update troubleshooting for UC

2025-06-18 03:43:39 +00:00 · 2017-09-07 15:24:11 -07:00
parent 8b37014f33
commit 0515bea69f
4 changed files with 86 additions and 9 deletions
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@ -25,14 +25,14 @@ Update Compliance has the following requirements:
 2. The solution requires that Windows 10 telemetry is enabled on all devices that are intended to be displayed in the solution. These devices must have at least the [basic level of telemetry](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#basic-level) enabled. To learn more about Windows telemetry, see [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization). 
 3. The telemetry of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the telemetry services](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on telemetry endpoints and summarizes the use of each endpoint:

-Service | Endpoint
--- | ---
-Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com<BR>settings-win.data.microsoft.com
-Windows Error Reporting | watson.telemetry.microsoft.com
-Online Crash Analysis | oca.telemetry.microsoft.com
+    Service | Endpoint
+    --- | ---
+    Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com<BR>settings-win.data.microsoft.com
+    Windows Error Reporting | watson.telemetry.microsoft.com
+    Online Crash Analysis | oca.telemetry.microsoft.com


- 4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). For endpoints running Windows 10, version 1607 or earlier, Windows telemetry must also be set to **Enhanced**. See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV.
+ 4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). For endpoints running Windows 10, version 1607 or earlier, [Windows telemetry must also be set to **Enhanced**](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level). See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV.


 ## Add Update Compliance to Microsoft Operations Management Suite
--- a/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
+++ b/windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
@ -0,0 +1,65 @@
+---
+title: Collect diagnostic data for Update Compliance and Windows Defender AV
+description: Use a tool to collect data to troubleshoot Update Compliance issues when using the Windows Defender AV Assessment add in
+keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+author: iaanw
+ms.author: iawilt
+ms.date: 09/06/2017
+---
+
+# Collect Update Compliance diagnostic data for Windows Defender AV Assessment
+
+**Applies to:**
+
+- Windows 10
+
+**Audience**
+
+- IT administrators
+
+This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in.
+
+Before attempting this process, ensure you have read the [Troublehsoot Windows Defender Antivirus reporting](troubleshoot-reporting.md) topic, met all require pre-requisites, and taken any other suggested troubleshooting steps.
+
+
+1. On at least two endpoints that are not reporting or showing up in Update Compliance, obtain the .cab diagnostic file by following this process:
+    1. Open an administrator-level version of the commpand prompt:
+        1. Open the **Start** menu.
+        2. Type **cmd**. Right-click on **Command Prompt** and click **Run as administrator**.
+        3. Enter administrator credentials or approve the prompt.
+    2. Navigate to the Windows Defender directory. By default, this is C:\Program Files\Windows Defender, as in the following example:
+        ```Dos
+        cd c:\program files\windows\defender
+        ```
+    3. Enter the following command and press **Enter**
+        ```Dos
+        mpcmdrun -getfiles
+        ```
+    4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt, but by default it will be in C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab.
+2. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us.
+3. Send an email using the <a href="mailto:ucsupport@microsoft.com?subject=WDAV assessment issue&body=I+am+encountering+the+following+issue+when+using+Windows+Defender+AV+in+Update+Compliance%3a+%0d%0aI+have+provided+at+least+2+support+.cab+files+at+the+following+location%3a+%26lt%3baccessible+share%2c+including+access+details+such+as+password%26gt%3b%0d%0aMy+OMS+workspace+ID+is%3a+%0d%0aPlease+contact+me+at%3a">Update Compliance support email template</a>, and fill out the template with the following information:
+
+    ```
+    I am encountering the following issue when using Windows Defender AV in Update Compliance: 
+    
+    I have provided at least 2 support .cab files at the following location: <accessible share, including access details such as password>
+
+    My OMS workspace ID is: 
+
+    Please contact me at: 
+    ```
+
+
+
+
+## Related topics
+
+- [Troublehsoot Windows Defender Antivirus reporting](troubleshoot-reporting.md)
+
--- a/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
@ -147,7 +147,7 @@ After whitelisting the URLs listed above, you can test if you are connected to t
 Use the following argument with the Windows Defender AV command line utility (*mpcmdrun.exe*) to verify that your network can communicate with the Windows Defender AV cloud:

 ```DOS
-MpCmdRun - ValidateMapsConnection 
+MpCmdRun -ValidateMapsConnection 
 ```
 > [!NOTE]
 > You need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. This command will only work on Windows 10, version 1703.
--- a/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
+++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
@ -39,13 +39,25 @@ There are three steps to troubleshooting these problems:
 2. Check your connectivity to the Windows Defender cloud-based service
 3. Submit support logs

+>[!IMPORTANT]
+>It typically takes 3 days for devices to start appearing in Update Compliance
+

 ## Confirm pre-requisites

-In order for devices to properly show up in Update Compliance, you have to meet certain pre-requisites for both the Update Compliance service and for Windows Defender Antivirus protection:
+In order for devices to properly show up in Update Compliance, you have to meet certain pre-requisites for both the Update Compliance service and for Windows Defender AV protection:

 >[!div class="checklist]
->- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. Using any other antivirus app will cause Windows Defender AV to disable itself and the endpoint will not be reported in Update Compliance.
+>- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](windows-defender-antivirus-compatibility.md) and the endpoint will not be reported in Update Compliance.
+> - [Cloud-delivered protection is enabled](enable-cloud-protection-windows-defender-antivirus.md).
+> - Endpoints can [connect to the Windows Defender AV cloud](configure-network-connections-windows-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud)
+> - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 telemetry must be set to the Enhanced level](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level).
+> - It has been 3 days since all requirements have been met
+
+If the abnove pre-requisites have all been met, you may need to proceed to the next step to collect diagnostic information and send it to us.
+
+> [!div class="nextstepaction"]
+> [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data-update-compliance-wdav.md)