deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' into pm-20231215-whfb-freshness

Browse Source
This commit is contained in:
Stacyrch140 2023-12-15 14:31:09 -05:00 committed by GitHub
commit aa01ac35f8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 42 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
windows/deployment/update/includes/wufb-reports-endpoints.md
View File

@ -5,10 +5,11 @@ manager: aaroncz
ms.technology: itpro-updates ms.technology: itpro-updates
ms.prod: windows-client ms.prod: windows-client
ms.topic: include ms.topic: include
ms.date: 08/21/2023 ms.date: 12/15/2023
ms.localizationpriority: medium ms.localizationpriority: medium
--- ---
<!--This file is shared by updates/wufb-reports-prerequisites.md and the update/update-compliance-configuration-manual.md articles. Headings are driven by article context. -->
<!-- This file is shared by update/wufb-reports-prerequisites.md and update/wufb-reports-configuration-manual.md articles. Headings are driven by article context. -->
Devices must be able to contact the following endpoints in order to authenticate and send diagnostic data: Devices must be able to contact the following endpoints in order to authenticate and send diagnostic data:
@ -20,5 +21,5 @@ Devices must be able to contact the following endpoints in order to authenticate
| `settings-win.data.microsoft.com` | Used by Windows components and applications to dynamically update their configuration. Required for Windows Update functionality. | | `settings-win.data.microsoft.com` | Used by Windows components and applications to dynamically update their configuration. Required for Windows Update functionality. |
| `adl.windows.com` | Required for Windows Update functionality. | | `adl.windows.com` | Required for Windows Update functionality. |
| `oca.telemetry.microsoft.com` | Online Crash Analysis, used to provide device-specific recommendations and detailed errors if there are certain crashes. | | `oca.telemetry.microsoft.com` | Online Crash Analysis, used to provide device-specific recommendations and detailed errors if there are certain crashes. |
| `login.live.com` | This endpoint facilitates your Microsoft account access and is required to create the primary identifier we use for devices. Without this service, devices won't be visible in the solution. The Microsoft Account Sign-in Assistant service must also be running (wlidsvc). | | `login.live.com` | This endpoint facilitates your Microsoft account access and is required to create the primary identifier we use for devices. Without this service, devices aren't visible in the solution. The Microsoft Account Sign-in Assistant service must also be running (wlidsvc). |
| `*.blob.core.windows.net` | Azure blob data storage.| | `ceuswatcab01.blob.core.windows.net` <br> `ceuswatcab02.blob.core.windows.net` <br> `eaus2watcab01.blob.core.windows.net` <br> `eaus2watcab02.blob.core.windows.net` <br> `weus2watcab01.blob.core.windows.net` <br> `weus2watcab02.blob.core.windows.net` | Azure blob data storage. <!-- 8603508 --> |

49
windows/deployment/update/wufb-reports-configuration-manual.md
View File

@ -4,7 +4,7 @@ titleSuffix: Windows Update for Business reports
description: How to manually configure devices for Windows Update for Business reports using a PowerShell script. description: How to manually configure devices for Windows Update for Business reports using a PowerShell script.
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-updates ms.technology: itpro-updates
ms.topic: conceptual ms.topic: how-to
author: mestew author: mestew
ms.author: mstewart ms.author: mstewart
manager: aaroncz manager: aaroncz
@ -12,61 +12,60 @@ ms.localizationpriority: medium
appliesto: appliesto:
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a> - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a> - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
ms.date: 11/15/2022 ms.date: 12/15/2023
--- ---
# Manually configuring devices for Windows Update for Business reports # Manually configure devices for Windows Update for Business reports
<!--37063317, 30141258, 37063041--> <!--37063317, 30141258, 37063041-->
There are a number of requirements to consider when manually configuring devices for Windows Update for Business reports. These requirements can potentially change with newer versions of Windows client. The [Windows Update for Business reports configuration script](wufb-reports-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required. There are many requirements to consider when manually configuring devices for Windows Update for Business reports. These requirements can potentially change with later versions of Windows client. When any configuration requirements change, we'll update the [Windows Update for Business reports configuration script](wufb-reports-configuration-script.md). If that happens, you only need to redeploy the script.
The requirements are separated into different categories: The requirements are separated into different categories:
1. Ensuring the [**required policies**](#required-policies) for Windows Update for Business reports are correctly configured. 1. Ensuring the [**required policies**](#required-policies) for Windows Update for Business reports are correctly configured.
2. Devices in every network topography must send data to the [**required endpoints**](#required-endpoints) for Windows Update for Business reports. For example, devices in both main and satellite offices, which might have different network configurations, must be able to reach the endpoints. 2. Devices in every network topography must send data to the [**required endpoints**](#required-endpoints) for Windows Update for Business reports. For example, devices in both main and satellite offices, which might have different network configurations, must be able to reach the endpoints.
3. Ensure [**Required Windows services**](#required-services) are running or are scheduled to run. It's recommended all Microsoft and Windows services are set to their out-of-box defaults to ensure proper functionality. 3. Ensure [**Required Windows services**](#required-services) are running or are scheduled to run. For proper functionality, leave Windows services set to their out-of-box default configurations.
## Required policies ## Required policies
Windows Update for Business reports has a number of policies that must be appropriately configured in order for devices to be processed by Microsoft and visible in Windows Update for Business reports. Thee policies are listed below, separated by whether the policies will be configured via [Mobile Device Management](/windows/client-management/mdm/) (MDM) or Group Policy. For both tables: The Windows Update for Business reports service has several policies that you need to configure appropriately. These policies allow Microsoft to process your devices and show them in Windows Update for Business reports. The policies are listed in the following subsections, separated by [mobile device management](/windows/client-management/mdm/) (MDM) or group policy.
- **Policy** corresponds to the location and name of the policy. The following definitions apply for both tables:
- **Value** Indicates what value the policy must be set to. Windows Update for Business reports requires *at least* Basic (or Required) diagnostic data, but can function off Enhanced or Full (or Optional).
- **Function** details why the policy is required and what function it serves for Windows Update for Business reports. It will also detail a minimum version the policy is required, if any.
### Mobile Device Management policies - **Policy**: The location and name of the policy.
- **Value**: Set the policy to this value. Windows Update for Business reports requires at least *Required* (previously *Basic*) diagnostic data, but can function with *Enhanced* or *Optional* (previously *Full*).
- **Function**: Details for why the policy is required and what function it serves for Windows Update for Business reports. It also details a minimum version the policy requires, if any.
Each MDM Policy links to its documentation in the configuration service provider (CSP) hierarchy, providing its exact location in the hierarchy and more details. ### MDM policies
| Policy | Data type | Value | Function | Required or recommended| Each MDM policy links to more detailed documentation in the configuration service provider (CSP) hierarchy.
| Policy | Data type | Value | Function | Required or recommended |
|---|---|---|---|---| |---|---|---|---|---|
|**System/**[**AllowTelemetry**](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) |Integer | 1 - Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. For more information, see the following policy. | Required | | **System/**[**AllowTelemetry**](/windows/client-management/mdm/policy-csp-system#allowtelemetry) | Integer | `1`: Basic (Required) | Configures the device to send the minimum required diagnostic data. | Required |
|**System/**[**ConfigureTelemetryOptInSettingsUx**](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) |Integer |1 - Disable Telemetry opt-in Settings | Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy or the effective diagnostic data level on devices might not be sufficient. | Recommended | | **System/**[**ConfigureTelemetryOptInSettingsUx**](/windows/client-management/mdm/policy-csp-system#configuretelemetryoptinsettingsux) | Integer | `1`: Disable diagnostic data opt-in settings | Determines whether users of the device can adjust diagnostic data to levels lower than you define by the *AllowTelemetry* policy. Set the recommended value to disable opt-in settings, or users can change the effective diagnostic data level that might not be sufficient. | Recommended |
|**System/**[**AllowDeviceNameInDiagnosticData**](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) |Integer | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name won't be sent and won't be visible in Windows Update for Business reports, showing `#` instead. | Recommended | | **System/**[**AllowDeviceNameInDiagnosticData**](/windows/client-management/mdm/policy-csp-system#allowdevicenameindiagnosticdata) | Integer | `1`: Allowed | Allows the device to send its name with Windows diagnostic data. If you don't configure this policy or set it to `0`: Disabled, then the data doesn't include the device name. If the data doesn't include the device name, you can't see the device in Windows Update for Business reports. In this instance, the reports show `#` instead. | Recommended |
| **System/**[**ConfigureTelemetryOptInChangeNotification**](/windows/client-management/mdm/policy-csp-system#configuretelemetryoptinchangenotification) | Integer | 1 - Disabled | Disables user notifications that appear for changes to the diagnostic data level. | Recommended | | **System/**[**ConfigureTelemetryOptInChangeNotification**](/windows/client-management/mdm/policy-csp-system#configuretelemetryoptinchangenotification) | Integer | `1`: Disabled | Disables user notifications that appear for changes to the diagnostic data level. | Recommended |
### Group policies ### Group policies
All Group policies that need to be configured for Windows Update for Business reports are under **Computer Configuration>Administrative Templates>Windows Components\Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value* below. All group policies that you need to configure for Windows Update for Business reports are under the following path: **Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value*.
| Policy | Value | Function | Required or recommended| | Policy | Value | Function | Required or recommended|
|---|---|---|---| |---|---|---|---|
|**Allow Diagnostic Data** | Send required diagnostic data (minimum) | Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. For more information, see the **Configure diagnostic data opt-in setting user interface**. | Required | | **Allow Diagnostic Data** | Send required diagnostic data | Configures the device to send the minimum required diagnostic data. | Required |
|**Configure diagnostic data opt-in setting user interface** | Disable diagnostic data opt in settings | Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy, otherwise the effective diagnostic data level on devices might not be sufficient. | Recommended | | **Configure diagnostic data opt-in setting user interface** | Disable diagnostic data opt-in settings | Determines whether users of the device can adjust diagnostic data to levels lower than you define by the *Allow Diagnostic Data* policy. Set the recommended value to disable opt-in settings, or users can change the effective diagnostic data level that might not be sufficient. | Recommended |
|**Allow device name to be sent in Windows diagnostic data** | Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name won't be sent and won't be visible in Windows Update for Business reports, showing `#` instead. | Recommended | | **Allow device name to be sent in Windows diagnostic data** | Enabled | Allows the device to send its name with Windows diagnostic data. If you don't configure this policy or set it to *Disabled*, then the data doesn't include the device name. If the data doesn't include the device name, you can't see the device in Windows Update for Business reports. In this instance, the reports show `#` instead. | Recommended |
|**Configure diagnostic data opt-in change notifications** | Disable diagnostic data change notifications | Disables user notifications that appear for changes to the diagnostic data level. | Recommended | | **Configure diagnostic data opt-in change notifications** | Disable diagnostic data change notifications | Disables user notifications that appear for changes to the diagnostic data level. | Recommended |
## Required endpoints ## Required endpoints
To enable data sharing between devices, your network, and Microsoft's Diagnostic Data Service, configure your proxy to allow devices to contact the below endpoints.
<!--Using include for endpoint access requirements--> <!--Using include for endpoint access requirements-->
[!INCLUDE [Endpoints for Windows Update for Business reports](./includes/wufb-reports-endpoints.md)] [!INCLUDE [Endpoints for Windows Update for Business reports](./includes/wufb-reports-endpoints.md)]
## Required services ## Required services
Many Windows and Microsoft services are required to ensure that not only the device can function, but Windows Update for Business reports can see device data. It's recommended that you allow all default services from the out-of-box experience to remain running. The [Windows Update for Business reports Configuration Script](wufb-reports-configuration-script.md) checks whether the majority of these services are running or are allowed to run automatically. Many Windows services are required for Windows Update for Business reports to see device data. Allow all default services from the out-of-box experience to remain running. Use the [Windows Update for Business reports configuration script](wufb-reports-configuration-script.md) to check whether required services are running or are allowed to run automatically.
## Next steps ## Next steps

28
windows/deployment/update/wufb-reports-prerequisites.md
View File

@ -11,7 +11,7 @@ manager: aaroncz
appliesto: appliesto:
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a> - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a> - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
ms.date: 08/30/2023 ms.date: 12/15/2023
--- ---
# Windows Update for Business reports prerequisites # Windows Update for Business reports prerequisites
@ -22,12 +22,12 @@ Before you begin the process of adding Windows Update for Business reports to yo
## Azure and Microsoft Entra ID ## Azure and Microsoft Entra ID
- An Azure subscription with [Microsoft Entra ID](/azure/active-directory/) - An Azure subscription with [Microsoft Entra ID](/azure/active-directory/).
- Devices must be Microsoft Entra joined and meet the below OS, diagnostic, and endpoint access requirements. - Devices must be Microsoft Entra joined and meet the below OS, diagnostic, and endpoint access requirements.
- Devices can be [Microsoft Entra joined](/azure/active-directory/devices/concept-azure-ad-join) or [Microsoft Entra hybrid joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid). - Devices can be [Microsoft Entra joined](/azure/active-directory/devices/concept-azure-ad-join) or [Microsoft Entra hybrid joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid).
- Devices that are [Microsoft Entra registered](/azure/active-directory/devices/concept-azure-ad-register) only (Workplace joined) aren't supported with Windows Update for Business reports. - Devices that are [Microsoft Entra registered](/azure/active-directory/devices/concept-azure-ad-register) only (workplace joined) aren't supported with Windows Update for Business reports.
- The Log Analytics workspace must be in a [supported region](#log-analytics-regions) - The Log Analytics workspace must be in a [supported region](#log-analytics-regions).
- Data in the **Driver update** tab of the [workbook](wufb-reports-workbook.md) is only available for devices that receive driver and firmware updates from the [Windows Update for Business deployment service](deployment-service-overview.md) - Data in the **Driver update** tab of the [workbook](wufb-reports-workbook.md) is only available for devices that receive driver and firmware updates from the [Windows Update for Business deployment service](deployment-service-overview.md).
## Permissions ## Permissions
@ -38,7 +38,7 @@ Before you begin the process of adding Windows Update for Business reports to yo
- Windows 11 Professional, Education, Enterprise, and [Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq) editions - Windows 11 Professional, Education, Enterprise, and [Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq) editions
- Windows 10 Professional, Education, Enterprise, and [Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq) editions - Windows 10 Professional, Education, Enterprise, and [Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq) editions
Windows Update for Business reports only provides data for the standard Desktop Windows client version and isn't currently compatible with Windows Server, Surface Hub, IoT, or other versions. Windows Update for Business reports only provides data for the standard desktop Windows client version and isn't currently compatible with Windows Server, Surface Hub, IoT, or other versions.
## Windows client servicing channels ## Windows client servicing channels
@ -49,27 +49,25 @@ Windows Update for Business reports supports Windows client devices on the follo
### Windows operating system updates ### Windows operating system updates
- For [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data), installing the January 2023 release preview cumulative update, or a later equivalent update, is recommended For [changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data), installing the January 2023 release preview cumulative update, or a later equivalent update, is recommended.
## Diagnostic data requirements ## Diagnostic data requirements
At minimum, Windows Update for Business reports requires devices to send diagnostic data at the *Required* level (previously *Basic*). For more information about what's included in different diagnostic levels, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization). At minimum, Windows Update for Business reports requires devices to send diagnostic data at the *Required* level (previously *Basic*). For more information about what data each diagnostic level includes, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
The following levels are recommended, but not required: The following levels are recommended, but not required:
- The *Enhanced* level for Windows 10 devices
- The *Optional* level for Windows 11 devices (previously *Full*) <!--8027083-->
Device names don't appear in Windows Update for Business reports unless you individually opt-in devices by using a policy. The configuration script does this for you, but when using other client configuration methods, set one of the following to display device names: - The *Enhanced* level for Windows 10 devices.
- The *Optional* level for Windows 11 devices (previously *Full*). <!--8027083-->
Device names don't appear in Windows Update for Business reports unless you individually opt in devices by using a policy. The configuration script does this action for you, but when using other client configuration methods, set one of the following policies to display device names:
- CSP: System/[AllowDeviceNameInDiagnosticData](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata)
- Group Policy: **Allow device name to be sent in Windows diagnostic data** under **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds**
- CSP: System/[AllowDeviceNameInDiagnosticData](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata)
- Group Policy: **Allow device name to be sent in Windows diagnostic data** under **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds**
> [!TIP] > [!TIP]
> Windows Update for Business reports uses [services configuration](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-svccfg), also called OneSettings. Disabling the services configuration can cause some of the client data to be incorrect or missing in reports. For more information, see the [DisableOneSettingsDownloads](/windows/client-management/mdm/policy-csp-system#disableonesettingsdownloads) policy settings. > Windows Update for Business reports uses [services configuration](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-svccfg), also called OneSettings. Disabling the services configuration can cause some of the client data to be incorrect or missing in reports. For more information, see the [DisableOneSettingsDownloads](/windows/client-management/mdm/policy-csp-system#disableonesettingsdownloads) policy settings.
Microsoft is committed to providing you with effective controls over your data and ongoing transparency into our data handling practices. For more information about data handling and privacy for Windows diagnostic data, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization) and [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data). Microsoft is committed to providing you with effective controls over your data and ongoing transparency into our data handling practices. For more information about data handling and privacy for Windows diagnostic data, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization) and [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data).
## Endpoints ## Endpoints