Introduction

So, Windows Update for Business houses a lot of components, including:

  • Receive update services: Windows end device
  • Configuration: through GPO, CSP or Graph API and PowerShell SDK
  • Reporting: Windows Update for Business reports (now generall available) - what this post is about, along with a description, technical implementation, transition from previous solutions and some tips & recommendations

Solution description

If you choose to enable Windows Update for Business reports (WUfB reports), you will have an Azure Log Analytics Workspace that hosts a Workbook that receives data through the Commercial Data Pipeline, from your Azure AD joined devices.

This data is all about Windows Updates such as Quality and Feature update deployment insights, status of updates and per device. Furthermore Delivery Optimization is covered, that shows how the devices used peering and bandwidth consumption.

overview.png

Official sources


How to configure Windows Update for Business reports

There are two options to enable the solution, please make sure that you meet the prerequisites, which include:

  • Azure subscription with Log Analytics Workspace
  • Contact to network endpoints
  • Azure AD joined devices with Windows 10/11 Pro, Edu or Enterprise edition

Log Analytics Workspace

Create a new Log Analytics Workspace in your Azure subscription. (straight-forward). You may think about adjusting the data retention. (Be careful, this could generate extra costs).

Azure Monitor

Navigate to Azure Monitor>Insights Hub>Winodws Update for Business reports. (scroll down)

create-wufb.png

Now click on Get started and choose a subscription and a Log Analytics Workspace.

create-wufb2.png

As the Workbooks relys on logs, you could also query all data with KQL. There are new tables added, which you can find here.

ℹ️
You can also onboard the solution through the Microsoft 365 Admin center>Show all>Health>Software updates>Windows. Although this is not the recommended way.

Intune settings configuration

You can find the Intune settings to configure, here.

intune-wufb-reports-settings-2.png

Now it can take up to 48 hours until data is displayed.


The transition from Update Compliance to WUfB reports

If you previously operated with Update Compliance, Microsoft highly recommends now to switch to the new WUfB reports. From the 30.11.2022 you can no longer downlaod Update Compliance from the marketplace or re-generate a CommercialID.

Update Compliance was the predecessor to WUfB reports. This solution included:

  • Azure subscription with Log Analytics Workspace > you can still reuse these, but I would create a new Log Analytics Workspace for the future
  • Azure Marketplace "Update Compliance" solution on top of the Log Analytics Workspace, that provided a commercial ID > not needed anymore
  • Intune OMA-URI, custom configuration profile > policy can transitioned to Settings Catalog

Intune built-in Windows Update reports

Note, that there are also built-in reports available from Intune>Reports>Windows Update (Preview). These are independent from the steps described above.

intune-wufb-reports.png

This requires the Windows health monitoring configuration profile to be modified. You need to enable Windows Updates.

intune-settings-windows-update.png


My recommendation

Every modern Windows endpoint is provided with regular updates. Especially from a security perspective, it is very likely that you will receive a lot of updates, sometimes out-of-band or expedited. To keep track of all updates and devices, be sure to implement WUfB reports. Proactively monitoring update status is key for compliance and can benefit the user experience. You may also consider implementing the Update Compliance Dashboard from MSEndpointMgr community. In addition, there is no cost associated with data ingestion for WUfB reporting data.

Read more about Windows Update for Business + Intune from Florian Salzmann


Endpoint Management with Microsoft Intune
Welcome to this coast! Learn everything on Endpoint Management with Microsoft Intune to deploy, manage, secure and monitor endpoints from all platforms through the cloud. Introduction, experience and thoughts Introduction to the Microsoft Intune product familyIntroduction This post is recommended for any reader who is new to Intune or would
You’ve successfully subscribed to Oceanleaf
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Success! Your email is updated.
Your link has expired
Success! Check your email for magic link to sign-in.