Hi @Nigel Vella ,
Welcome to Microsoft Q&A! Thanks for posting the question.
I understand that you are trying to view the updated information LogAnalytics after the updates were installed on selected machines. Based on the reported behavior that - the updates are reported fine for continuously running machine AND the fact that for stopped VMs the updates are displayed based on the time when they were started, the following information and reference should help:
1. On a Windows machine, the compliance scan is run every 12 hours by default. For a Linux machine, the compliance scan is performed every hour by default.
2. If the Log Analytics agent is restarted, a compliance scan is started within 15 minutes. (A reboot/start of VM would initiate start of all the services on the VM, therefore you seem to be getting the information from after the start of VM)
refer: About Update Management
Based on this information, I would suggest adding one more logic to the Postscript to restart "Log Analytics Agent" service after the update installation and schedule shutdown after about 15 minutes. That should help get updated data sooner.
Please let me know if you have any questions.
Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.