Manually configure devices for Windows Update for Business reports
There are many requirements to consider when manually configuring devices for Windows Update for Business reports. These requirements can potentially change with later versions of Windows client. When any configuration requirements change, we'll update the Windows Update for Business reports configuration script. If that happens, you only need to redeploy the script.
The requirements are separated into different categories:
- Ensuring the required policies for Windows Update for Business reports are correctly configured.
- Devices in every network topography must send data to the required endpoints for Windows Update for Business reports. For example, devices in both main and satellite offices, which might have different network configurations, must be able to reach the endpoints.
- Ensure Required Windows services are running or are scheduled to run. For proper functionality, leave Windows services set to their out-of-box default configurations.
Required policies
The Windows Update for Business reports service has several policies that you need to configure appropriately. These policies allow Microsoft to process your devices and show them in Windows Update for Business reports. The policies are listed in the following subsections, separated by mobile device management (MDM) or group policy.
The following definitions apply for both tables:
- Policy: The location and name of the policy.
- Value: Set the policy to this value. Windows Update for Business reports requires at least Required (previously Basic) diagnostic data, but can function with Enhanced or Optional (previously Full).
- Function: Details for why the policy is required and what function it serves for Windows Update for Business reports. It also details a minimum version the policy requires, if any.
MDM policies
Each MDM policy links to more detailed documentation in the configuration service provider (CSP) hierarchy.
| Policy | Data type | Value | Function | Required or recommended |
|---|---|---|---|---|
| System/AllowTelemetry | Integer | 1: Basic (Required) |
Configures the device to send the minimum required diagnostic data. | Required |
| System/ConfigureTelemetryOptInSettingsUx | Integer | 1: Disable diagnostic data opt-in settings |
Determines whether users of the device can adjust diagnostic data to levels lower than you define by the AllowTelemetry policy. Set the recommended value to disable opt-in settings, or users can change the effective diagnostic data level that might not be sufficient. | Recommended |
| System/AllowDeviceNameInDiagnosticData | Integer | 1: Allowed |
Allows the device to send its name with Windows diagnostic data. If you don't configure this policy or set it to 0: Disabled, then the data doesn't include the device name. If the data doesn't include the device name, you can't see the device in Windows Update for Business reports. In this instance, the reports show # instead. |
Recommended |
| System/ConfigureTelemetryOptInChangeNotification | Integer | 1: Disabled |
Disables user notifications that appear for changes to the diagnostic data level. | Recommended |
Group policies
All group policies that you need to configure for Windows Update for Business reports are under the following path: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds. All of these policies must be in the Enabled state and set to the defined Value.
| Policy | Value | Function | Required or recommended |
|---|---|---|---|
| Allow Diagnostic Data | Send required diagnostic data | Configures the device to send the minimum required diagnostic data. | Required |
| Configure diagnostic data opt-in setting user interface | Disable diagnostic data opt-in settings | Determines whether users of the device can adjust diagnostic data to levels lower than you define by the Allow Diagnostic Data policy. Set the recommended value to disable opt-in settings, or users can change the effective diagnostic data level that might not be sufficient. | Recommended |
| Allow device name to be sent in Windows diagnostic data | Enabled | Allows the device to send its name with Windows diagnostic data. If you don't configure this policy or set it to Disabled, then the data doesn't include the device name. If the data doesn't include the device name, you can't see the device in Windows Update for Business reports. In this instance, the reports show # instead. |
Recommended |
| Configure diagnostic data opt-in change notifications | Disable diagnostic data change notifications | Disables user notifications that appear for changes to the diagnostic data level. | Recommended |
Required endpoints
Devices must be able to contact the following endpoints in order to authenticate and send diagnostic data:
| Endpoint | Function |
|---|---|
*v10c.events.data.microsoft.com eu-v10c.events.data.microsoft.com for tenants with billing address in the EU Data Boundary |
Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. DeviceCensus.exe must run on a regular cadence and contact this endpoint in order to receive most information for Windows Update for Business reports. |
umwatsonc.events.data.microsoft.com eu-watsonc.events.data.microsoft.com for tenants with billing address in the EU Data Boundary |
Windows Error Reporting (WER), used to provide more advanced error reporting if certain Feature Update deployment failures occur. |
v10.vortex-win.data.microsoft.com |
Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier. |
settings-win.data.microsoft.com |
Used by Windows components and applications to dynamically update their configuration. Required for Windows Update functionality. |
adl.windows.com |
Required for Windows Update functionality. |
oca.telemetry.microsoft.com |
Online Crash Analysis, used to provide device-specific recommendations and detailed errors if there are certain crashes. |
login.live.com |
This endpoint facilitates your Microsoft account access and is required to create the primary identifier we use for devices. Without this service, devices aren't visible in the solution. The Microsoft Account Sign-in Assistant service must also be running (wlidsvc). |
ceuswatcab01.blob.core.windows.net ceuswatcab02.blob.core.windows.net eaus2watcab01.blob.core.windows.net eaus2watcab02.blob.core.windows.net weus2watcab01.blob.core.windows.net weus2watcab02.blob.core.windows.net |
Azure blob data storage. |
Required services
Many Windows services are required for Windows Update for Business reports to see device data. Allow all default services from the out-of-box experience to remain running. Use the Windows Update for Business reports configuration script to check whether required services are running or are allowed to run automatically.