Update Compliance overview

(Applies to: Windows 11 & Windows 10)

Important

This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.

Update Compliance is a cloud-based solution that provides information about the compliance of your Azure Active Directory-joined devices with Windows updates. Update Compliance is offered through the Azure portal, and it's included as part of the Windows 10 or Windows 11 prerequisite licenses. Update Compliance helps you:

  • Monitor security, quality, and feature updates for Windows 11 and Windows 10 devices
  • Report on devices with update compliance issues
  • Review Delivery Optimization bandwidth savings across multiple content types

Technical preview information for Update Compliance

The new version of Update Compliance is in technical preview. Some of the benefits of this new version include:

Currently, the technical preview contains the following features:

  • Access to the following new Update Compliance tables:
    • UCClient
    • UCClientReadinessStatus
    • UCClientUpdateStatus
    • UCDeviceAlert
    • UCServiceUpdateStatus
    • UCUpdateAlert
  • Client data collection to populate the new Update Compliance tables

Screenshot of using a custom Kusto (KQL) query on Update Compliance data in Log Analytics.

Important

Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet US Government community compliance (GCC) requirements. For a list of GCC offerings for Microsoft products and services, see the Microsoft Trust Center. Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers.

How Update Compliance works

You'll set up Update Compliance by enrolling into the solution from the Azure portal. Then you'll configure your Azure AD-joined devices to send Windows client diagnostic data to the solution. Update Compliance uses Log Analytics in Azure Monitor to store the diagnostic data the clients send. You can use this data for reporting on updates for your devices. Update Compliance collects system data such as:

  • Update deployment progress
  • Delivery Optimization usage data
  • Windows Update for Business configuration data

The Azure Log Analytics ingestion and retention charges aren't incurred on your Azure subscription for Update Compliance data. You also choose an Azure Log Analytics workspaces that you own for your client diagnostic data. The collected diagnostic data populates the Update Compliance tables so you can easily query your data.

Use your Update Compliance data

Since the data from your clients is stored in a Log Analytics workspace, you can go beyond the standard reports to analyze and display your data in multiple ways. Some of the ways you could display your data include:

Next steps