Hello Landry, Brent,
It is possible to create an Azure Alert based on Windows Update events that are logged via Event Viewer in the log "Microsoft-Windows-WindowsUpdateClient/Operational".
You can create a custom data collection rule to collect events from this log.
To create a custom data collection rule, you need to specify the XPath query for the events you want to collect. You can use the PowerShell cmdlet Get-WinEvent with the -FilterXPath parameter to test the validity of an XPath query.
Here is an example script:
$XPath = '*[System[EventID=1035]]' Get-WinEvent -LogName 'Microsoft-Windows-WindowsUpdateClient/Operational' -FilterXPath $XPath
If events are returned, the query is valid. If you receive the message "No events were found that match the specified selection criteria," the query may be valid, but there are no matching events on the local machine. If you receive the message "The specified query is invalid," the query syntax is invalid.
You can find more information on how to create a custom data collection rule in the Azure Monitor documentation.
Also look at Windows agent-based connections
-----If my response does answer your queries, please accept as the answer as a token of appreciation.----------
@Landry, Brent following up to check if you had a chance to review the answers below. Please let me know if you have any questions.
Please click Accept answer and Yes if the answer helped so that it can help others in the community looking for help on similar topics.