WindowsUpdates.ReadWrite.All
Allows the app to read and write all Windows update deployment settings for the organization on behalf of the signed-in user.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
WindowsUpdates.ReadWrite.Allpermission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReportcommand. See How To: Run a quick OAuth app audit of your tenant
| Category | Application | Delegated |
|---|---|---|
| Identifier | 7dd1be58-6e76-4401-bf8d-31d1e8180d5b | 11776c0c-6138-4db3-a668-ee621bea2555 |
| DisplayText | Read and write all Windows update deployment settings | Read and write all Windows update deployment settings |
| Description | Allows the app to read and write all Windows update deployment settings for the organization without a signed-in user. | Allows the app to read and write all Windows update deployment settings for the organization on behalf of the signed-in user. |
| AdminConsentRequired | Yes | Yes |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods |
|---|
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods | |
|---|---|
→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)
| Commands |
|---|
→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)
| Commands | |
|---|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
- azureADDevice
- catalog
- catalogContent
- catalogEntry
- complianceChange
- complianceChangeRule
- contentApproval
- deployableContent
- deployment
- deploymentAudience
- deploymentSettings
- deploymentState
- featureUpdateCatalogEntry
- knownIssue
- operationalInsightsConnection
- product
- qualityUpdateCatalogEntry
- resourceConnection
- updatableAsset
- updatableAssetGroup
- updatePolicy
Graph reference: azureADDevice
| Property | Type | Description |
|---|---|---|
| enrollments | microsoft.graph.windowsUpdates.updatableAssetEnrollment collection | Specifies areas in which the device is enrolled. Read-only. Returned by default. |
| errors | microsoft.graph.windowsUpdates.updatableAssetError collection | Specifies any errors that prevent the device from being enrolled in update management or receving deployed content. Read-only. Returned by default. |
| id | String | An identifier for the device. Key. Not nullable. Read-only. Returned by default. Inherited from updatableAsset |
Graph reference: catalog
| Property | Type | Description |
|---|---|---|
| id | String | An identifier for the catalog. Read-only. |
Graph reference: catalogContent
Graph reference: catalogEntry
| Property | Type | Description |
|---|---|---|
| deployableUntilDateTime | DateTimeOffset | The date on which the content is no longer available to deploy. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. |
| displayName | String | The display name of the content. Read-only. |
| id | String | The unique identifier for the catalog entry. Read-only. |
| releaseDateTime | DateTimeOffset | The release date for the content. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. |
Graph reference: complianceChange
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | The date and time when a compliance change was created. |
| id | String | The unique identifier for the compliance change. Returned by default. Not nullable. Read-only. |
| isRevoked | Boolean | True indicates that a compliance change is revoked, preventing further application. Revoking a compliance change is a final action. |
| revokedDateTime | DateTimeOffset | The date and time when the compliance change was revoked. |
Graph reference: complianceChangeRule
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | The date and time when the rule was created. |
| lastEvaluatedDateTime | DateTimeOffset | The date and time when the rule was last evaluated. |
| lastModifiedDateTime | DateTimeOffset | The date and time when the rule was last modified. |
Graph reference: contentApproval
| Property | Type | Description |
|---|---|---|
| content | microsoft.graph.windowsUpdates.deployableContent | Specifies what content to deploy. Deployable content should be provided as one of the following derived types: microsoft.graph.windowsUpdates.catalogContent. |
| createdDateTime | DateTimeOffset | The date and time when a compliance change was created. Inherited from microsoft.graph.windowsUpdates.complianceChange. |
| deploymentSettings | microsoft.graph.windowsUpdates.deploymentSettings | Settings for governing how to deploy content. |
| id | String | The unique identifier for the compliance change. Returned by default. Not nullable. Read-only. Inherited from microsoft.graph.windowsUpdates.complianceChange. |
| isRevoked | Boolean | True indicates that a compliance change is revoked, preventing further application. Revoking a compliance change is a final action. Inherited from microsoft.graph.windowsUpdates.complianceChange. |
| revokedDateTime | DateTimeOffset | The date and time when the compliance change was revoked. Inherited from microsoft.graph.windowsUpdates.complianceChange. |
Graph reference: deployableContent
Graph reference: deployment
| Property | Type | Description |
|---|---|---|
| content | microsoft.graph.windowsUpdates.deployableContent | Specifies what content to deploy. Cannot be changed. Returned by default. |
| createdDateTime | DateTimeOffset | The date and time the deployment was created. Returned by default. Read-only. |
| id | String | The unique identifier for the deployment. Returned by default. Key. Not nullable. Read-only. |
| lastModifiedDateTime | DateTimeOffset | The date and time the deployment was last modified. Returned by default. Read-only. |
| settings | microsoft.graph.windowsUpdates.deploymentSettings | Settings specified on the specific deployment governing how to deploy content. Returned by default. |
| state | microsoft.graph.windowsUpdates.deploymentState | Execution status of the deployment. Returned by default. |
Graph reference: deploymentAudience
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the deployment audience. Returned by default. Not nullable. Read-only. |
Graph reference: deploymentSettings
| Property | Type | Description |
|---|---|---|
| contentApplicability | microsoft.graph.windowsUpdates.contentApplicabilitySettings | Settings for governing whether content is applicable to a device. |
| expedite | microsoft.graph.windowsUpdates.expediteSettings | Settings for governing whether updates should be expedited. |
| monitoring | microsoft.graph.windowsUpdates.monitoringSettings | Settings for governing conditions to monitor and automated actions to take. |
| schedule | microsoft.graph.windowsUpdates.scheduleSettings | Settings for governing how and when the content is rolled out. |
| userExperience | microsoft.graph.windowsUpdates.userExperienceSettings | Settings for governing end user update experience. |
Graph reference: deploymentState
| Property | Type | Description |
|---|---|---|
| effectiveValue | microsoft.graph.windowsUpdates.deploymentStateValue | Specifies the state of the deployment. Supports a subset of the values for deploymentStateValue. Possible values are: scheduled, offering, paused, unknownFutureValue. Read-only. |
| reasons | microsoft.graph.windowsUpdates.deploymentStateReason collection | Specifies the reasons the deployment has its state value. Read-only. |
| requestedValue | microsoft.graph.windowsUpdates.requestedDeploymentStateValue | Specifies the requested state of the deployment. Supports a subset of the values for **r |
Graph reference: featureUpdateCatalogEntry
| Property | Type | Description |
|---|---|---|
| buildNumber | String | The build number of the feature update. Read-only. |
| deployableUntilDateTime | DateTimeOffset | The date on which the content is no longer available for deployment. Read-only. Inherited from softwareUpdateCatalogEntry. |
| displayName | String | The display name of the content. Read-only. Inherited from softwareUpdateCatalogEntry. |
| id | String | The unique identifier for the catalog entry. Read-only. Inherited from softwareUpdateCatalogEntry. |
| releaseDateTime | DateTimeOffset | The release date for the content. Read-only. Inherited from softwareUpdateCatalogEntry. |
| version | String | The version of the feature update. Read-only. |
Graph reference: knownIssue
| Property | Type | Description |
|---|---|---|
| description | String | The description of the particular known issue. |
| id | String | The unique identifier for the entry. Read-only. |
| lastUpdatedDateTime | DateTimeOffset | The date and time when the known issue was last updated. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. |
| resolvedDateTime | DateTimeOffset | The date and time when the known issue was resolved or mitigated. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| startDateTime | DateTimeOffset | The date and time when the known issue was first reported. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| status | microsoft.graph.windowsUpdates.windowsReleaseHealthStatus | The status of the known issue. |
| title | String | The title of the known issue. |
| webViewUrl | String | The URL to the known issue in the Windows Release Health dashboard on Microsoft 365 admin center. |
Graph reference: operationalInsightsConnection
| Property | Type | Description |
|---|---|---|
| azureResourceGroupName | String | The name of the Azure resource group that contains the Log Analytics workspace. |
| azureSubscriptionId | String | The Azure subscription ID that contains the Log Analytics workspace. |
| id | String | An identifier for the resource connection. Key. Not nullable. Read-only. Returned by default. |
| state | microsoft.graph.windowsUpdates.resourceConnectionState | The state of the connection. The possible values are: connected, notAuthorized, notFound, unknownFutureValue. |
| workspaceName | String | The name of the Log Analytics workspace. |
Graph reference: product
| Property | Type | Description |
|---|---|---|
| friendlyNames | String collection | The friendly names of the product. For example, Version 22H2 (OS build 22621). Read-only. |
| groupName | String | The name of the product group. For example, Windows 11. Read-only. |
| id | String | The unique identifier for the product. Read-only. |
| name | String | The name of the product. For example, Windows 11, version 22H2. Read-only. |
Graph reference: qualityUpdateCatalogEntry
| Property | Type | Description |
|---|---|---|
| catalogName | String | The catalog name of the content. Read-only. |
| cveSeverityInformation | microsoft.graph.windowsUpdates.qualityUpdateCveSeverityInformation | Severity information of the Common Vulnerabilities and Exposures associated with the content. |
| deployableUntilDateTime | DateTimeOffset | The date on which the content is no longer available for deployment. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. Inherited from softwareUpdateCatalogEntry. |
| displayName | String | The display name of the content. Read-only. Inherited from softwareUpdateCatalogEntry. |
| id | String | The unique identifier for the catalog entry. Read-only. Inherited from softwareUpdateCatalogEntry. |
| isExpeditable | Boolean | Indicates whether the content can be deployed as an expedited quality update. Read-only. |
| qualityUpdateCadence | microsoft.graph.windowsUpdates.qualityUpdateCadence | The publishing cadence of the quality update. Possible values are: monthly, outOfBand, unknownFutureValue. Read-only. |
| qualityUpdateClassification | microsoft.graph.windowsUpdates.qualityUpdateClassification | The classification on the quality update. Possible values are: all, security, nonSecurity, unknownFutureValue. Read-only. |
| releaseDateTime | DateTimeOffset | The release date of the content. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. Inherited from softwareUpdateCatalogEntry. |
| shortName | String | The short name of the content. Read-only. |
Graph reference: resourceConnection
| Property | Type | Description |
|---|---|---|
| id | String | An identifier for the resource connection. Key. Not nullable. Read-only. Returned by default. |
| state | microsoft.graph.windowsUpdates.resourceConnectionState | The state of the connection. The possible values are: connected, notAuthorized, notFound, unknownFutureValue. |
Graph reference: updatableAsset
| Property | Type | Description |
|---|---|---|
| id | String | An identifier for the asset. Key. Not nullable. Read-only. Returned by default. |
Graph reference: updatableAssetGroup
| Property | Type | Description |
|---|---|---|
| id | String | An identifier for the group. Key. Not nullable. Read-only. Returned by default. Inherited from microsoft.graph.windowsUpdates.updatableAsset. |
Graph reference: updatePolicy
| Property | Type | Description |
|---|---|---|
| complianceChangeRules | microsoft.graph.windowsUpdates.complianceChangeRule collection | Rules for governing the automatic creation of compliance changes. |
| createdDateTime | DateTimeOffset | The date and time when the update policy was created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| deploymentSettings | microsoft.graph.windowsUpdates.deploymentSettings | Settings for governing how to deploy content. |
| id | String | Unique identifier for the update policy. |