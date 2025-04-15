Perhaps the most important and time-consuming task that an IT administrator has is managing software and hardware updates. So, they need to evaluate update data and issues via whatever reporting methods are available.

Windows administrators who need to manage system updates can turn to Windows Update for Business to help with both the management and the process assessment thanks to its extensive reporting system.

However, it can take some getting used to, so admins should learn how to make the most of Windows Update for Business and its reporting features before they can implement this feature in production.

What is Windows Update for Business reporting? Windows Update for Business, also known as WUfB, is a service in the Microsoft Azure and Intune cloud platforms that manages and monitors Windows update status for domain-joined cloud devices. Intended for commercial customers, it provides comprehensive reporting on the status of Windows security, quality, product and driver updates for Windows clients. This allows the IT admin to identify out-of-compliance devices for update action. Further, it helps keep devices healthy, reducing downtime and avoiding security breaches. Organizations used to rely on Windows Server Update Services (WSUS) and Microsoft Update Compliance for update management and reporting. However, Microsoft Update Compliance retired in March 2023 and WSUS is scheduled to retire in early 2025. Update Compliance was replaced by Windows Update for Business reports. Microsoft said Windows Update for Business is a result of the vendor listening to customers' complaints and suggestions. It identified several areas in which Windows Update for Business reporting provides new benefits to the IT staff.

How to enable Windows Update for Business with prerequisites While Windows Update for Business is available in Azure and Intune, the following description is focused on how to enable Windows Update for Business in Azure. This assumes that the user has an Azure subscription and devices with proper licenses are configured. The operating systems (OSes) and editions that Windows Update for Business supports include Windows 10 and Windows 11 Professional, Education, Enterprise and Enterprise multi-session editions. These must be multi-tenant editions. In addition, Windows Update for Business reports only provide reporting data for standard Windows client version and does not support Windows Server, Surface Hub, IoT or other versions. Primarily, devices must be Microsoft Entra ID joined or Entra ID hybrid joined. Microsoft Entra-registered devices, such as BYOD, are not supported. Microsoft Entra ID can manage user identities and control access to network data. Domain services and Azure Active Directory (AD) are included in Entra ID. Other prerequisites for enabling Windows Update for Business include the following: Azure Log Analytics workspace in a supported region. Note that the regions listed in the workspace creation wizard are not all supported.

Permissions are provided from Microsoft Entra ID or Intune, Azure, and Microsoft 365 Admin Center.

Specific roles in resources, such as Intune Administrator, are required to enroll in Windows Update for Business reports.

The Windows Update for Business reports must be enrolled in the Azure Workbook.

Windows clients must be running an OS with the February 2023 cumulative update or later to enroll in Windows Update for Business reports. Devices must also be configured to send client diagnostic data to Windows Update for Business.

Additional information regarding endpoint support, diagnostic data requirements and supported log analytics regions is available in the Microsoft Windows Update for reports prerequisites article.

Configuring Windows Update for Business Reports in Azure Windows Update for Business is an Azure Workbook template that is pre-defined in the Azure portal and is a part of the Log Analytics workspace. Access Windows Update for Business by logging into the Azure Portal and clicking Monitor. Then, select Workbooks in the left navigation pane and go all the way to the end of the workbooks list to find Windows Updates for Business as shown in Figure 1. Figure 1. The Windows Update for Business section in the Azure Workbooks gallery. To configure Windows Update for Business properly, there are a few preparation steps to take. For instance, IT needs the right subscriptions in place, and admins must configure and deploy the devices within a Resource Group and a Log Analytics workspace. Assuming devices are available and an active subscription is in place, IT must perform the following steps for Windows Update for Business creation and configuration. Figure 2. The page allows admins to create a resource group that they can use to define Windows Update for Business policies. Figure 3. The option to add specific clients to a targeted resource group so IT can manage updates. Open and log in to the Azure Portal. Associate the clients with an Azure Log Analytics workspace, and a Resource Group must be created and configured with the proper clients associated with them. Create a Resource Group by clicking on the Resource Group icon on the Azure portal home page. Click on Create .

.

Select the subscription and provide a name for the resource group (Figure 2).



Click Review + Create , then click Create .

, then click .

Assign devices to the Resource Group. This is done in the client configuration as shown in Figure 3. Figure 4. The steps to create an Azure Log Analytics workspace that will allow IT to group and monitor the reports. On the Azure Portal Home page, click on the Log Analytics workspace icon on the Azure Home page, then click on Create. Complete the form to create the workspace (Figure 4) by indicating the subscription and the Resource Group to be used. Provide an Instance name and region and click Review & Create, then click Create. Figure 5 lists all Log Analytics workspaces and the assigned resource groups. This example uses a basic Windows Update for Business workspace. Figure 5. The Windows Update for Business reporting tab in the Log Analytics directory. To create the Windows Update for Business workbook from the Azure portal Home page, click on the Monitor icon, then click on the Workbook link in the left pane. This will display pre-configured workbooks. Select Windows Update for Business, located at the very end (Figure 1). In the Windows Update for Business Reports screen, click in the subscription and resource fields and select the proper subscription and Log Analytics workspace. Windows Update for Business. Click Save Settings. Once it is all configured and the devices are set to send diagnostic data, it might take up to 24 hours to get reports.