"productRevisions@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('97b5e4baece0047a63eca88c4e7c93fb2d5fb5667cef0b417f6e51e1cc2f4c71')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions",
"productRevisions": [
{
"id": "10.0.19045.3693",
"displayName": "Windows 10, version 22H2, build 19045.3693",
"releaseDateTime": "2023-11-14T00:00:00Z",
"version": "22H2",
"product": "Windows 10",
"osBuild": {
"majorVersion": 10,
"minorVersion": 0,
"buildNumber": 19045,
"updateBuildRevision": 3693
},
"knowledgeBaseArticle@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('97b5e4baece0047a63eca88c4e7c93fb2d5fb5667cef0b417f6e51e1cc2f4c71')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions('10.0.19045.3693')/knowledgeBaseArticle/$entity",
"knowledgeBaseArticle": {
"id": "KB5032189",
"url": "https://support.microsoft.com/help/5032189"
}
},
{
"id": "10.0.22621.2715",
"displayName": "Windows 11, version 22H2, build 22621.2715",
"releaseDateTime": "2023-11-14T00:00:00Z",
"version": "22H2",
"product": "Windows 11",
"osBuild": {
"majorVersion": 10,
"minorVersion": 0,
"buildNumber": 22621,
"updateBuildRevision": 2715
},
"knowledgeBaseArticle@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('97b5e4baece0047a63eca88c4e7c93fb2d5fb5667cef0b417f6e51e1cc2f4c71')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions('10.0.22621.2715')/knowledgeBaseArticle/$entity",
"knowledgeBaseArticle": {
"id": "KB5032190",
"url": "https://support.microsoft.com/help/5032190"
}
},
{
"id": "10.0.22000.2600",
"displayName": "Windows 11, version 21H2, build 22000.2600",
"releaseDateTime": "2023-11-14T00:00:00Z",
"version": "21H2",
"product": "Windows 11",
"osBuild": {
"majorVersion": 10,
"minorVersion": 0,
"buildNumber": 22000,
"updateBuildRevision": 2600
},
"knowledgeBaseArticle@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('97b5e4baece0047a63eca88c4e7c93fb2d5fb5667cef0b417f6e51e1cc2f4c71')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions('10.0.22000.2600')/knowledgeBaseArticle/$entity",
"knowledgeBaseArticle": {
"id": "KB5032192",
"url": "https://support.microsoft.com/help/5032192"
}
},
{
"id": "10.0.19044.3693",
"displayName": "Windows 10, version 21H2, build 19044.3693",
"releaseDateTime": "2023-11-14T00:00:00Z",
"version": "21H2",
"product": "Windows 10",
"osBuild": {
"majorVersion": 10,
"minorVersion": 0,
"buildNumber": 19044,
"updateBuildRevision": 3693
},
"knowledgeBaseArticle@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('97b5e4baece0047a63eca88c4e7c93fb2d5fb5667cef0b417f6e51e1cc2f4c71')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions('10.0.19044.3693')/knowledgeBaseArticle/$entity",
"knowledgeBaseArticle": {
"id": "KB5032189",
"url": "https://support.microsoft.com/help/5032189"
}
},
{
"id": "10.0.22631.2715",
"displayName": "Windows 11, version 23H2, build 22631.2715",
"releaseDateTime": "2023-11-14T00:00:00Z",
"version": "23H2",
"product": "Windows 11",
"osBuild": {
"majorVersion": 10,
"minorVersion": 0,
"buildNumber": 22631,
"updateBuildRevision": 2715
},
"knowledgeBaseArticle@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('97b5e4baece0047a63eca88c4e7c93fb2d5fb5667cef0b417f6e51e1cc2f4c71')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions('10.0.22631.2715')/knowledgeBaseArticle/$entity",
"knowledgeBaseArticle": {
"id": "KB5032190",
"url": "https://support.microsoft.com/help/5032190"
}
}
]
}
]
}
步骤 2:创建部署
部署指定要部署的内容、部署内容的方式和时间,以及目标设备。 对于质量更新,使用目标符合性日期指定内容。 创建部署时,部署受众会自动创建为关系。
将加速质量更新部署到设备时,Windows 更新会提供一个更新,使设备高于指定的最低符合性级别。 根据每个设备的扫描和更新时间,某些设备可能会收到更新 (例如,更新的安全更新比与最低符合性级别) 相对应的更新更新,但所有设备都符合指定的安全更新符合性标准。 这种提供最新适用更新的行为(由设置为默认值latestSecurity的属性 equivalentContent 指示),有助于保持设备尽可能安全,并防止设备在几天后收到快速更新后又收到另一个常规更新。
注意: 如果部署加速的非安全质量更新,则它 必须是 最新发布的质量更新。 例如,如果在发布 12B 后加快 11D 版本,则部署中的设备不会加速更新。
可以在部署的用户体验设置中使用属性 daysUntilForcedReboot 配置设备重启宽限期。 宽限期设置安装后用户可控制设备重启时间的时间量。 如果设备在宽限期到期前未重启,则会自动重启。
下面是为加速质量更新创建部署的示例。 下一步将指定目标设备。
请求
POST https://graph.microsoft.com/beta/admin/windows/updates/deployments
Content-type: application/json
{
"@odata.type": "#microsoft.graph.windowsUpdates.deployment",
"content": {
"@odata.type": "#microsoft.graph.windowsUpdates.catalogContent",
"catalogEntry": {
"@odata.type": "#microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry",
"id": "catalog/entries/1"
}
},
"settings": {
"@odata.type": "microsoft.graph.windowsUpdates.deploymentSettings",
"expedite": {
"isExpedited": true,
"isReadinessTest": false
},
"userExperience": {
"daysUntilForcedReboot": 2
}
}
}
响应
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.windowsUpdates.deployment",
"id": "b5171742-1742-b517-4217-17b5421717b5",
"createdDateTime": "String (timestamp)",
"lastModifiedDateTime": "String (timestamp)",
"state": {
"effectiveValue": "offering",
"requestedValue": "none",
"reasons": []
},
"content": {
"@odata.type": "#microsoft.graph.windowsUpdates.catalogContent"
},
"settings": {
"schedule": null,
"monitoring": null,
"contentApplicability": null,
"userExperience": {
"daysUntilForcedReboot": 2
},
"expedite": {
"isExpedited": true
}
}
}
步骤 3:将设备分配给部署受众
创建部署后,可以将设备分配给 部署受众。 成功更新部署受众后,Windows 更新根据部署设置向相关设备提供更新。
设备在添加到部署受众的成员或排除集合时自动注册 (即,如果 azureADDevice 对象尚不存在) ,则会自动创建该对象。
以下示例演示如何将Microsoft Entra设备添加为部署访问群体的成员。
请求
POST https://graph.microsoft.com/beta/admin/windows/updates/deployments/{deploymentId}/audience/updateAudience
Content-type: application/json
{
"addMembers": [
{
"@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
"id": "String (identifier)"
},
{
"@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
"id": "String (identifier)"
},
{
"@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
"id": "String (identifier)"
}
]
}
响应
HTTP/1.1 202 Accepted
部署期间
部署正在进行时,可以通过更新部署 状态 并更新其访问群体成员和排除项来暂停部署。
部署后
在分配给部署受众的所有设备最初都已提供更新后,由于设备连接等因素,并非所有设备都可能已启动或完成更新。 只要部署仍然存在,就可确保Windows 更新在分配的设备重新连接时提供更新。