Windows Analytics – Update Compliance

This is a second blog about one of the solutions available in Operation Management Suite (OMS) that use Windows Analytics – Update Compliance.

Recap… What is Windows Analytics ? This uses windows telemetry data collected from supported Windows Clients and servers using either built-in or configured agents. This data is consumed by Log Analytics which presents it to OMS which analyses and presents the data in “Dashboards” using configurable solutions.

Update Compliance – What does it do ? This is a free solution for Azure subscriptions that allows you to monitor the status of Windows Updates and Windows Defender Antivirus in an organisation. The solution collects diagnostic data from all configured Windows 10 Clients to give a view of compliance and security risks. From the analytics displayed it shows you inventory of devices which you can further drill down to individual devices that might need attention.

So, where do you start ?… I tested this using a test Azure subscription, the first stage was to get the solution configured in Azure and then to configure enrolment of a Windows 10 Client to start reporting data. If you are planning to trial this please note it does take a day or two for clients to start appearing in the Update Compliance solution in the OMS Portal.

The basic steps were:-

  1. First register a OMS workspace. A workspace is basically a container to register your account information and simple configuration to link it to a dedicated area for the Windows telemetry service used in Azure. Enterprise organizations could use multiple workspaces if they want data isolation between geographic or departmental units. To register a workspace just search for “Log Analytics” in the All services search dialogue in the Azure Portal, select a workspace name (This has to be unique as it’s validated), create a resource group, select a location and a pricing tier and select OK. After a few minutes you will see the new workspace listed.
  2. Go to the OMS Portal link, you will see a blank workspace, click on the “Solutions Gallery” icon this will show a list of all the solutions available ..Select¬† Update Compliance¬† located all the way to the right. This will add the solution to the OMS Portal. You may expect to see some settings or details at this stage, however nothing will appear until you configure some Windows Clients to start sending data.
  3. In a enterprise implementation you would configure clients using SCCM / Intune in conjunction with some Group Policies. For my test I configured my personal Windows 10 device using a script , the details required will be the same. The important part of configuring clients is to add a “Commercial ID” to map to your OMS workspace in Azure. This ID is then used in scripts and policies to enroll devices into the Update Compliane solution. The Commercial ID can be copied from the OMS Portal – Overview – Settings – Windows Telemetry – Connected Sources Panel.
  4. Download the Upgrade Readiness Deployment script, this is primarily aimed at a pilot deployment for either Upgrade Readiness solution or Update compliance. This script can also be deployed via SCCM / Intune. The script installation is simple and only requires editing of a config file to add the commercial ID. The script enables some registry settings and configures some Windows 10 built in services to start talking to the Azure windows telemetry service.
  5. In the trial I did not have to whitelist any proxy addresses for firewalls, but this would be required in an enterprise organization to allow clients to communicate data back to the windows telemetry service.

What next? I mentioned previously that it takes some time for data to start showing up in the OMS Portal, this took approximately 24 hours, so be patient.

The OMS Portal eventually displayed a dashboard, which could be drilled down to show further detail. (See below)

The dashboards displayed are all based on queries that can be customized, in addition these can be exported to Power BI dashboards. The default queries report on Device Issues – Out of Support OS Versions, Missing Updates, Assessment of Windows Defender AV. The Update issues show individual update failures, in-progress updates, cancelled, rolled back or uninstalled events.

The Update Compliance solution can also be integrated with Windows Update for Business and Intune policies to manage the deployment of updates all controlled via the Azure Portal.. but that’s for another day!

For further details regarding the configuration for a pilot refer to the link below.




About the author