Get started with Update Compliance
This topic explains the steps necessary to configure your environment for Windows Analytics: Update Compliance.
Steps are provided in sections that follow the recommended setup process:
- Ensure that prerequisites are met.
- Add Update Compliance to Microsoft Operations Management Suite.
- Deploy your Commercial ID to your organization’s devices.
Update Compliance prerequisites
Update Compliance has the following requirements:
- Update Compliance is currently only compatible with Windows 10 devices. The solution is intended to be used with desktop devices (Windows 10 workstations and laptops).
- The solution requires that Windows 10 telemetry is enabled on all devices that are intended to be displayed in the solution. These devices must have at least the basic level of telemetry enabled. To learn more about Windows telemetry, see Configure Windows telemetry in your organization.
The telemetry of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified endpoints for each of the telemetry services, which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on telemetry endpoints and summarizes the use of each endpoint:
Service Endpoint Connected User Experience and Telemetry component v10.vortex-win.data.microsoft.com
Windows Error Reporting watson.telemetry.microsoft.com Online Crash Analysis oca.telemetry.microsoft.com
To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled cloud-delivered protection. See the Troublehsoot Windows Defender Antivirus reporting topic for help on ensuring the configuration is correct.
For endpoints running Windows 10, version 1607 or earlier, Windows telemetry must also be set to Enhanced, to be compatible with Windows Defender Antivirus.
See the Windows Defender Antivirus in Windows 10 content library for more information on enabling, configuring, and validating Windows Defender AV.
Add Update Compliance to Microsoft Operations Management Suite
Update Compliance is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud-based servicing for monitoring and automating your on-premise and cloud environments. For more information about OMS, see Operations Management Suite overview.
If you are already using OMS, skip to step 6 to add Update Compliance to your workspace.
If you are not yet using OMS, use the following steps to subscribe to OMS Update Compliance:
Go to Operations Management Suite on Microsoft.com and click Sign in.
Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
Create a new OMS workspace.
Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Click Create.
If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator. If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. If you do not yet have an Azure subscription, follow this guide to create and link an Azure subscription to an OMS workspace.
To add the Update Compliance solution to your workspace, go to the Solutions Gallery. While you have this dialog open, you should also consider adding the Upgrade Readiness and Device Health solutions as well, if you haven't already. To do so, just select the check boxes for those solutions.
Select the Update Compliance tile in the gallery and then select Add on the solution’s details page. You might need to scroll to find Update Compliance. The solution is now visible in your workspace.
Click the Update Compliance tile to configure the solution. The Settings Dashboard opens.
Click Subscribe to subscribe to OMS Update Compliance. You will then need to distribute your Commercial ID across all your organization’s devices. More information on the Commercial ID is provided below.
After you are subscribed to OMS Update Compliance and your devices have a Commercial ID, you will begin receiving data. It will typically take 24 hours for the first data to begin appearing. The following section explains how to deploy your Commercial ID to your Windows 10 devices.
You can unsubscribe from the Update Compliance solution if you no longer want to monitor your organization’s devices. User device data will continue to be shared with Microsoft while the opt-in keys are set on user devices and the proxy allows traffic.
Deploy your Commercial ID to your Windows 10 devices
In order for your devices to show up in Windows Analytics: Update Compliance, they must be configured with your organization’s Commercial ID. This is so that Microsoft knows that a given device is a member of your organization and to feed that device’s data back to you. There are two primary methods for widespread deployment of your Commercial ID: Group Policy and Mobile Device Management (MDM).
Using Group Policy
Deploying your Commercial ID using Group Policy can be accomplished by configuring domain Group Policy Objects with the Group Policy Management Editor, or by configuring local Group Policy using the Local Group Policy Editor.
- In the console tree, navigate to Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds
- Double-click Configure the Commercial ID
- In the Options box, under Commercial Id, type the Commercial ID GUID, and then click OK.
Using Microsoft Mobile Device Management (MDM)
Microsoft’s Mobile Device Management can be used to deploy your Commercial ID to your organization’s devices. The Commercial ID is listed under Provider/ProviderID/CommercialID. More information on deployment using MDM can be found here.