mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 10:23:37 +00:00
initial import of Charles' versions
This commit is contained in:
jaimeo
BIN
windows/deployment/update/images/UC_commercialID.png
Normal file
BIN
windows/deployment/update/images/UC_commercialID.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 29 KiB |
BIN
windows/deployment/update/images/UC_commercialID_GP.png
Normal file
BIN
windows/deployment/update/images/UC_commercialID_GP.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 83 KiB |
BIN
windows/deployment/update/images/UC_telemetrylevel.png
Normal file
BIN
windows/deployment/update/images/UC_telemetrylevel.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 86 KiB |
@ -17,14 +17,8 @@ ms.topic: article
|
||||
---
|
||||
|
||||
# Delivery Optimization in Update Compliance
|
||||
The Update Compliance solution of Windows Analytics provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer distribution over the past 28 days.
|
||||
|
||||
|
||||
|
||||
> [!IMPORTANT]
|
||||
> There is a known issue with the way device configuration is displayed for Delivery Optimization. Some devices running Windows 10, versions 1809 or 1903 report the Delivery Optimization DownloadMode configuration value as the sequential value in the list of possible configurations rather than the actual configured value. For example, a device that is configured as HTTP + Group (2), will be shown as HTTP + Internet (3) in Update Compliance.
|
||||
>
|
||||
>**This issue is now fixed by installing the 2019-07 cumulative update appropriate for the device.**
|
||||
The Update Compliance solution of Windows Analytics provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer distribution over the past 28 days.
|
||||
|
||||
## Delivery Optimization Status
|
||||
|
||||
@ -34,11 +28,9 @@ The Delivery Optimization Status section includes three blades:
|
||||
- The **Content Distribution (%)** blade shows the percentage of bandwidth savings for each category
|
||||
- The **Content Distribution (GB)** blade shows the total amount of data seen from each content type broken down by the download source (peers vs non-peers).
|
||||
|
||||
|
||||
|
||||
|
||||
## Device Configuration blade
|
||||
Devices can be set to use different download modes; these download modes determine in what situations Delivery Optimization will use peer-to-peer distribution to accomplish the downloads. The top section shows the number of devices configured to use peer-to-peer distribution in *Peering On* compared to *Peering Off* modes. The table shows a breakdown of the various download mode configurations seen in your environment. For more information about the different configuration options, see [Set up Delivery Optimization for Windows 10 updates](waas-delivery-optimization-setup.md) for recommendations for different scenarios or [Delivery Optimization reference](waas-delivery-optimization-reference.md#download-mode) for complete details of this setting.
|
||||
Devices can be set to use different download modes; these download modes determine in what situations Delivery Optimization will use peer-to-peer distribution to accomplish the downloads. The top section shows the number of devices configured to use peer-to-peer distribution in *Peering On* compared to *Peering Off* modes. The table shows a breakdown of the various download mode configurations seen in your environment. For more information about the different configuration options, see [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md#download-mode).
|
||||
|
||||
## Content Distribution (%) blade
|
||||
The first of two blades showing information on content breakdown, this blade shows a ring chart summarizing **Bandwidth Savings %**, which is the percentage of data received from peer sources out of the total data downloaded (for any device that used peer-to-peer distribution).
|
||||
@ -52,4 +44,3 @@ The download sources that could be included are:
|
||||
- LAN Bytes: Bytes downloaded from LAN Peers which are other devices on the same local network
|
||||
- Group Bytes: Bytes downloaded from Group Peers which are other devices that belong to the same Group (available when the “Group” download mode is used)
|
||||
- HTTP Bytes: Non-peer bytes. The HTTP download source can be Microsoft Servers, Windows Update Servers, a WSUS server or an SCCM Distribution Point for Express Updates.
|
||||
|
||||
|
||||
@ -1,75 +1,129 @@
|
||||
---
|
||||
title: Get started with Update Compliance (Windows 10)
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: Configure Update Compliance in Azure Portal to see the status of updates and antimalware protection on devices in your network.
|
||||
keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
audience: itpro
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.localizationpriority: medium
|
||||
ms.collection: M365-analytics
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Get started with Update Compliance
|
||||
This topic explains the steps necessary to configure your environment for Windows Analytics: Update Compliance.
|
||||
|
||||
Steps are provided in sections that follow the recommended setup process:
|
||||
|
||||
1. Ensure you meet the [Update Compliance prerequisites](#update-compliance-prerequisites).
|
||||
2. [Add Update Compliance to your Azure subscription](#add-update-compliance-to-your-azure-subscription).
|
||||
3. [Enroll devices in Windows Analytics](#enroll-devices-in-windows-analytics).
|
||||
4. [Use Update Compliance](update-compliance-using.md) to monitor Windows Updates, Windows Defender Antivirus status, and Delivery Optimization.
|
||||
|
||||
## Update Compliance prerequisites
|
||||
Before you begin the process to add Update Compliance to your Azure subscription, first ensure you can meet the prerequisites:
|
||||
1. Update Compliance works only with Windows 10 Professional, Education, and Enterprise editions. Update Compliance only provides data for the standard Desktop Windows 10 version and is not currently compatible with Windows Server, Surface Hub, IoT, etc.
|
||||
2. Update Compliance provides detailed deployment data for devices on the Semi-Annual Channel and the Long-term Servicing Channel. Update Compliance will show Windows Insider Preview devices, but currently will not provide detailed deployment information for them.
|
||||
3. Update Compliance requires at least the Basic level of diagnostic data and a Commercial ID to be enabled on the device.
|
||||
4. To show device names for versions of Windows 10 starting with 1803 in Windows Analytics you must opt in. For details about this, see the "AllowDeviceNameinTelemetry (in Windows 10)" entry in the table in the [Distributing policies at scale](windows-analytics-get-started.md#deploying-windows-analytics-at-scale) section of [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
|
||||
5. To use the Windows Defender Status, devices must be E3-licensed and have Cloud Protection enabled. E5-licensed devices will not appear here. For E5 devices, you should use [Windows Defender ATP](https://docs.microsoft.com/sccm/protect/deploy-use/windows-defender-advanced-threat-protection) instead. For more information on Windows 10 Enterprise licensing, see [Windows 10 Enterprise: FAQ for IT Professionals](https://docs.microsoft.com/windows/deployment/planning/windows-10-enterprise-faq-itpro).
|
||||
|
||||
## Add Update Compliance to your Azure subscription
|
||||
Update Compliance is offered as a solution which is linked to a new or existing [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. To configure this, follow these steps:
|
||||
|
||||
1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal.
|
||||
|
||||
> [!NOTE]
|
||||
> Update Compliance is included at no additional cost with Windows 10 Professional, Education, and Enterprise editions. An Azure subscription is required for managing and using Update Compliance, but no Azure charges are expected to accrue to the subscription as a result of using Update Compliance.
|
||||
|
||||
2. In the Azure portal select **+ Create a resource**, and search for “Update Compliance". You should see it in the results below.
|
||||
|
||||
|
||||
|
||||
3. Select **Update Compliance** and a blade will appear summarizing the solution’s offerings. At the bottom, select **Create** to begin adding the solution to Azure.
|
||||
|
||||
|
||||
|
||||
4. Choose an existing workspace or create a new workspace that will be assigned to the Update Compliance solution.
|
||||
- If you already have another Windows Analytics solution, you should use the same workspace.
|
||||
- If you are creating a new workspace, and your organization does not have policies governing naming conventions and structure, consider the following workspace settings to get started:
|
||||
- Choose a workspace name which reflects the scope of planned usage in your organization, for example *PC-Analytics*.
|
||||
- For the resource group setting select **Create new** and use the same name you chose for your new workspace.
|
||||
- For the location setting, choose the Azure region where you would prefer the data to be stored.
|
||||
- For the pricing tier select **per GB**.
|
||||
|
||||
|
||||
|
||||
5. The resource group and workspace creation process could take a few minutes. After this, you are able to use that workspace for Update Compliance. Select **Create**.
|
||||
|
||||
|
||||
|
||||
6. Watch for a notification in the Azure portal that your deployment has been successful. This might take a few minutes. Then, select **Go to resource**.
|
||||
|
||||
|
||||
|
||||
## Enroll devices in Windows Analytics
|
||||
Once you've added Update Compliance to a workspace in your Azure subscription, you can start enrolling the devices in your organization. For Update Compliance there are two key steps for enrollment:
|
||||
1. Deploy your Commercial ID (from the Update Compliance Settings page) to your Windows 10 devices (typically by using Group Policy, [Mobile Device Management](https://docs.microsoft.com/windows/client-management/windows-10-mobile-and-mdm), [System Center Configuration Manager](https://docs.microsoft.com/sccm/core/understand/introduction) or similar).
|
||||
2. Ensure the Windows Diagnostic Data setting on devices is set to at least Basic (typically using Group Policy or similar). For full enrollment instructions and troubleshooting, see [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
|
||||
|
||||
---
|
||||
title: Get started with Update Compliance (Windows 10)
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: Configure Update Compliance in Azure Portal to see the status of updates and antimalware protection on devices in your network.
|
||||
keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
audience: itpro
|
||||
author: jaimeo
|
||||
ms.author: jaimeo
|
||||
ms.localizationpriority: medium
|
||||
ms.collection: M365-analytics
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Get started with Update Compliance
|
||||
This topic explains the steps necessary to configure your environment for Update Compliance.
|
||||
|
||||
Steps are provided in sections that follow the recommended setup process:
|
||||
|
||||
1. Ensure you meet the [Update Compliance prerequisites](#update-compliance-prerequisites).
|
||||
2. [Add Update Compliance to your Azure subscription](#add-update-compliance-to-your-azure-subscription).
|
||||
3. [Enroll devices in Update Compliance](#enroll-devices-in-update-compliance).
|
||||
4. [Use Update Compliance](update-compliance-using.md) to monitor Windows Updates and get Delivery Optimization insights.
|
||||
|
||||
## Update Compliance prerequisites
|
||||
Before you begin the process to add Update Compliance to your Azure subscription, first ensure you can meet the prerequisites:
|
||||
1. Update Compliance works only with Windows 10 Professional, Education, and Enterprise editions. Update Compliance only provides data for the standard Desktop Windows 10 version and is not currently compatible with Windows Server, Surface Hub, IoT, etc.
|
||||
2. Update Compliance provides detailed deployment data for devices on the Semi-Annual Channel and the Long-term Servicing Channel. Update Compliance will show Windows Insider Preview devices, but currently will not provide detailed deployment information for them.
|
||||
3. Update Compliance requires at least the Basic level of diagnostic data and a Commercial ID to be enabled on the device.
|
||||
4. For Windows 10 1803+, device names will not appear in Update Compliance unless you opt in. The steps to accomplish this is outlined in the [Enroll devices in Update Compliance](#enroll-devices-in-update-compliance) section.
|
||||
|
||||
## Add Update Compliance to your Azure subscription
|
||||
Update Compliance is offered as a solution which is linked to a new or existing [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. To configure this, follow these steps:
|
||||
|
||||
1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal.
|
||||
|
||||
> [!NOTE]
|
||||
> Update Compliance is included at no additional cost with Windows 10 Professional, Education, and Enterprise editions. An Azure subscription is required for managing and using Update Compliance, but no Azure charges are expected to accrue to the subscription as a result of using Update Compliance.
|
||||
|
||||
2. In the Azure portal select **+ Create a resource**, and search for “Update Compliance". You should see it in the results below.
|
||||
|
||||
|
||||
|
||||
3. Select **Update Compliance** and a blade will appear summarizing the solution’s offerings. At the bottom, select **Create** to begin adding the solution to Azure.
|
||||
|
||||
|
||||
|
||||
4. Choose an existing workspace or create a new workspace that will be assigned to the Update Compliance solution.
|
||||
- [Desktop Analytics](TODO: Add Desktop Analytics reference: https://docs.microsoft.com/en-us/sccm/desktop-analytics/overview) customers are advised to use the same workspace for Update Compliance.
|
||||
- If you are creating a new workspace, and your organization does not have policies governing naming conventions and structure, consider the following workspace settings to get started:
|
||||
- Choose a workspace name which reflects the scope of planned usage in your organization, for example *PC-Analytics*.
|
||||
- For the resource group setting select **Create new** and use the same name you chose for your new workspace.
|
||||
- For the location setting, choose the Azure region where you would prefer the data to be stored.
|
||||
- For the pricing tier select **per GB**.
|
||||
|
||||
|
||||
|
||||
5. The resource group and workspace creation process could take a few minutes. After this, you are able to use that workspace for Update Compliance. Select **Create**.
|
||||
|
||||
|
||||
|
||||
6. Watch for a notification in the Azure portal that your deployment has been successful. This might take a few minutes. Then, select **Go to resource**.
|
||||
|
||||
|
||||
|
||||
## Enroll devices in Update Compliance
|
||||
Once you've added Update Compliance to a workspace in your Azure subscription, you can start enrolling the devices in your organization. For Update Compliance there are three key steps to ensure successful enrollment:
|
||||
|
||||
### Deploy your Commercial ID to devices
|
||||
A Commercial ID is a globally-unique identifier assigned to a specific Log Analytics workspace. This is used to identify devices as part of your environment.
|
||||
|
||||
To find your Commercial ID within Azure:
|
||||
1. Navigate to the **Solutions** tab for your workspace, and then select the **WaaSUpdateInsights** solution.
|
||||
2. From there, select the Update Compliance Settings page on the navbar.
|
||||
3. Your Commercial ID is available in the settings page.
|
||||
|
||||
|
||||
|
||||
>**Important**
|
||||
>
|
||||
>Regenerate your Commercial ID only if your Original ID key can no longer be used or if you want to completely reset your workspace. Regenerating your Commercial ID cannot be undone and will result in you losing data for all devices that have the current Commercial ID until the new Commercial ID is deployed to devices.
|
||||
|
||||
#### Deploying Commercial ID using Group Policy
|
||||
Commercial ID can be deployed using Group Policy. The Group Policy for Commercial ID is under **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds\Configure the Commercial ID**.
|
||||
|
||||
|
||||
|
||||
#### Deploying Commercial ID using MDM
|
||||
Commercial ID can be deployed through a [Mobile Device Management](https://docs.microsoft.com/en-us/windows/client-management/mdm/) (MDM) policy beginning with Windows 10, version 1607. Commercial ID is under the [DMClient configuration service provider](https://docs.microsoft.com/en-us/windows/client-management/mdm/dmclient-csp).
|
||||
|
||||
### Ensure endpoints are whitelisted
|
||||
To enable data sharing between devices, your network, and Microsoft's Diagnostic Data Service, configure your proxy to whitelist the following endpoints. You may need security group approval to do this.
|
||||
|
||||
| **Endpoint** | **Function** |
|
||||
|---------------------------------------------------------|-----------|
|
||||
| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. |
|
||||
| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier. |
|
||||
| `https://settings-win.data.microsoft.com` | Enables the compatibility update to send data to Microsoft. |
|
||||
| `http://adl.windows.com` | Allows the compatibility update to receive the latest compatibility data from Microsoft. |
|
||||
| `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER), used to provide more advanced error reporting in the event of certain Feature Update deployment failures. |
|
||||
| `https://oca.telemetry.microsoft.com` | Online Crash Analysis, used to provide device-specific recommendations and detailed errors in the event of certain crashes. |
|
||||
| `https://login.live.com` | This endpoint is optional but allows for the Update Compliance service to more reliably identify and process devices. If you want to disable end-user managed service account (MSA) access, you should apply the appropriate [policy](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts#block-all-consumer-microsoft-account-user-authentication) instead of blocking this endpoint. |
|
||||
|
||||
### Set diagnostic data levels
|
||||
Update Compliance requries that devices are configured to send Microsoft at least the Basic level of diagnostic data in order to function. For more information on Windows diagnostic data, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
|
||||
|
||||
#### Configuring Telemetry level using Group Policy
|
||||
You can set Allow Telemetry through Group Policy, this setting is in the same place as the Commercial ID policy, under **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds\Allow Telemetry**. Update Compliance requires at least Basic (level 1) to function.
|
||||
|
||||
|
||||
|
||||
#### Configuring Telemetry level using MDM
|
||||
Telemetry level can additionally be configured through a [Mobile Device Management](https://docs.microsoft.com/en-us/windows/client-management/mdm/) (MDM) policy. Allow Telemetry is under the [Policy Configuration Service Provider](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider) as [System/AllowTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowtelemetry).
|
||||
|
||||
### Enabling Device Name in telemetry
|
||||
Beginning with Windows 10, version 1803, Device Name is no longer collected as part of normal Windows Diagnostic Data and must explicitly be allowed to be sent to Microsoft. If devices do not have this policy enabled, their device name will appear as '#' instead.
|
||||
|
||||
#### Allow Device Name in Telemetry with Group Policy
|
||||
Allow Device Name in Telemetry is under the same node as Commercial ID and Allow Telemetry policies in Group Policy, listed as **Allow device name to be sent in Windows diagnostic data**.
|
||||
|
||||
#### Allow Device Name in Telemetry with MDM
|
||||
Allow Device Name in Telemetry is under the [Policy Configuration Service Provider](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider) as [System/AllowTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowtelemetry).
|
||||
|
||||
>[!NOTE]
|
||||
>After enrolling your devices (by deploying your CommercialID and Windows Diagnostic Data settings), it might take 48-72 hours for the first data to appear in the solution. Until then, Update Compliance will indicate it is still assessing devices.
|
||||
@ -1,57 +1,60 @@
|
||||
---
|
||||
title: Monitor Windows Updates and Windows Defender AV with Update Compliance (Windows 10)
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: You can use Update Compliance in Azure Portal to monitor the progress of updates and key antimalware protection features on devices in your network.
|
||||
keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
audience: itpro
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.localizationpriority: medium
|
||||
ms.collection: M365-analytics
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Monitor Windows Updates with Update Compliance
|
||||
|
||||
## Introduction
|
||||
|
||||
Update Compliance is a [Windows Analytics solution](windows-analytics-overview.md) that enables organizations to:
|
||||
|
||||
* Monitor Windows 10 Professional, Education, and Enterprise security, quality, and feature updates.
|
||||
* View a report of device and update issues related to compliance that need attention.
|
||||
* See the status of Windows Defender Antivirus signatures and threats.
|
||||
* Check bandwidth savings incurred across multiple content types by using [Delivery Optimization](waas-delivery-optimization.md).
|
||||
|
||||
Update Compliance is offered through the Azure portal, and is available free for devices that meet the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites).
|
||||
|
||||
Update Compliance uses Windows 10 and Windows Defender Antivirus diagnostic data for all of its reporting. It collects system data including update deployment progress, [Windows Update for Business](waas-manage-updates-wufb.md) configuration data, Windows Defender Antivirus data, and Delivery Optimization usage data, and then sends this data to a secure cloud to be stored for analysis and usage in [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal).
|
||||
|
||||
See the following topics in this guide for detailed information about configuring and using the Update Compliance solution:
|
||||
|
||||
- [Get started with Update Compliance](update-compliance-get-started.md): How to add Update Compliance to your environment.
|
||||
- [Using Update Compliance](update-compliance-using.md): How to begin using Update Compliance.
|
||||
|
||||
## Update Compliance architecture
|
||||
|
||||
The Update Compliance architecture and data flow is summarized by the following four-step process:
|
||||
|
||||
1. User computers send diagnostic data to a secure Microsoft data center using the Microsoft Data Management Service.<BR>
|
||||
2. Diagnostic data is analyzed by the Update Compliance Data Service.<BR>
|
||||
3. Diagnostic data is pushed from the Update Compliance Data Service to your Azure Monitor workspace.<BR>
|
||||
4. Diagnostic data is available in the Update Compliance solution.<BR>
|
||||
|
||||
|
||||
>[!NOTE]
|
||||
>This process assumes that Windows diagnostic data is enabled and data sharing is enabled as described in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
|
||||
|
||||
|
||||
|
||||
|
||||
## Related topics
|
||||
|
||||
[Get started with Update Compliance](update-compliance-get-started.md)<BR>
|
||||
---
|
||||
title: Monitor Windows Updates and Windows Defender AV with Update Compliance (Windows 10)
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: You can use Update Compliance in Azure Portal to monitor the progress of updates and key antimalware protection features on devices in your network.
|
||||
keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
audience: itpro
|
||||
author: jaimeo
|
||||
ms.author: jaimeo
|
||||
ms.localizationpriority: medium
|
||||
ms.collection: M365-analytics
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Monitor Windows Updates with Update Compliance
|
||||
|
||||
>[!IMPORTANT]
|
||||
>Update Compliance is moving out of Windows Analytics. Windows Analytics is being retired, but Update Compliance will continue to be supported. For more information, see the [Update Compliance FAQ](windows-analytics-get-started.md).
|
||||
|
||||
## Introduction
|
||||
|
||||
Update Compliance is a [Windows Analytics solution](windows-analytics-overview.md) that enables organizations to:
|
||||
|
||||
* Monitor security, quality, and feature updates for Windows 10 Professional, Education, and Enterprise editions.
|
||||
* View a report of device and update issues related to compliance that need attention.
|
||||
* Check bandwidth savings incurred across multiple content types by using [Delivery Optimization](waas-delivery-optimization.md).
|
||||
|
||||
Update Compliance is offered through the Azure portal, and is included as part of Windows 10 licenses listed in the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites).
|
||||
|
||||
Update Compliance uses Windows 10 and Windows Defender Antivirus diagnostic data for all of its reporting. It collects system data including update deployment progress, [Windows Update for Business](waas-manage-updates-wufb.md) configuration data, Windows Defender Antivirus data, and Delivery Optimization usage data, and then sends this data to a secure cloud to be stored for analysis and usage in [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal).
|
||||
|
||||
See the following topics in this guide for detailed information about configuring and using the Update Compliance solution:
|
||||
|
||||
- [Get started with Update Compliance](update-compliance-get-started.md): How to add Update Compliance to your environment.
|
||||
- [Using Update Compliance](update-compliance-using.md): How to begin using Update Compliance.
|
||||
|
||||
## Update Compliance architecture
|
||||
|
||||
The Update Compliance architecture and data flow follows this process:
|
||||
|
||||
1. User computers send diagnostic data to a secure Microsoft data center using the Microsoft Data Management Service.
|
||||
2. Diagnostic data is analyzed by the Update Compliance Data Service.
|
||||
3. Diagnostic data is pushed from the Update Compliance Data Service to your Azure Monitor workspace.
|
||||
4. Diagnostic data is available in the Update Compliance solution.
|
||||
|
||||
|
||||
>[!NOTE]
|
||||
>This process assumes that Windows diagnostic data is enabled and data sharing is enabled as outlined in the enrollment section of [Get started with Update Compliance](update-compliance-get-started.md).
|
||||
|
||||
|
||||
|
||||
|
||||
## Related topics
|
||||
|
||||
[Get started with Update Compliance](update-compliance-get-started.md)<BR>
|
||||
[Use Update Compliance to monitor Windows Updates](update-compliance-using.md)
|
||||
@ -1,94 +1,94 @@
|
||||
---
|
||||
title: Using Update Compliance (Windows 10)
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: Explains how to begin usihg Update Compliance.
|
||||
keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
audience: itpro
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.localizationpriority: medium
|
||||
ms.collection: M365-analytics
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Use Update Compliance
|
||||
|
||||
In this section you'll learn how to use Update Compliance to monitor your device's Windows updates and Windows Defender Antivirus status. To configure your environment for use with Update Compliance, refer to [Get started with Update Compliance](update-compliance-get-started.md).
|
||||
|
||||
|
||||
Update Compliance:
|
||||
- Provides detailed deployment data for Windows 10 security, quality, and feature updates.
|
||||
- Reports when devices have issues related to updates that need attention.
|
||||
- Shows Windows Defender AV status information for devices that use it and meet the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites).
|
||||
- Shows bandwidth usage and savings for devices that are configured to use [Delivery Optimization](waas-delivery-optimization.md).
|
||||
- Provides all of the above data in [Log Analytics](#using-log-analytics), which affords additional querying and export capabilities.
|
||||
|
||||
## The Update Compliance tile
|
||||
After Update Compliance has successfully been [added to your Azure subscription](update-compliance-get-started.md#add-update-compliance-to-your-azure-subscription), you’ll see this tile:
|
||||
|
||||
|
||||
|
||||
When the solution is added, data is not immediately available. Data will begin to be collected after data is sent up that belongs to the Commercial ID associated with the device. This process assumes that Windows diagnostic data is enabled and data sharing is enabled as described in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md). After Microsoft has collected and processed any device data associated with your Commercial ID, the tile will be replaced with the following summary:
|
||||
|
||||
|
||||
|
||||
The summary details the total number of devices that Microsoft has received data from with your Commercial ID. It also provides the number of devices that need attention if any. Finally, it details the last point at which your Update Compliance workspace was refreshed.
|
||||
|
||||
## The Update Compliance workspace
|
||||
|
||||
|
||||
|
||||
When you select this tile, you will be redirected to the Update Compliance workspace. The workspace is organized with the Overview blade providing a hub from which to navigate to different reports of your devices' data.
|
||||
|
||||
### Overview blade
|
||||
|
||||
|
||||
|
||||
Update Compliance’s overview blade summarizes all the data Update Compliance provides. It functions as a hub from which you can navigate to different sections. The total number of devices detected by Update Compliance is reported in the title of this blade. What follows is a distribution for all devices as to whether they are up to date on the following items:
|
||||
* Security updates: A device is up to date on quality updates whenever it has the latest applicable quality update installed. Quality updates are monthly cumulative updates that are specific to a version of Windows 10.
|
||||
* Feature updates: A device is up to date on feature updates whenever it has the latest applicable feature update installed. Update Compliance considers [Servicing Channel](waas-overview.md#servicing-channels) when determining update applicability.
|
||||
* AV Signature: A device is up to date on Antivirus Signature when the latest Windows Defender Signatures have been downloaded. This distribution only considers devices that are running Windows Defender Antivirus.
|
||||
|
||||
The blade also provides the time at which your Update Compliance workspace was [refreshed](#update-compliance-data-latency).
|
||||
|
||||
The following is a breakdown of the different sections available in Update Compliance:
|
||||
* [Need Attention!](update-compliance-need-attention.md) - This section is the default section when arriving to your Update Compliance workspace. It provides a summary of the different issues devices are facing relative to Windows 10 updates.
|
||||
* [Security Update Status](update-compliance-security-update-status.md) - This section lists the percentage of devices that are on the latest security update released for the version of Windows 10 it is running. Selecting this section provides blades that summarize the overall status of security updates across all devices and a summary of their deployment progress towards the latest two security updates.
|
||||
* [Feature Update Status](update-compliance-feature-update-status.md) - This section lists the percentage of devices that are on the latest feature update that is applicable to a given device. Selecting this section provides blades that summarize the overall feature update status across all devices and a summary of deployment status for different versions of Windows 10 in your environment.
|
||||
* [Windows Defender AV Status](update-compliance-wd-av-status.md) - This section lists the percentage of devices running Windows Defender Antivirus that are not sufficiently protected. Selecting this section provides a summary of signature and threat status across all devices that are running Windows Defender Antivirus. This section is not applicable to devices not running Windows Defender Antivirus or devices that do not meet the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites) to be assessed.
|
||||
* [Delivery Optimization Status](update-compliance-delivery-optimization.md) - This section summarizes bandwidth savings incurred by utilizing Delivery Optimization in your environment. It provides a breakdown of Delivery Optimization configuration across devices, and summarizes bandwidth savings and utilization across multiple content types.
|
||||
|
||||
|
||||
## Update Compliance data latency
|
||||
Update Compliance uses Windows 10 diagnostic data as its data source. After you add Update Compliance and appropriately configure your devices, it could take 48-72 hours before they first appear. The process that follows is as follows:
|
||||
|
||||
Update Compliance is refreshed every 12 hours. This means that every 12 hours all data that has been gathered over the last 12-hour interval is pushed to Log Analytics. However, the rate that each data type is sent and how long it takes to be ready for Update Compliance varies, roughly outlined below.
|
||||
|
||||
| Data Type | Refresh Rate | Data Latency |
|
||||
|--|--|--|
|
||||
|WaaSUpdateStatus | Once per day |4 hours |
|
||||
|WaaSInsiderStatus| Once per day |4 hours |
|
||||
|WaaSDeploymentStatus|Every update event (Download, install, etc.)|24-36 hours |
|
||||
|WDAVStatus|On signature update|24 hours |
|
||||
|WDAVThreat|On threat detection|24 hours |
|
||||
|WUDOAggregatedStatus|On update event, aggregated over time|24-36 hours |
|
||||
|WUDOStatus|Once per day|12 hours |
|
||||
|
||||
This means you should generally expect to see new data every 24-36 hours, except for WaaSDeploymentStatus and WUDOAggregatedStatus, which may take 36-48 hours (if it misses the 36th hour refresh, it would be in the 48th, so the data will be present in the 48th hour refresh).
|
||||
|
||||
## Using Log Analytics
|
||||
|
||||
Update Compliance is built on the Log Analytics platform that is integrated into Operations Management Suite. All data in the workspace is the direct result of a query. Understanding the tools and features at your disposal, all integrated within Azure Portal, can deeply enhance your experience and complement Update Compliance.
|
||||
|
||||
See below for a few topics related to Log Analytics:
|
||||
* Learn how to effectively execute custom Log Searches by referring to Microsoft Azure’s excellent documentation on [querying data in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-log-searches).
|
||||
* To develop your own custom data views in Operations Management Suite or [Power BI](https://powerbi.microsoft.com/); check out documentation on [analyzing data for use in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-dashboards).
|
||||
* [Gain an overview of Log Analytics’ alerts](https://docs.microsoft.com/azure/log-analytics/log-analytics-alerts) and learn how to use it to always stay informed about the most critical issues you care about.
|
||||
|
||||
## Related topics
|
||||
|
||||
---
|
||||
title: Using Update Compliance (Windows 10)
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: Explains how to begin usihg Update Compliance.
|
||||
keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
audience: itpro
|
||||
author: jaimeo
|
||||
ms.author: jaimeo
|
||||
ms.localizationpriority: medium
|
||||
ms.collection: M365-analytics
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Use Update Compliance
|
||||
|
||||
In this section you'll learn how to use Update Compliance to monitor your device's Windows updates and Windows Defender Antivirus status. To configure your environment for use with Update Compliance, refer to [Get started with Update Compliance](update-compliance-get-started.md).
|
||||
|
||||
|
||||
Update Compliance:
|
||||
- Provides detailed deployment data for Windows 10 security, quality, and feature updates.
|
||||
- Reports when devices have issues related to updates that need attention.
|
||||
- Shows Windows Defender AV status information for devices that use it and meet the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites).
|
||||
- Shows bandwidth usage and savings for devices that are configured to use [Delivery Optimization](waas-delivery-optimization.md).
|
||||
- Provides all of the above data in [Log Analytics](#using-log-analytics), which affords additional querying and export capabilities.
|
||||
|
||||
## The Update Compliance tile
|
||||
After Update Compliance has successfully been [added to your Azure subscription](update-compliance-get-started.md#add-update-compliance-to-your-azure-subscription), you’ll see this tile:
|
||||
|
||||
|
||||
|
||||
When the solution is added, data is not immediately available. Data will begin to be collected after data is sent up that belongs to the Commercial ID associated with the device. This process assumes that Windows diagnostic data is enabled and data sharing is enabled as described in [Enrolling devices in Update Compliance](update-compliance-get-started.md#enroll-devices-in-update-compliance). After Microsoft has collected and processed any device data associated with your Commercial ID, the tile will be replaced with the following summary:
|
||||
|
||||
|
||||
|
||||
The summary details the total number of devices that Microsoft has received data from with your Commercial ID. It also provides the number of devices that need attention if any. Finally, it details the last point at which your Update Compliance workspace was refreshed.
|
||||
|
||||
## The Update Compliance workspace
|
||||
|
||||
|
||||
|
||||
When you select this tile, you will be redirected to the Update Compliance workspace. The workspace is organized with the Overview blade providing a hub from which to navigate to different reports of your devices' data.
|
||||
|
||||
### Overview blade
|
||||
|
||||
|
||||
|
||||
Update Compliance’s overview blade summarizes all the data Update Compliance provides. It functions as a hub from which you can navigate to different sections. The total number of devices detected by Update Compliance is reported in the title of this blade. What follows is a distribution for all devices as to whether they are up to date on the following items:
|
||||
* Security updates: A device is up to date on quality updates whenever it has the latest applicable quality update installed. Quality updates are monthly cumulative updates that are specific to a version of Windows 10.
|
||||
* Feature updates: A device is up to date on feature updates whenever it has the latest applicable feature update installed. Update Compliance considers [Servicing Channel](waas-overview.md#servicing-channels) when determining update applicability.
|
||||
* AV Signature: A device is up to date on Antivirus Signature when the latest Windows Defender Signatures have been downloaded. This distribution only considers devices that are running Windows Defender Antivirus.
|
||||
|
||||
The blade also provides the time at which your Update Compliance workspace was [refreshed](#update-compliance-data-latency).
|
||||
|
||||
The following is a breakdown of the different sections available in Update Compliance:
|
||||
* [Need Attention!](update-compliance-need-attention.md) - This section is the default section when arriving to your Update Compliance workspace. It provides a summary of the different issues devices are facing relative to Windows 10 updates.
|
||||
* [Security Update Status](update-compliance-security-update-status.md) - This section lists the percentage of devices that are on the latest security update released for the version of Windows 10 it is running. Selecting this section provides blades that summarize the overall status of security updates across all devices and a summary of their deployment progress towards the latest two security updates.
|
||||
* [Feature Update Status](update-compliance-feature-update-status.md) - This section lists the percentage of devices that are on the latest feature update that is applicable to a given device. Selecting this section provides blades that summarize the overall feature update status across all devices and a summary of deployment status for different versions of Windows 10 in your environment.
|
||||
* [Delivery Optimization Status](update-compliance-delivery-optimization.md) - This section summarizes bandwidth savings incurred by utilizing Delivery Optimization in your environment. It provides a breakdown of Delivery Optimization configuration across devices, and summarizes bandwidth savings and utilization across multiple content types.
|
||||
|
||||
|
||||
## Update Compliance data latency
|
||||
Update Compliance uses Windows 10 diagnostic data as its data source. After you add Update Compliance and appropriately configure your devices, it could take 48-72 hours before they first appear. The process that follows is as follows:
|
||||
|
||||
Update Compliance is refreshed every 12 hours. This means that every 12 hours all data that has been gathered over the last 12-hour interval is pushed to Log Analytics. However, the rate at which each type of data is sent from the device and how long it takes to be ready for Update Compliance varies, roughly outlined below.
|
||||
|
||||
| Data Type | Data upload rate from device | Data Latency |
|
||||
|--|--|--|
|
||||
|WaaSUpdateStatus | Once per day |4 hours |
|
||||
|WaaSInsiderStatus| Once per day |4 hours |
|
||||
|WaaSDeploymentStatus|Every update event (Download, install, etc.)|24-36 hours |
|
||||
|WDAVStatus|On signature update|24 hours |
|
||||
|WDAVThreat|On threat detection|24 hours |
|
||||
|WUDOAggregatedStatus|On update event, aggregated over time|24-36 hours |
|
||||
|WUDOStatus|Once per day|12 hours |
|
||||
|
||||
This means you should generally expect to see new data device data every 24 hours, except for WaaSDeploymentStatus and WUDOAggregatedStatus, which may take 36-48 hours (if it misses the 36th hour refresh, it would be in the 48th, so the data will be present in the 48th hour refresh).
|
||||
|
||||
## Using Log Analytics
|
||||
|
||||
Update Compliance is built on the Log Analytics platform that is integrated into Operations Management Suite. All data in the workspace is the direct result of a query. Understanding the tools and features at your disposal, all integrated within Azure Portal, can deeply enhance your experience and complement Update Compliance.
|
||||
|
||||
See below for a few topics related to Log Analytics:
|
||||
* Learn how to effectively execute custom Log Searches by referring to Microsoft Azure’s excellent documentation on [querying data in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-log-searches).
|
||||
* To develop your own custom data views in Operations Management Suite or [Power BI](https://powerbi.microsoft.com/); check out documentation on [analyzing data for use in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-dashboards).
|
||||
* [Gain an overview of Log Analytics’ alerts](https://docs.microsoft.com/azure/log-analytics/log-analytics-alerts) and learn how to use it to always stay informed about the most critical issues you care about.
|
||||
|
||||
## Related topics
|
||||
|
||||
[Get started with Update Compliance](update-compliance-get-started.md)
|
||||
Reference in New Issue
Block a user