Update: Update Compliance is now EOL, please use Windows Update for Business reports instead:
Today’s post is about a Microsoft tool which is completely free and a great way of tracking Windows updates across the estate. Did I mention it’s free?
If you want to read up more about it, here is the Microsoft official page. For this post, I will cover the deployment and configuration of it.
Before I start, it’s worth noting that if you already have Desktop Analytics deployed, you need to use the same Resource Group and Log Analytics Workspace.
First up, keep things neat and create a resource group in Azure
Now, create a Log Analytics Workspace inside the resource group. Don’t worry about any mention of data charges, they are free for this purpose
Once that is built, go to the Marketplace and find Update Compliance
There aren’t any configuration items at this point so go ahead and create it
Point it at your new Log Analytics Workspace (or Desktop Analytics if you use that already)
When completed, click Go to resource group
In the new resource, click on the Solution (WaaSUpdateInsights)
Now click on Update Compliance and copy the Commercial Id Key
Now we need to configure a Profile in Endpoint Manager to point the devices to the Log Analytics Workspace via a Custom OMA-URI policy
For the rows, the details can all be found here (I’ll include below as well to save having to cross-navigate)
Set the Commercial ID:
Set the diagnostic level (minimum of 1, but feel free to increase)
Disable opt-in to stop users changing the setting
We need to Allow device names or nothing will show
And the final row is newly added, but essential to allow Update Compliance Processing
Once the data starts coming through, navigate to the Log Analytics Workspace and click on Workplace Summary
Once the data has processed, you will see data about the devices, which have issues and what the issues may be
Plus pretty graphs to share with management:
I always try and deploy this for anyone using Intune, it isn’t complicated to deploy, costs nothing and can save a lot of time reporting on updates