Configure Windows Update for Business Reports | Intune WUfB Patching Reports

Learn how to set up and configure Windows Update for Business Reports. WUfB (Windows Update for Business) report is the cloud solution that is integrated with WUfB Deployment Service. This service can be accessed via the Azure portal and is included in the prerequisite licenses for Windows devices.

Windows Update for Business reports is a solution that operates on the cloud and offers information on the compliance of your Azure AD joined devices with Windows updates.

With Windows Update for Business reports, you can keep track of the security, quality, feature, and driver updates for Windows 10, and 11 devices. You can generate reports on devices that have issues with update compliance, Analyze your data, and visualize it in various formats.

To begin using Windows Update for Business reports, first, you must enroll in the service via the Azure portal. Next, you will configure your Azure AD-joined devices to send Windows client diagnostic data to the service. WUfB reports then utilizes Log Analytics in Azure Monitor to store the diagnostic data that your clients transmit.

Patch My PC

You can leverage this data to generate reports about the updates on your devices. Windows Update for Business reports also gathers system data, including update deployment progress, Delivery Optimization usage data, and Windows Update for Business configuration data.

Prerequisites for Configure Windows Update for Business (WUfB) Reports

Before starting the process of adding Windows Update for Business reports to your Azure subscription, it’s important to verify that you meet all the prerequisites. By doing so, you can avoid any potential issues that may arise during the setup process.

  • Azure Subscription and Log Analytics Workspace.
  • Azure AD and Hybrid Azure AD joined Windows devices (including multi-session).
  • Diagnostic Data:
  • Optional level for Windows 11 devices (previously Full)
  • Enhanced level for Windows 10 devices
  • General Availability Channels, Windows Insider Preview channels (?)
  • Proxy/Firewall access to transfer data
Prerequisites for Configure Windows Update for Business (WUfB) Reports Fig.1
Prerequisites for Configure Windows Update for Business (WUfB) Reports Fig.1

Enrollment permissions, To enroll or configure Windows Update for Business report, you must possess one of the following roles:

  • Global Administrator role
  • Intune Administrator
  • Windows Update deployment administrator
  • Policy and profile manager Microsoft Intune role, Microsoft Intune RBAC roles don’t allow access to the Microsoft 365 admin center
Prerequisites for Configure Windows Update for Business (WUfB) Reports Fig.2
Prerequisites for Configure Windows Update for Business (WUfB) Reports Fig.2

Global Reader Role to view details from M365 Admin center and Log Analytics Permissions:

Adaptiva
  • Log Analytics Contributor role can be used to edit and write queries
  • Log Analytics Reader role can be used to read data.

Once you have confirmed that all the prerequisites are in place, you can proceed with setting up Windows Update for Business reports. This involves two main steps:

  • Adding Windows Update for Business reports to your Azure subscription.
  • Configuring your clients to send data to Windows Update for Business reports.

Windows Update for Business WUfB Reports Enrollment Process

Windows Update for Business reports requires an Azure Log Analytics workspace that you own to store the diagnostic data from your clients. To proceed, you can either identify an existing workspace that meets the requirements or create a new workspace by following these steps:

Note! It’s important to note that while an Azure subscription is necessary for using Windows Update for Business reports, you won’t be charged for ingesting the data from these reports.

  • Sign in to the Azure portal at https://portal.azure.com.
  • To get started, in the Azure portal and search for “Log Analytics” using the search bar. As you start typing, the list of options will be filtered based on your input. From the filtered list, select “Log Analytics workspaces.”
Windows Update for Business WUfB Reports Enrollment Process Fig.3
Windows Update for Business WUfB Reports Enrollment Process Fig.3

If you already have a Log Analytics workspace, you will need to select the workspace that you want to use for Windows Update for Business reports. However, if you don’t currently have a Log Analytics workspace, or if you prefer not to use your existing workspace, you will need to create a new workspace in a compatible region.

To enroll in Windows Update for Business reports, you will need to configure its settings either through the Azure Workbook or the Microsoft 365 admin center. Once you complete the configuration, you will no longer need to specify the CommercialID, which was a requirement for Update Compliance, the predecessor of Windows Update for Business reports.

  • In the Azure portal, select Monitor > Workbooks from the menu bar.
  • When the gallery opens, select the Windows Update for Business reports workbook.
  • Select the Get Started button when prompted by the workbook to open the Windows Update for Business reports enrollment flyout.
Configure Windows Update for Business Reports | Intune WUfB Patching Reports 1
Windows Update for Business WUfB Reports Enrollment Process Fig.4

In the flyout, specify which Subscription and Azure Log Analytics Workspace you want to use for Windows Update for Business reports.

Select Save settings to save the settings and enroll into Windows Update for Business reports.

Windows Update for Business WUfB Reports Enrollment Process Fig.5
Windows Update for Business WUfB Reports Enrollment Process Fig.5

Intune Policy for Client Diagnostics Configuration

Let’s check the Intune Policy for Client Diagnostics. It would be best if you used the Settings Picker menu to find and select the settings for Telemetry.

Login to Intune Admin Center, Select Devices > Configuration profiles > Create profile. Device Settings Catalog – Search for the following and deploy to Windows devices:

More details on Intune settings catalog guide – Create Intune Settings Catalog Policy.

Intune Policy for Client Diagnostics Configuration Fig.6
Intune Policy for Client Diagnostics Configuration Fig.6

Windows Update for Business Reports

After waiting for a couple of hours, you can verify that Windows Update for Business reports is working by accessing the dashboard. WUfB (Windows Update for Business) report is the cloud solution that is integrated with WUfB Deployment Service.

To do so, sign in to the Azure portal and navigate to Monitor > Workbooks > Windows Update for Business reports. From there, you should be able to see a visually appealing dashboard that provides detailed insights into your update compliance status.

Clicking on the Quality updates tab will allow you to view the deployment status for various updates, such as the latest security update, missing one security update, missing multiple security updates, and the count of active alerts.

Windows Update for Business Reports Fig.7
Windows Update for Business Reports Fig.7

Upon accessing the Windows Update for Business reports dashboard, you will notice several tabs, including Overview, Quality updates, Feature updates, and Delivery Optimization.

Windows Update for Business Reports Fig.8
Windows Update for Business Reports Fig.8

You can make it easier to monitor update compliance by routing data for Azure AD device groups to different Log Analytics workspaces and securing them using Azure RBAC.

In Azure role-based access control (RBAC), resource access is controlled by creating a role assignment, which consists of 3 elements:

  • Security principal: Entity requesting access (user, group, service principal, managed identity)
  • Role definition: Collection of permissions (*/read, */write)
  • Scope: Delimitation of access applied to a set of resources

This means that given a group of users (security principal), you can secure their access to a workspace (scope) by assigning the built-in Log Analytics Reader role or equivalent custom role (role definition).

Video Guide WUfB Reports Service Full Overview | Intune Patching Report

This video provides a comprehensive overview of the WUfB Reports Service, including details on the Intune Patching Report and the WUfB Deployment Service. By watching this video, you can learn more about more.

➡️If you are enjoying the free content that’s exclusively shared with you by the HTMD Community, please consider supporting us by subscribing to our HTMD Community – YouTube channel. By subscribing, you’ll stay up to date on all our latest content, and you’ll be helping us continue to provide valuable resources to our community.

Video Guide WUfB Reports Service Full Overview | Intune Patching Report

Author

About Author – JiteshMicrosoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.