Merged PR 11928: Many updates for Update Compliance

Fresh screenshots, incorp of Azure portal steps. Material is from Charles Inglis.

windows/deployment/update/update-compliance-delivery-optimization.md

@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: jaimeo
 ms.author: jaimeo
-ms.date: 03/27/2018
+ms.date: 10/04/2018
 keywords: oms, operations management suite, optimization, downloads, updates, log analytics
 ms.localizationpriority: medium
 ---
@@ -15,9 +15,7 @@ ms.localizationpriority: medium
 # Delivery Optimization in Update Compliance
 The Update Compliance solution of Windows Analytics provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer distribution over the past 28 days.
 
->[!Note]
+![DO status](images/UC_workspace_DO_status.png)
->Delivery Optimization Status is currently in development. See the [Known Issues](#known-issues) section for issues we are aware of and potential workarounds. 
-
 
 ## Delivery Optimization Status
  
@@ -27,7 +25,7 @@ The Delivery Optimization Status section includes three blades:
 - The **Content Distribution (%)** blade shows the percentage of bandwidth savings for each category
 - The **Content Distribution (GB)** blade shows the total amount of data seen from each content type broken down by the download source (peers vs non-peers).
 
-![DO status](images/uc-DO-status.png)
+
 
  
 ## Device Configuration blade
@@ -46,8 +44,3 @@ The download sources that could be included are:
 - Group Bytes: Bytes downloaded from Group Peers which are other devices that belong to the same Group (available when the “Group” download mode is used)
 - HTTP Bytes: Non-peer bytes. The HTTP download source can be Microsoft Servers, Windows Update Servers, a WSUS server or an SCCM Distribution Point for Express Updates. 
 
-## Known Issues
-Delivery Optimization is currently in development. The following issues are known:
-
-- DO Download Mode is not accurately portrayed in the Device Configuration blade. There is no workaround at this time. 
-

windows/deployment/update/update-compliance-feature-update-status.md

@@ -5,20 +5,20 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
-author: DaniHalfin
+author: Jaimeo
-ms.author: daniha
+ms.author: jaimeo
-ms.date: 10/18/2017
+ms.date: 10/04/2018
 ---
 
 # Feature Update Status
 
-![The Feature Update Status report](images/uc-featureupdatestatus.png)
+![The Feature Update Status report](images/UC_workspace_FU_status.png)
 
-The Feature Update Status section provides information about the status of [feature updates](waas-quick-start.md#definitions) across all devices. This section tile in the [Overview Blade](update-compliance-using.md#overview-blade) gives a percentage of devices that are on the latest applicable feature update; [Servicing Channel](waas-overview.md#servicing-channels) is considered in determining applicability. Within this section are two blades; one providing a holistic view of feature updates, the other containing three **Deployment Status** tiles, each charged with tracking the deployment for a different [Servicing Channel](https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview#servicing-channels). 
+The Feature Update Status section provides information about the status of [feature updates](waas-quick-start.md#definitions) across all devices. This section tile in the [Overview Blade](update-compliance-using.md#overview-blade) gives a percentage of devices that are on the latest applicable feature update; [Servicing Channel](waas-overview.md#servicing-channels) is considered in determining applicability. Within this section are two blades; one providing a holistic view of feature updates, the other containing three **Deployment Status** tiles, each charged with tracking the deployment for a different [Servicing Channel](waas-overview.md#servicing-channels). 
 
 ## Overall Feature Update Status
 
-The Overall Feature Update Status blade breaks down how many devices are up-to-date or not, with a special callout for how many devices are running a build that is not supported (for a full list of feature updates, check out the [Windows 10 Release Information](https://technet.microsoft.com/en-us/windows/release-info.aspx) page). The table beneath the visualization breaks devices down by Servicing Channel and OS Version, then defining whether this combination is *up-to-date*, *not up-to-date* or *out of support*. Finally, the table provides a count of devices that fall into this category.  
+The Overall Feature Update Status blade breaks down how many devices are up-to-date or not, with a special callout for how many devices are running a build that is not supported (for a full list of feature updates, check out the [Windows 10 Release Information](https://technet.microsoft.com/en-us/windows/release-info.aspx) page). The table beneath the visualization breaks devices down by Servicing Channel and operating system version, then defining whether this combination is *up-to-date*, *not up-to-date* or *out of support*. Finally, the table provides a count of devices that fall into this category.  
 
 ## Deployment Status by Servicing Channel
 
@@ -31,4 +31,3 @@ Refer to the following list for what each state means:
 * Devices that have failed the given feature update installation are counted as **Update failed**.
 * If a device should be, in some way, progressing toward this security update, but its status cannot be inferred, it will count as **Status Unknown**. Devices not using Windows Update are the most likely devices to fall into this category.
 
-Clicking on any row will navigate to the query relevant to that feature update. These queries are attached to [Perspectives](update-compliance-perspectives.md) that contain detailed deployment data for that update. 

windows/deployment/update/update-compliance-get-started.md

@@ -8,76 +8,65 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: Jaimeo
 ms.author: jaimeo
-ms.date: 08/21/2018
+ms.date: 10/04/2018
 ms.localizationpriority: medium
 ---
 
 # Get started with Update Compliance
-
+This topic explains the steps necessary to configure your environment for Windows Analytics: Update Compliance.
->[!IMPORTANT]
->**The OMS portal has been deprecated; you should start using the [Azure portal](https://portal.azure.com) instead as soon as possible.** Many experiences are the same in the two portals, but there are some key differences. See [Windows Analytics in the Azure Portal](windows-analytics-azure-portal.md) for steps to use Windows Analytics in the Azure portal. For much more information about the transition from OMS to Azure, see [OMS portal moving to Azure](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-portal-transition).
-
-This topic explains the steps necessary to configure your environment for Windows Analytics: Update Compliance. 
 
 Steps are provided in sections that follow the recommended setup process:
-1. [Add Update Compliance](#add-update-compliance-to-microsoft-operations-management-suite) to Microsoft Operations Management Suite.
-2. [Enroll devices in Windows Analytics](#enroll-devices-in-windows-analytics) to your organization’s devices.
-3. [Use Update Compliance to monitor Windows Updates](#use-update-compliance-to-monitor-windows-updates) once your devices are enrolled.
 
+1. Ensure you meet the [Update Compliance prerequisites](#update-compliance-prerequisites).
+2. [Add Update Compliance to your Azure subscription](#add-update-compliance-to-your-azure-subscription).
+3. [Enroll devices in Windows Analytics](#enroll-devices-in-windows-analytics).
+4. [Use Update Compliance](update-compliance-using.md) to monitor Windows Updates, Windows Defender Antivirus status, and Delivery Optimization.
 
+## Update Compliance prerequisites
+Before you begin the process to add Update Compliance to your Azure subscription, first ensure you can meet the prerequisites:
+1.	Update Compliance works only with Windows 10 Professional, Education, and Enterprise editions. Update Compliance only provides data for the standard Desktop Windows 10 version and is not currently compatible with Windows Server, Surface Hub, IoT, etc. 
+2.	Update Compliance provides detailed deployment data for devices on the Semi-Annual Channel and the Long-term Servicing Channel. Update Compliance will show Windows Insider Preview devices, but currently will not provide detailed deployment information for them.
+3.	Update Compliance requires at least the Basic level of diagnostic data and a Commercial ID to be enabled on the device. 
+4.	To show device names for versions of Windows 10 starting with 1803 in Windows Analytics you must opt in. For details about this, see the "AllowDeviceNameinTelemetry (in Windows 10)" entry in the table in the [Distributing policies at scale](windows-analytics-get-started.md#deploying-windows-analytics-at-scale) section of [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
+5.	To use the Windows Defender Status, devices must be E3-licensed and have Cloud Protection enabled. E5-licensed devices will not appear here. For E5 devices, you should use [Windows Defender ATP](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/windows-defender-advanced-threat-protection) instead. For more information on Windows 10 Enterprise licensing, see [Windows 10 Enterprise: FAQ for IT Professionals](https://docs.microsoft.com/en-us/windows/deployment/planning/windows-10-enterprise-faq-itpro).
 
-## Add Update Compliance to Microsoft Operations Management Suite or Azure Log Analytics
+## Add Update Compliance to your Azure subscription
+Update Compliance is offered as a solution which is linked to a new or existing [Azure Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. To configure this, follow these steps:
 
-Update Compliance is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud-based servicing for monitoring and automating your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/) or the Azure [Log Analytics overview](https://azure.microsoft.com/services/log-analytics/).
+1.	Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal.
 
->[!IMPORTANT]
+> [!NOTE]
->Update Compliance is a free solution for Azure subscribers.
+> Update Compliance is included at no additional cost with Windows 10 Professional, Education, and Enterprise editions. An Azure subscription is required for managing and using Update Compliance, but no Azure charges are expected to accrue to the subscription as a result of using Update Compliance. 
 
-If you are already using OMS, skip to step **6** to add Update Compliance to your workspace.
+2.	In the Azure portal select **+ Create a resource**, and search for “Update Compliance". You should see it in the results below. 
 
->[!NOTE]
+![Update Compliance marketplace search results](images/UC_00_marketplace_search.png)
->If you are already using OMS, you can also follow [this link](https://portal.mms.microsoft.com/#Workspace/ipgallery/details/details/index?IPId=WaaSUpdateInsights) to go directly to the Update Compliance solution and add it to your workspace.
 
+3.	Select **Update Compliance** and a blade will appear summarizing the solution’s offerings. At the bottom, select **Create** to begin adding the solution to Azure.
 
-If you are not yet using OMS, use the following steps to subscribe to OMS Update Compliance:
+![Update Compliance solution creation](images/UC_01_marketplace_create.png)
 
-1.	Go to [Operations Management Suite](https://www.microsoft.com/en-us/cloud-platform/operations-management-suite) on Microsoft.com and click **Sign in**.   
+4.	Choose an existing workspace or create a new workspace that will be assigned to the Update Compliance solution. 
-  ![Operations Management Suite bar with sign-in button](images/uc-02a.png)  
+    - If you already have another Windows Analytics solution, you should use the same workspace. 
-  
+    - If you are creating a new workspace, and your organization does not have policies governing naming conventions and structure, consider the following workspace settings to get started:
-2.	Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.   
+        - Choose a workspace name which reflects the scope of planned usage in your organization, for example *PC-Analytics*.
-  ![OMS Sign-in dialog box for account name and password](images/uc-03a.png)  
+        - For the resource group setting select **Create new** and use the same name you chose for your new workspace.
-  
+        - For the location setting, choose the Azure region where you would prefer the data to be stored.
-3.	Create a new OMS workspace.   
+        - For the pricing tier select **Free**.
-  ![OMS dialog with buttons to create a new OMS workspace or cancel](images/uc-04a.png)  
-   
-4.	Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Click **Create**.   
-  ![OMS Create New Workspace dialog](images/uc-05a.png)](images/uc-05.png)
-  
-5.	If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator. If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. If you do not yet have an Azure subscription, follow [this guide](https://blogs.technet.microsoft.com/upgradeanalytics/2016/11/08/linking-operations-management-suite-workspaces-to-microsoft-azure/) to create and link an Azure subscription to an OMS workspace.  
-  ![OMS dialog to link existing Azure subscription or create a new one](images/uc-06a.png)  
-  
-6.	To add the Update Compliance solution to your workspace, go to the Solutions Gallery.  While you have this dialog open, you should also consider adding the [Upgrade Readiness](../upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md) and [Device Health](device-health-monitor.md) solutions as well, if you haven't already. To do so, just select the check boxes for those solutions.   
-  ![OMS workspace with Solutions Gallery tile highlighted](images/uc-07a.png)   
-  
-7.	Select the **Update Compliance** tile in the gallery and then select **Add** on the solution’s details page. You might need to scroll to find **Update Compliance**. The solution is now visible in your workspace.   
-  ![Workspace showing Solutions Gallery](images/uc-08a.png)  
-  
-8.	Click the **Update Compliance** tile to configure the solution. The **Settings Dashboard** opens.   
-  ![OMS workspace with new Update Compliance tile on the right side highlighted](images/uc-09a.png)  
-  
-9.	Click **Subscribe** to subscribe to OMS Update Compliance. You will then need to distribute your Commercial ID across all your organization’s devices. More information on the Commercial ID is provided below.   
-  ![Series of blades showing Connected Sources, Windows Diagnostic Data, and Upgrade Analytics solution with Subscribe button](images/uc-10a.png)  
-  
-After you are subscribed to OMS Update Compliance and your devices have a Commercial ID, you will begin receiving data. It will typically take 24 hours for the first data to begin appearing. The following section explains how to deploy your Commercial ID to your Windows 10 devices.
 
->[!NOTE]
+![Update Compliance workspace creation](images/UC_02_workspace_create.png)
->You can unsubscribe from the Update Compliance solution if you no longer want to monitor your organization’s devices. User device data will continue to be shared with Microsoft while the opt-in keys are set on user devices and the proxy allows traffic.
+
+5.	The resource group and workspace creation process could take a few minutes. After this, you are able to use that workspace for Update Compliance. Select **Create**.
+
+![Update Compliance workspace selection](images/UC_03_workspace_select.png)
+
+6.	Watch for a notification in the Azure portal that your deployment has been successful. This might take a few minutes. Then, select **Go to resource**. 
+
+![Update Compliance deployment successful](images/UC_04_resourcegrp_deployment_successful.png)
 
 ## Enroll devices in Windows Analytics
+Once you've added Update Compliance to a workspace in your Azure subscription, you can start enrolling the devices in your organization. For Update Compliance there are two key steps for enrollment:
+1.	Deploy your Commercial ID (from the Update Compliance Settings page) to your Windows 10 devices (typically by using Group Policy, [Mobile Device Management](https://docs.microsoft.com/en-us/windows/client-management/windows-10-mobile-and-mdm), [System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/core/understand/introduction) or similar).
+2.	Ensure the Windows Diagnostic Data setting on devices is set to at least Basic (typically using Group Policy or similar). For full enrollment instructions and troubleshooting, see [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
 
-Once you've added Update Compliance to Microsoft Operations Management Suite, you can now start enrolling the devices in your organization. For full instructions, see [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
+After enrolling your devices (by deploying your CommercialID and Windows Diagnostic Data settings), it might take 48-72 hours for the first data to appear in the solution. Until then, Update Compliance will indicate it is still assessing devices. 
-
-
-## Use Update Compliance to monitor Windows Updates
-
-Once your devices are enrolled, you can start to [Use Update Compliance to monitor Windows Updates](update-compliance-using.md).

windows/deployment/update/update-compliance-monitor.md

@@ -8,51 +8,39 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: Jaimeo
 ms.author: jaimeo
-ms.date: 02/09/2018
+ms.date: 10/04/2018
 ms.localizationpriority: medium
 ---
 
-# Monitor Windows Updates and Windows Defender Antivirus with Update Compliance
+# Monitor Windows Updates with Update Compliance
 
 ## Introduction
 
-With Windows 10, organizations need to change the way they approach monitoring and deploying updates. Update Compliance is a powerful set of tools that enable organizations to monitor and track all important aspects of the new servicing strategy from Microsoft: [Windows as a Service](waas-overview.md).
+Update Compliance is a [Windows Analytics solution](windows-analytics-overview.md) that enables organizations to:
 
-Update Compliance is a solution built within Operations Management Suite (OMS), a cloud-based monitoring and automation service which has a flexible servicing subscription based off data usage/retention. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/documentation/articles/operations-management-suite-overview/).
+* Monitor Windows 10 Professional, Education, and Enterprise security, quality, and feature updates.
+* View a report of device and update issues related to compliance that need attention.
+* See the status of Windows Defender Antivirus signatures and threats.
+* Check bandwidth savings incurred across multiple content types by using [Delivery Optimization](waas-delivery-optimization.md).
 
-Update Compliance uses the Windows diagnostic data that is part of all Windows 10 devices. It collects system data including update installation progress, Windows Update for Business (WUfB) configuration data, Windows Defender Antivirus data, and other update-specific information, and then sends this data privately to a secure cloud to be stored for analysis and usage within the solution.
+Update Compliance is offered through the Azure portal, and is available free for devices that meet the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites).
 
-Update Compliance provides the following:
+Update Compliance uses Windows 10 and Windows Defender Antivirus diagnostic data for all of its reporting. It collects system data including update deployment progress, [Windows Update for Business](waas-manage-updates-wufb.md) configuration data, Windows Defender Antivirus data, and Delivery Optimization usage data, and then sends this data to a secure cloud to be stored for analysis and usage in [Azure Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/query-language/get-started-analytics-portal).
-
-- Dedicated drill-downs for devices that might need attention
-- An inventory of devices, including the version of Windows they are running and their update status
-- The ability to track protection and threat status for Windows Defender Antivirus-enabled devices
-- An overview of WUfB deferral configurations (Windows 10 Anniversary Update [1607] and later)
-- Powerful built-in [log analytics](https://www.microsoft.com/en-us/cloud-platform/insight-and-analytics?WT.srch=1&WT.mc_id=AID529558_SEM_%5B_uniqid%5D&utm_source=Bing&utm_medium=CPC&utm_term=log%20analytics&utm_campaign=Hybrid_Cloud_Management) to create useful custom queries
-- Cloud-connected access utilizing Windows 10 diagnostic data means no need for new complex, customized infrastructure
 
 See the following topics in this guide for detailed information about configuring and using the Update Compliance solution:
 
 - [Get started with Update Compliance](update-compliance-get-started.md): How to add Update Compliance to your environment.
 - [Using Update Compliance](update-compliance-using.md): How to begin using Update Compliance.
 
-Click the following link to see a video demonstrating Update Compliance features.
-
-[![YouTube video demonstrating Update Compliance](images/UC-vid-crop.jpg)](https://www.youtube-nocookie.com/embed/1cmF5c_R8I4)
-
 ## Update Compliance architecture
 
 The Update Compliance architecture and data flow is summarized by the following five-step process:
 
 **(1)** User computers send diagnostic data to a secure Microsoft data center using the Microsoft Data Management Service.<BR>
 **(2)** Diagnostic data is analyzed by the Update Compliance Data Service.<BR>
-**(3)** Diagnostic data is pushed from the Update Compliance Data Service to your OMS workspace.<BR>
+**(3)** Diagnostic data is pushed from the Update Compliance Data Service to your Azure Log Analytics workspace.<BR>
 **(4)** Diagnostic data is available in the Update Compliance solution.<BR>
-**(5)** You are able to monitor and troubleshoot Windows updates and Windows Defender AV in your environment.<BR>
 
-These steps are illustrated in following diagram:
-
-![Update Compliance architecture](images/uc-01-wdav.png)
 
 >[!NOTE]
 >This process assumes that Windows diagnostic data is enabled and data sharing is enabled as described in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).

windows/deployment/update/update-compliance-need-attention.md

@@ -5,34 +5,39 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
-author: DaniHalfin
+author: Jaimeo
-ms.author: daniha
+ms.author: jaimeo
-ms.date: 10/13/2017
+ms.date: 10/04/2018
 ---
 
-# Need Attention!
+# Needs attention!
+![Needs attention section](images/UC_workspace_needs_attention.png)
 
-![Need Attention! report](images/uc-needattentionoverview.png)
+The **Needs attention!** section provides a breakdown of all Windows 10 device and update issues detected by Update Compliance. The summary tile for this section counts the number of devices that have issues, while the blades within break down the issues encountered. Finally, a [list of queries](#list-of-queries) blade in this section contains queries that provide values but do not fit within any other main section. 
-
-The “Need Attention!” section provides a breakdown of all device issues detected by Update Compliance. The summary tile for this section counts the number of devices that have issues, while the blades within break down the issues encountered. Finally, a [list of queries](#list-of-queries) blade is shown within this section that contains queries that provide values but do not fit within any other main section. 
 
 >[!NOTE]
->The summary tile counts the number of devices that have issues, while the blades within the section break down the issues encountered. A single device can have more than one issue, so these numbers may not add up.
+>The summary tile counts the number of devices that have issues, while the blades within the section break down the issues encountered. A single device can have more than one issue, so these numbers might not add up.
 
-The different issues are broken down by Device Issues and Update Issues, which are iterated below:
+The different issues are broken down by Device Issues and Update Issues:
 
 ## Device Issues
 
-* **Missing multiple security updates:** This issue occurs when a device is behind by two or more security updates. These devices may be more vulnerable and should be investigated and updated.
+* **Missing multiple security updates:** This issue occurs when a device is behind by two or more security updates. These devices might be more vulnerable and should be investigated and updated.
-* **Out of support OS Version:** This issue occurs when a device has fallen out of support due to the version of Windows 10 it is running. When a device has fallen out of support, it will no longer be serviced, and may be vulnerable. These devices should be updated to a supported version of Windows 10.
+* **Out of support OS Version:** This issue occurs when a device has fallen out of support due to the version of Windows 10 it is running. When a device has fallen out of support, it will no longer receive important security updates, and might be vulnerable. These devices should be updated to a supported version of Windows 10.
 
 ## Update Issues
 
-* **Failed:** This issue occurs when an error halts the process of downloading and applying an update on a device. Some of these errors may be transient, but should be investigated further to be sure.
+* **Failed:** This issue occurs when an error halts the process of downloading and applying an update on a device. Some of these errors might be transient, but should be investigated further to be sure.
+* **Cancelled**: This issue occurs when a user cancels the update process.
+* **Rollback**: This issue occurs when a fatal error occurs during a feature update, and the device is rolled back to the previous version.
+* **Uninstalled**: This issue occurs when a feature update is uninstalled from a device by a user or an administrator. Note that this might not be a problem if the uninstallation was intentional, but is highlighted as it might need attention.
 * **Progress stalled:** This issue occurs when an update is in progress, but has not completed over a period of 10 days.
 
-Clicking on any of the issues will navigate you to the Log Search view with all devices that have the given issue.
+Selecting any of the issues will take you to a [Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/query-language/get-started-analytics-portal) view with all devices that have the given issue.
+
+>[!NOTE]
+>This blade also has a link to the [Setup Diagnostic Tool](https://docs.microsoft.com/en-us/windows/deployment/upgrade/setupdiag), a standalone tool you can use to obtain details about why a Windows 10 feature update was unsuccessful. 
 
 ## List of Queries
 
-The List of Queries blade resides within the “Need Attention!” section of Update Compliance. This blade contains a list of queries with a description and a link to the query. These queries contain important meta-information that did not fit within any specific section or were listed to serve as a good starting point for modification into custom queries. 
+The **List of Queries** blade is in the **Needs Attention** section of Update Compliance. This blade contains a list of queries with a description and a link to the query. These queries contain important meta-information that did not fit within any specific section or were listed to serve as a good starting point for modification into custom queries.

windows/deployment/update/update-compliance-security-update-status.md

@@ -5,28 +5,25 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
-author: DaniHalfin
+author: Jaimeo
-ms.author: daniha
+ms.author: jaimeo
-ms.date: 10/13/2017
+ms.date: 10/04/2018
 ---
 
 # Security Update Status
 
-![The Security Update Status report](images/uc-securityupdatestatus.png)
+![The Security Update Status report](images/UC_workspace_SU_status.png)
 
-The Security Update Status section provides information about [quality updates](waas-quick-start.md#definitions) across all devices. The section tile within the O[verview Blade](update-compliance-using.md#overview-blade) lists the percentage of devices on the latest security update to provide the most essential data without needing to navigate into the section. However, within the section the Overall Quality Update Status blade also considers whether devices are up-to-date on non-security updates. 
+The Security Update Status section provides information about [security updates](waas-quick-start.md#definitions) across all devices. The section tile within the [Overview Blade](update-compliance-using.md#overview-blade) lists the percentage of devices on the latest security update available. Meanwhile, the blades within show the percentage of devices on the latest security update for each Windows 10 version and the deployment progress toward the latest two security updates.  
 
->[!NOTE]
+The **Overall Security Update Status** blade provides a visualization of devices that are and do not have the latest security updates. Below the visualization are all devices further broken down by operating system version and a count of devices that are up to date and not up to date. The **Not up to date** column also provides a count of update failures.
->It is possible for the percentage of devices on the latest security update to differ from devices that are up-to-date on all quality updates. This is because some devices may have non-security updates that are applicable to them. 
-
-The **Overall Quality Update Status** blade provides a visualization of devices that are and are not up-to-date on the latest quality updates (not just security updates). Below the visualization are all devices further broken down by OS Version and a count of how many are up-to-date and not up-to-date. Within the “Not up-to-date” column, the count of update failures is also given.
  
 The **Latest Security Update Status** and **Previous Security Update Status** tiles are stacked to form one blade. The **Latest Security Update Status** provides a visualization of the different deployment states devices are in regarding the latest update for each build (or version) of Windows 10, along with the revision of that update. The **Previous Security Update Status** blade provides the same information without the accompanying visualization. 
 
-What follows is a breakdown of the different deployment states reported by devices:
+The various deployment states reported by devices are as follows:
 * **Installed** devices are devices that have completed installation for the given update.
-* When a device is counted as **In Progress or Deferred**, it has either begun the installation process for the given update or has been intentionally deferred or paused using WU for Business Settings.
+* When a device is counted as **In Progress or Deferred**, it has either begun the installation process for the given update or has been intentionally deferred or paused using Windows Update for Business Settings.
-* Devices that have **Update Failed**, failed updating at some point during the installation process of the given security update.
+* Devices that have **Update Issues** have failed to update at some point during the installation process of the given security update or have not seen progress for a period of seven days.
-* If a device should be, in some way, progressing toward this security update, but its status cannot be inferred, it will count as **Status Unknown**. Devices not using Windows Update are the most likely devices to fall into this category.
+* If a device should be, in some way, progressing toward this security update, but its status cannot be inferred, it will count as **Status Unknown**. This is most often devices that have not scanned for an update in some time, or devices not being managed through Windows Update.
 
-The rows of each tile in this section are interactive; clicking on them will navigate you to the query that is representative of that row and section. These queries are also attached to [Perspectives](update-compliance-perspectives.md) with detailed deployment data for that update.
+The rows of each tile in this section are interactive; selecting them will navigate you to the query that is representative of that row and section. 

windows/deployment/update/update-compliance-using.md

@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: jaimeo
 ms.author: jaimeo
-ms.date: 10/13/2017
+ms.date: 10/04/2018
 ms.localizationpriority: medium
 ---
 
@@ -18,64 +18,72 @@ In this section you'll learn how to use Update Compliance to monitor your device
 
 
 Update Compliance: 
-- Uses diagnostic data gathered from user devices to form an all-up view of Windows 10 devices in your organization. 
+- Provides detailed deployment data for Windows 10 security, quality, and feature updates.
-- Enables you to maintain a high-level perspective on the progress and status of updates across all devices.
+- Reports when devices have issues related to updates that need attention.
-- Provides a workflow that can be used to quickly identify which devices require attention. 
+- Shows Windows Defender AV status information for devices that use it and meet the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites).
-- Enables you to track deployment compliance targets for updates.
+- Shows bandwidth usage and savings for devices that are configured to use [Delivery Optimization](waas-delivery-optimization.md).
-- Summarizes Windows Defender Antivirus status for devices that use it.
+- Provides all of the above data in [Log Analytics](#using-log-analytics), which affords additional querying and export capabilities.
 
->[!NOTE]
+## The Update Compliance tile
->Information is refreshed daily so that update progress can be monitored. Changes will be displayed about 24 hours after their occurrence, so you always have a recent snapshot of your devices.
+After Update Compliance has successfully been [added to your Azure subscription](update-compliance-get-started.md#add-update-compliance-to-your-azure-subscription), you’ll see this tile:
 
-In Update Compliance, data is separated into vertically-sliced sections. Each section is referred to as a blade. Within a blade, there may or may not be multiple tiles, which serve to represent the data in different ways. Blades are summarized by their title in the upper-left corner above it. Every number displayed in OMS is the direct result of one or more queries. Clicking on data in blades will often navigate you to the query view, with the query used to produce that data. Some of these queries have perspectives attached to them; when a perspective is present, an additional tab will load in the query view. These additional tabs provide blades containing more information relevant to the results of the query.
+![Update Compliance tile no data](images/UC_tile_assessing.png)
 
-## The Update Compliance Tile
+When the solution is added, data is not immediately available. Data will begin to be collected after data is sent up that belongs to the Commercial ID associated with the device. This process assumes that Windows diagnostic data is enabled and data sharing is enabled as described in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md). After Microsoft has collected and processed any device data associated with your Commercial ID, the tile will be replaced with the following summary:
 
-After Update Compliance has successfully been added from the solution gallery, you’ll see this tile:
+![Update Compliance tile with data](images/UC_tile_filled.png)
-![Empty Update Compliance Tile](images/uc-emptyworkspacetile.png)
 
-When the solution is added, data is not immediately available. Data will begin to be collected after data is sent up that is associated with the Commercial ID associated with the device. This process assumes that Windows diagnostic data is enabled and data sharing is enabled as described in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md). After Microsoft has collected and processed any device data associated with your Commercial ID, the tile will be replaced with the following summary:
+The summary details the total number of devices that Microsoft has received data from with your Commercial ID. It also provides the number of devices that need attention if any. Finally, it details the last point at which your Update Compliance workspace was refreshed.
 
-![Filled Update Compliance Tile](images/uc-filledworkspacetile.png)
+## The Update Compliance workspace
 
-The summary details the total number of devices that Microsoft has received data from with your Commercial ID. It also provides the number of devices that need attention if any. Finally, it details the last point at which your Update Compliance workspace was updated. 
+![Update Compliance workspace view](images/UC_workspace_needs_attention.png)
 
-## The Update Compliance Workspace
+When you select this tile, you will be redirected to the Update Compliance workspace. The workspace is organized with the Overview blade providing a hub from which to navigate to different reports of your devices' data. 
 
-![Update Compliance workspace view](images/uc-filledworkspaceview.png)
+### Overview blade
 
-Upon clicking the tile, you will be redirected to the Update Compliance workspace. The workspace is organized with the Overview Blade providing a hub from which to navigate to different reports of your device’s data. 
+![The Overview blade](images/UC_workspace_overview_blade.png)
 
-### Overview Blade
+Update Compliance’s overview blade summarizes all the data Update Compliance provides. It functions as a hub from which you can navigate to different sections. The total number of devices detected by Update Compliance is reported in the title of this blade. What follows is a distribution for all devices as to whether they are up to date on the following items:
-
+* Security updates: A device is up to date on quality updates whenever it has the latest applicable quality update installed. Quality updates are monthly cumulative updates that are specific to a version of Windows 10.
-![The Overview Blade](images/uc-overviewblade.png)
-
-Update Compliance’s overview blade provides a summarization of all the data Update Compliance focuses on. It functions as a hub from which different sections can be navigated to. The total number of devices detected by Update Compliance are counted within the title of this blade. What follows is a distribution for all devices as to whether they are up to date on:
-* Quality updates: A device is up to date on quality updates whenever it has the latest applicable quality update installed. Quality updates are monthly cumulative updates that are specific to a version of Windows 10.
 * Feature updates: A device is up to date on feature updates whenever it has the latest applicable feature update installed. Update Compliance considers [Servicing Channel](waas-overview.md#servicing-channels) when determining update applicability. 
 * AV Signature: A device is up to date on Antivirus Signature when the latest Windows Defender Signatures have been downloaded. This distribution only considers devices that are running Windows Defender Antivirus. 
 
-The blade also provides the time at which your Update Compliance workspace was refreshed. 
+The blade also provides the time at which your Update Compliance workspace was [refreshed](#data-latency). 
 
-Below the “Last Updated” time, a list of the different sections follows that can be clicked on to view more information, they are:
+The following is a breakdown of the different sections available in Update Compliance:
-* [Need Attention!](update-compliance-need-attention.md) - This section is the default section when arriving to your Update Compliance workspace. It counts the number of devices encountering issues and need attention; clicking into this provides blades that summarize the different issues that devices are encountering, and provides a List of Queries that Microsoft finds useful.
+* [Need Attention!](update-compliance-need-attention.md) - This section is the default section when arriving to your Update Compliance workspace. It provides a summary of the different issues devices are facing relative to Windows 10 updates.
-* [Security Update Status](update-compliance-security-update-status.md) - This section lists the percentage of devices that are on the latest security update released for the version of Windows 10 it is running. Clicking into this section provides blades that summarize the overall status of Quality updates across all devices; including deployment. 
+* [Security Update Status](update-compliance-security-update-status.md) - This section lists the percentage of devices that are on the latest security update released for the version of Windows 10 it is running. Selecting this section provides blades that summarize the overall status of security updates across all devices and a summary of their deployment progress towards the latest two security updates. 
-* [Feature Update Status](update-compliance-feature-update-status.md) - This section lists the percentage of devices that are on the latest feature update that is applicable to a given device. Clicking into this section provides blades that summarize the overall feature update status across all devices, with an emphasis on deployment progress. 
+* [Feature Update Status](update-compliance-feature-update-status.md) - This section lists the percentage of devices that are on the latest feature update that is applicable to a given device. Selecting this section provides blades that summarize the overall feature update status across all devices and a summary of deployment status for different versions of Windows 10 in your environment.
-* [Windows Defender AV Status](update-compliance-wd-av-status.md) - This section lists the percentage of devices running Windows Defender Antivirus that are not sufficiently protected. Clicking into this section provides a summary of signature and threat status across all devices that are running Windows Defender Antivirus. This section is not applicable to devices not running Windows Defender Antivirus.  
+* [Windows Defender AV Status](update-compliance-wd-av-status.md) - This section lists the percentage of devices running Windows Defender Antivirus that are not sufficiently protected. Selecting this section provides a summary of signature and threat status across all devices that are running Windows Defender Antivirus. This section is not applicable to devices not running Windows Defender Antivirus or devices that do not meet the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites) to be assessed. 
+* [Delivery Optimization Status](update-compliance-delivery-optimization.md) - This section summarizes bandwidth savings incurred by utilizing Delivery Optimization in your environment. It provides a breakdown of Delivery Optimization configuration across devices, and summarizes bandwidth savings and utilization across multiple content types.
 
-Use [Perspectives](update-compliance-perspectives.md) for data views that provide deeper insight into your data.
 
-## Utilizing Log Analytics
+## Update Compliance data latency
+Update Compliance uses Windows 10 diagnostic data as its data source. After you add Update Compliance and appropriately configure your devices, it could take 48-72 hours before they first appear. The  process that follows is as follows:
 
-Update Compliance is built upon the Log Analytics platform that is integrated into Operations Management Suite. All data within the workspace is the direct result of a query. Understanding the tools and features at your disposal, all integrated within OMS, can deeply enhance your experience and complement Update Compliance. 
+Update Compliance is refreshed every 12 hours. This means that every 12 hours all data that has been gathered over the last 12-hour interval is pushed to Log Analytics. However, the rate that each data type is sent and how long it takes to be ready for Update Compliance varies, roughly outlined below.
+| Data Type | Refresh Rate | Data Latency |
+|--|--|--|
+|WaaSUpdateStatus | Once per day |4 hours |
+|WaaSInsiderStatus| Once per day |4 hours |
+|WaaSDeploymentStatus|Every update event (Download, install, etc.)|24-36 hours |
+|WDAVStatus|On signature update|24 hours |
+|WDAVThreat|On threat detection|24 hours |
+|WUDOAggregatedStatus|On update event, aggregated over time|24-36 hours |
+|WUDOStatus|Once per day|12 hours |
+
+This means you should generally expect to see new data every 24-36 hours, except for WaaSDeploymentStatus and WUDOAggregatedStatus, which may take 36-48 hours (if it misses the 36th hour refresh, it would be in the 48th, so the data will be present in the 48th hour refresh). 
+
+## Using Log Analytics
+
+Update Compliance is built on the Log Analytics platform that is integrated into Operations Management Suite. All data in the workspace is the direct result of a query. Understanding the tools and features at your disposal, all integrated within OMS, can deeply enhance your experience and complement Update Compliance. 
 
 See below for a few topics related to Log Analytics: 
 * Learn how to effectively execute custom Log Searches by referring to Microsoft Azure’s excellent documentation on [querying data in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-log-searches).
 * To develop your own custom data views in Operations Management Suite or [Power BI](https://powerbi.microsoft.com/); check out documentation on [analyzing data for use in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-dashboards). 
-* [Gain an overview of Log Analytics’ alerts](https://docs.microsoft.com/azure/log-analytics/log-analytics-alerts) and learn how to utilize it to always stay informed about the most critical issues you care about. 
+* [Gain an overview of Log Analytics’ alerts](https://docs.microsoft.com/azure/log-analytics/log-analytics-alerts) and learn how to use it to always stay informed about the most critical issues you care about. 
-
->[!NOTE]
->You can use the Feedback Hub App on Windows 10 devices to [provide feedback about Update Compliance](feedback-hub://?referrer=itProDocs&tabid=2&contextid=797) and other Windows Analytics solutions. 
 
 ## Related topics
 

windows/deployment/update/update-compliance-wd-av-status.md

@@ -7,25 +7,29 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: jaimeo
 ms.author: jaimeo
-ms.date: 05/17/2018
+ms.date: 10/04/2018
 ---
 
 # Windows Defender AV Status
 
-![The Windows Defender AV Status report](images/uc-windowsdefenderavstatus.png)
+![The Windows Defender AV Status report](images/UC_workspace_WDAV_status.png)
 
 The Windows Defender AV Status section deals with data concerning signature and threat status for devices that use Windows Defender Antivirus. The section tile in the [Overview Blade](update-compliance-using.md#overview-blade) provides the percentage of devices with insufficient protection – this percentage only considers devices using Windows Defender Antivirus.
 
 >[!NOTE]
->Customers with E5 licenses can monitor the Windows Defender AV status by using the Windows Defender ATP portal. For more information about monitoring devices with this portal, see [Onboard Windows 10 machines](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection).
+>Update Compliance's Windows Defender Antivirus status is compatible with E3, B, F1, VL Professional and below licenses. Devices with an E5 license are not shown here; devices with an E5 license can be monitored using the [Windows Defender ATP portal](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection). If you'd like to learn more about Windows 10 licensing, see the [Windows 10 product licensing options](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx). 
 
-The **Protection Status** blade gives a count for devices that have either out-of-date signatures or real-time protection turned off. Below, it gives a more detailed breakdown of the two issues. Clicking any of these statuses will navigate you to a Log Search view containing the query. 
+# Windows Defender AV Status sections
+The **Protection Status** blade gives a count for devices that have either out-of-date signatures or real-time protection turned off. Below, it gives a more detailed breakdown of the two issues. Selecting any of these statuses will navigate you to a Log Search view containing the query. 
 
-The **Threat Status** blade provides a visualization of, for devices that have encountered threats, how many were and were not remediated successfully. It also provides a detailed count. Clicking either of these will navigate to the respective query in Log Search for further investigation. 
+The **Threat Status** blade shows, among devices that have encountered threats, how many were and were not remediated successfully. It also provides a detailed count. Selecting either of these will take you to the respective query in Log Search for further investigation. 
 
-Here are some important terms to consider when utilizing the Windows Defender AV Status section of Update Compliance:
+Here are some important terms to consider when using the Windows Defender AV Status section of Update Compliance:
-* **Signature out of date** devices are devices with signature older than 14 days.
+* **Signature out of date** devices are devices with a signature older than 14 days.
-* **No real-time protection** devices are devices who are using Windows Defender AV but have turned off Real-time protection.
+* **No real-time protection** devices are devices that are using Windows Defender AV but have turned off real-time protection.
 * **Recently disappeared** devices are devices that were previously seen by Windows Defender AV and are no longer seen in the past 7 days.
-* **Remediation failed** devices are devices where Windows Defender AV failed to remediate the threat. This can be due to reason like disk full, network error, operation aborted, etc. Manual intervention may be needed from IT team.
+* **Remediation failed** devices are devices where Windows Defender AV failed to remediate the threat. This could be due to a number of reasons, including a full disk, network error, operation aborted, etc. Manual intervention might be needed from IT team.
-* **Not assessed** devices are devices where either a third-party AV solution is used or it has been more than 7 days since the device recently disappeared.
+* **Not assessed** devices are devices where either a non-Microsoft AV solution is used or it has been more than 7 days since the device recently disappeared.
+
+## Windows Defender data latency
+Because of the way Windows Defender is associated with the rest of Windows device data, Defender data for new devices might take much longer to appear than other data types. This process could take up to 28 days.