| where Computer = "COMPUTERNAME" and UpdateCategory = "Quality" and DeploymentStatus = "Failed" and TimeGenerated > ago(30d) List Updates in a Specific State – Specific Computer WaaSDeploymentStatus | summarize arg_max(ReleaseName, DeploymentStatus, DetailedStatus, DetailedStatusLevel) by Computer | where UpdateCategory = "Quality" and DeploymentStatus = "Failed" and TimeGenerated > ago(30d) List Updates in a Specific State – All Computers List Feature and Quality Update Status – Specific Computer | summarize arg_max(OSFeatureUpdateStatus, OSQualityUpdateStatus) by Computer List Feature and Quality Update Status – All Computers WaaSUpdateStatus | where Computer = "COMPUTERNAME" and TimeGenerated > ago(30d) List Operating System Information – Specific Computer WaaSUpdateStatus | summarize arg_max(OSVersion, OSArchitecture, OSEdition) by Computer List Operating System Information – All Computers WaaSUpdateStatus Remember that these values are case sensitive. These are the available values for these filters. Some of these example queries contain filters for UpdateCategory and DeploymentStatus.So if a result is not being displayed as expected, check the case. Note that the values in these queries are case sensitive. Some of these examples search for a specific computer name or set values like DeploymentStatus and UpdateCategory.This can be removed and the time range can be set in the GUI, or this value can be modified. In these examples, the time range to search is being set to 30 days in the queries by TimeGenerated > ago(30d).The Policy CSP location for the setting is.Computer Configuration > Policies > Administrative Templates > Windows Components > Data Collection and Preview Builds > Allow device name to be sent in Windows diagnostic data.The group policy location for the setting is.This setting can be configured either through group policy or Policy CSP (Intune). This can be a sign that devices have not been allowed to include their device names as part of the data sent to the log analytics workspace.When the queries are run, no computer names are returned or the computer name is returned as a # sign.In this post I have included examples of many queries I have found to be useful for analyzing Update Compliance data. More information about analyzing log data in Azure can be found Here. This node allows for the creation of custom queries that can surface specific data. The way to dig into this data and get more specific information is to utilize the Logs node of the log analytics workspace. Many of the default views either show too little or too much information. However, I have been getting many questions about how to view more detailed or specific information in Update Compliance. It returns back useful information about the status of updates, delivery optimization, Windows Defender, and more. Update Compliance is pretty good out of the box. For information about configuring Update Compliance see the Microsoft Docs. Once it is configured, computers can be configured to report update compliance information to the solution. Update Compliance is a free solution that can be added to a log analytics workspace. The answer to this is the Update Compliance solution in Azure Log Analytics. The computers are now pointing to the internet for updates, and as a result, no longer report update compliance information to Configuration Manager or WSUS. The one thing I get the most questions about with the move to Windows Update for Business is how to monitor update compliance. Lately I have been helping many people with moving their update workloads from Configuration Manager and WSUS to Windows Update for Business.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |