Windows Update Compliance Workbook Community Edition

If you are looking for a dashboard that will show a full breakdown of Windows patching across your estate, including errors, safehold issues, delivery optimization figures, and Windows 11 readiness, then look no further. Our Windows Update Compliance (Community Edition) workbook does just this, and it is now available on our GitHub repo!

Log Analytics Reporting Solution

Today log analytics is starting to be the go to solution for reporting, and there are many reasons for that, including ease of log ingestion, simply query code, and availability to the the workbook from virtually anywhere. With Update Compliance we also have the ability to have a source of all things “Windows Update” in terms of logging, and this is how we have constructed a workbook that provides the following reports;

• Update Summary
  • Patching Trendline (Previous 30 days)
  • Missing Security Patches (Previous 30 days)
  • Devices – Multiple Missing Patches (Previous 30 days)
  • Update Alerts (Previous 30 days)
  • Updates Over Time – 0-30, 31-60,61-90,91-120,120+
• Details by Device
  • Quality Updates by Device
• Details by Update
  • Trendline – Update Status
  • Detailed Status by Update
• Update Issues
  • Quality Update Issues
  • Safeguard Hold Events
• Delivery Optimization
  • Graphs: Content Types, DO Mode, Content Distribution
  • Bandwidth Savings
• Feature Updates
  • Windows Supported Build State
  • Windows Build Versions
  • Windows Build – By Manufacturer
  • Feature Update Trendline
• Patching Alerts
  • PrintNightmare
• Windows 11 Readiness

Dashboard Sample Screenshots

Below are some screenshots showing samples of the data that is displayed within the workbook;

Update Summary

Feature Updates

Delivery Optmization

Feature Updates

Windows 11 Readiness

Pre-Requisites

In order to obtain data from both Update Compliance and from Intune, you must have the following configured;

Azure Components

• Log Analytics Workspace – (More info here – Create a Log Analytics workspace in the Azure portal – Azure Monitor | Microsoft Docs)
• Update Compliance (More info here – Get started with Update Compliance – Windows Deployment | Microsoft Docs)
• Intune Diagnostic Logs

Client Configuration

• Telemetry Configuration (Including Commercial ID)
  
  Recommendation: Create a settings catalog policy containing the following;
  

• Internet access (firewall exclusions as per Microsoft Endpoint IP’s and URLs and Windows Update URLs)

Workbook Source Code

The code for the workbook is available free to the community on our GitHub repo – Reporting/UpdateComplianceCommunityEdition.json at main · MSEndpointMgr/Reporting (github.com)

Simply copy the code and follow the below to create the workbook in your environment;

Azure Portal Option

• Log into the Azure Portal – https://portal.azure.com
• Select the Resource Group where your Logs are being sent through to
• Click on Workbooks, then click on the “+ New” button

Endpoint Manager Admin Center Option

• Log into the Endpoint Manager Admin Center – https://endpoint.microsoft.com
• Click on Reports – Workbooks
• Click on Workbooks, then click on the “+ New” button

• Click on the code button “</>”

• Paste in the JSON code obtained from our repo and click “Apply”

• Click on the “Save” icon and give your workbook a name;

Community Effort

We would love to hear your feedback on this workbook, and we will be continuing to add features to it over time, so please keep an eye on the GitHub repo.