Windows Update for Business reports prerequisites
(Applies to: Windows 11 & Windows 10)
Before you begin the process of adding Windows Update for Business reports to your Azure subscription, ensure you meet the prerequisites.
Azure and Azure Active Directory
- An Azure subscription with Azure Active Directory
- Devices must be Azure Active Directory-joined and meet the below OS, diagnostic, and endpoint access requirements.
- Devices can be Azure AD joined or hybrid Azure AD joined.
- Devices that are Azure AD registered only (Workplace joined) aren't supported with Windows Update for Business reports.
- The Log Analytics workspace must be in a supported region
Permissions
To enroll into Windows Update for Business reports, edit configuration settings, display and edit the workbook, and view the Windows tab in the Software Updates page from the Microsoft 365 admin center use one of the following roles:
- Global Administrator role
- Intune Administrator
- Windows Update deployment administrator
- This role allows enrollment through the workbook but not the Microsoft 365 admin center
To display the workbook and view the Windows tab in the Software Updates page Microsoft 365 admin center use the following role:
Log Analytics permissions:
- Log Analytics Contributor role can be used to edit and write queries
- Log Analytics Reader role can be used to read data
Operating systems and editions
- Windows 11 Professional, Education, Enterprise, and Enterprise multi-session editions
- Windows 10 Professional, Education, Enterprise, and Enterprise multi-session editions
Windows Update for Business reports only provides data for the standard Desktop Windows client version and isn't currently compatible with Windows Server, Surface Hub, IoT, or other versions.
Windows client servicing channels
Windows Update for Business reports supports Windows client devices on the following channels:
- General Availability Channel
- Windows Update for Business reports counts Windows Insider Preview devices, but doesn't currently provide detailed deployment insights for them.
Diagnostic data requirements
At minimum, Windows Update for Business reports requires devices to send diagnostic data at the Required level (previously Basic). Some queries in Windows Update for Business reports require devices to send diagnostic data at the following levels:
Optional level (previously Full) for Windows 11 devices
Enhanced level for Windows 10 devices
Note
Device names don't appear in Windows Update for Business reports unless you individually opt-in devices by using policy. The configuration script does this for you, but when using other client configuration methods, set one of the following to display device names:
- CSP: System/AllowDeviceNameInDiagnosticData
- Group Policy: Allow device name to be sent in Windows diagnostic data under Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds
For more information about what's included in different diagnostic levels, see Diagnostics, feedback, and privacy in Windows.
Data transmission requirements
Devices must be able to contact the following endpoints in order to authenticate and send diagnostic data:
| Endpoint | Function |
|---|---|
https://v10c.events.data.microsoft.com |
Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. DeviceCensus.exe must run on a regular cadence and contact this endpoint in order to receive most information for Windows Update for Business reports. |
https://v10.vortex-win.data.microsoft.com |
Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier. |
https://settings-win.data.microsoft.com |
Required for Windows Update functionality. |
https://adl.windows.com |
Required for Windows Update functionality. |
https://watson.telemetry.microsoft.com |
Windows Error Reporting (WER), used to provide more advanced error reporting if certain Feature Update deployment failures occur. |
https://oca.telemetry.microsoft.com |
Online Crash Analysis, used to provide device-specific recommendations and detailed errors if there are certain crashes. |
https://login.live.com |
This endpoint facilitates your Microsoft account access and is required to create the primary identifier we use for devices. Without this service, devices won't be visible in the solution. The Microsoft Account Sign-in Assistant service must also be running (wlidsvc). |
Note
Enrolling into Windows Update for Business reports from the Azure CLI or enrolling programmatically another way currently isn't supported. You must manually add Windows Update for Business reports to your Azure subscription.
Log Analytics regions
Windows Update for Business reports can use a Log Analytics workspace in the following regions:
| Compatible Log Analytics regions |
|---|
| Australia Central |
| Australia East |
| Australia Southeast |
| Brazil South |
| Canada Central |
| Central India |
| Central US |
| East Asia |
| East US |
| East US 2 |
| Eastus2euap(canary) |
| France Central |
| Japan East |
| Korea Central |
| North Central US |
| North Europe |
| South Africa North |
| South Central US |
| Southeast Asia |
| Switzerland North |
| Switzerland West |
| UK West |
| UK south |
| West Central US |
| West Europe |
| West US |
| West US 2 |
Next steps
- Enable the Windows Update for Business reports solution in the Azure portal
Feedback
Submit and view feedback for