Table of contents
TOC
Collapse the table of content
Expand the table of content

Update CSP

Last Updated: 1/24/2017
Warning

Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

The Update configuration service provider enables IT administrators to manage and control the rollout of new updates.

The following diagram shows the Update configuration service provider in tree format.

update csp diagram

Update

The root node.

Supported operation is Get.

ApprovedUpdates

Node for update approvals and EULA acceptance on behalf of the end-user.

Note

When the RequireUpdateApproval policy is set, the MDM uses the ApprovedUpdates list to pass the approved GUIDs. These GUIDs should be a subset of the InstallableUpdates list.

The MDM must first present the EULA to IT and have them accept it before the update is approved. Failure to do this is a breach of legal or contractual obligations. The EULAs can be obtained from the update metadata and have their own EULA ID. It's possible for multiple updates to share the same EULA. It is only necessary to approve the EULA once per EULA ID, not one per update.

The update approval list enables IT to approve individual updates and update classifications. Auto-approval by update classifications allows IT to automatically approve Definition Updates (i.e., updates to the virus and spyware definitions on devices) and Security Updates (i.e., product-specific updates for security-related vulnerability). The update approval list does not support the uninstallation of updates by revoking approval of already installed updates. Updates are approved based on UpdateID, and an UpdateID only needs to be approved once. An update UpdateID and RevisionNumber are part of the UpdateIdentity type. An UpdateID can be associated to several UpdateIdentity GUIDs due to changes to the RevisionNumber setting. MDM services must synchronize the UpdateIdentity of an UpdateID based on the latest RevisionNumber to get the latest metadata for an update. However, update approval is based on UpdateID.

Note

For the Windows 10 build, the client may need to reboot after additional updates are added.

Supported operations are Get and Add.

ApprovedUpdates/Approved Update Guid

Specifies the update GUID.

To auto-approve a class of updates, you can specify the Update Classifications GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. There are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly.

Supported operations are Get and Add.

Sample syncml:

./Vendor/MSFT/Update/ApprovedUpdates/%7ba317dafe-baf4-453f-b232-a7075efae36e%7d

ApprovedUpdates/Approved Update Guid/ApprovedTime

Specifies the time the update gets approved.

Supported operations are Get and Add.

FailedUpdates

Specifies the approved updates that failed to install on a device.

Supported operation is Get.

FailedUpdates/Failed Update Guid

Update identifier field of the UpdateIdentity GUID that represent an update that failed to download or install.

Supported operation is Get.

FailedUpdates/Failed Update Guid/HResult

The update failure error code.

Supported operation is Get.

FailedUpdates/Failed Update Guid/Status

Specifies the failed update status (for example, download, install).

Supported operation is Get.

FailedUpdates/Failed Update Guid/RevisionNumber

Added in the next major update of Windows 10. The revision number for the update that must be passed in server to server sync to get the metadata for the update.

Supported operation is Get.

InstalledUpdates

The updates that are installed on the device.

Supported operation is Get.

InstalledUpdates/Installed Update Guid

UpdateIDs that represent the updates installed on a device.

Supported operation is Get.

InstalledUpdates/Installed Update Guid/RevisionNumber

Added in the next major update of Windows 10. The revision number for the update that must be passed in server to server sync to get the metadata for the update.

Supported operation is Get.

InstallableUpdates

The updates that are applicable and not yet installed on the device. This includes updates that are not yet approved.

Supported operation is Get.

InstallableUpdates/Installable Update Guid

Update identifiers that represent the updates applicable and not installed on a device.

Supported operation is Get.

InstallableUpdates/Installable Update Guid/Type

The UpdateClassification value of the update. Valid values are:

  • 0 - None
  • 1 - Security
  • 2 = Critical

Supported operation is Get.

InstallableUpdates/Installable Update Guid/RevisionNumber

The revision number for the update that must be passed in server to server sync to get the metadata for the update.

Supported operation is Get.

PendingRebootUpdates

The updates that require a reboot to complete the update session.

Supported operation is Get.

PendingRebootUpdates/Pending Reboot Update Guid

Update identifiers for the pending reboot state.

Supported operation is Get.

PendingRebootUpdates/Pending Reboot Update Guid/InstalledTime

The time the update is installed.

Supported operation is Get.

PendingRebootUpdates/Pending Reboot Update Guid/RevisionNumber

Added in the next major update of Windows 10. The revision number for the update that must be passed in server to server sync to get the metadata for the update.

Supported operation is Get.

LastSuccessfulScanTime

The last successful scan time.

Supported operation is Get.

DeferUpgrade

Upgrades deferred until the next period.

Supported operation is Get.

Configuration service provider reference

© 2017 Microsoft