Microsoft Previews Azure Workbooks for Update Compliance of Windows Devices -- Redmondmag.com

Microsoft Previews Azure Workbooks for Update Compliance of Windows Devices

By Kurt Mackie
08/19/2022

Microsoft this week announced a public preview of Azure Workbooks for Update Compliance, which gives organizations a dashboard view on the status of Windows updates and drivers in client devices.

Update Compliance is a service that shows Windows client status information, such as the number of devices needing attention. It displays the status of security and feature updates. Bandwidth savings from Microsoft's Delivery Optimization feature also gets shown.

The Azure Workbooks for Update Compliance preview gives "a visual representation of your compliance data," per this "Update Compliance (Preview) Workbook" document.

Microsoft designed the preview of the Azure Workbooks for Update Compliance to support generalists (people needing high-level views on Windows updates) and IT specialists (people needing details to take actions). It's also planning to add support in Azure Workbook for Update Compliance to support the needs of software developers and solution providers, the announcement explained.

Free To Use
Microsoft deems the Update Compliance service to be an application that's obtained from the Azure Marketplace, in this "Get Started" document. It's linked to an "Azure Log Analytics workspace within your Azure subscription."

The connection with the Azure Log Analytics service seems to suggest that there may be costs associated with using Azure Workbooks for Update Compliance feature. However, that notion was downplayed by David Mebane of the Microsoft Tech Community, in the comments section of Microsoft's announcement.

"Update Compliance is a free solution that will not incur additional Azure charges," Mebane said in response to a question about possible incremental costs. "Extending your data retention period beyond the default window can result in charges, however."

Mebane didn't specify the default Log Analytics data retention time period, but it appears to be 90 days, which is free, per this document.

Requirements
Update Compliance is a service that's available to organizations with an Azure subscription, although it gets set up initially using the Microsoft 365 Admin Center portal.

Azure Active Directory use is becoming a requirement to use Update Compliance. For instance, Microsoft previously noted that Update Compliance use will be based on also using the Azure Active service with client devices, either directly or via a "hybrid" approach, which will be in effect on Oct. 15, 2022.

The Update Compliance requirement to use Azure AD with devices will bring some benefits, according to Microsoft's announcement:

All these experiences are integrated with Azure AD, which forms the foundation of Update Compliance moving forward. Soon you'll no longer need to explicitly configure every device within your estate to be included in reports. Moving forward, you can simply enroll your organization in Update Compliance, and all Azure AD domain-joined devices (including hybrid Azure AD joined) will automatically send telemetry. This will allow Update Compliance to continue to integrate more seamlessly across the Microsoft 365 ecosystems and simplify workflows across Windows Update for Business, Microsoft Endpoint Manager, and more.

Organizations must share diagnostic information with Microsoft to use Update Compliance. The level of sharing depends on the query types that are used. Here's how Microsoft characterized that aspect in the "Get Started" document:

Update Compliance requires devices to send diagnostic data at Required level (previously Basic). Some queries in Update Compliance require devices to send diagnostic data at Optional level (previously Full) for Windows 11 devices or Enhanced level for Windows 10 devices. To learn more about what's included in different diagnostic levels, see Diagnostics, feedback, and privacy in Windows.

The complexities of sharing diagnostic data with Microsoft are further explained in this "Configure Windows Diagnostic Data" article.

Update Compliance just works with "Windows 10 or Windows 11 Professional, Education, and Enterprise editions," plus Windows 10 Enterprise Multisession (one of Microsoft's desktop-as-a-service offerings). It'll count devices using the Windows Insider preview releases, but it "does not currently provide detailed deployment insights for them."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.