This week is all about creating some awareness for a newly introduced page within the Microsoft 365 admin center portal. That new page is the Software updates page and that page provides a high-level overview – in the Windows tab – of the installation status of Windows updates within the organization. It literally provides a high-level overview, as it currently only shows the most important pieces of information. Those pieces of information are the Windows update status information and the End of servicing information. That information provides key insights in the status of devices within the organizations. That includes a quick look at the status of the latest security updates on the devices within the organization, to make sure that the devices are protected from known vulnerabilities. This post will go through the prerequisites, the steps to get started and an overview of that software updates page.
Important: At the moment of writing, the Software updates page in Microsoft 365 admin center is public preview.
Note: The Windows tab, on the Software updates page, relies on information from Update Compliance.
Prerequisites for the software updates page
The Windows tab, on the Software updates page, relies on information that is coming from Update Compliance. Update Compliance is a solution that can be turned on in the Azure subscription, to enable Windows devices to have a location to send their update information. That means that to get started with the Software Updates page, the following configurations should be in place to get started.
- Update Compliance must be enabled and the Windows devices are sending data to the solution
- Administrative users must be provided with the appropriate permissions
Getting started with the software updates page
Before getting data in the Windows tab of the Software update page, a few minor configurations should be performed. Those configurations mainly rely on the configuration of the Update Compliance solution, but basically just need an additional verification. To get started with the Windows tab of the Software update page, simply follow the four steps described below.
- Open the Microsoft 365 admin center portal and navigate to Health (when not available, first click Show all to display all options) > Software updates > Windows
Note: While in preview, the Software updates option is might not be available. In that case, use this direct link to https://admin.microsoft.com/Adminportal/Home#/softwareupdates to get started.
- When Update Compliance is configured, the Software updates page will prompt to the Configure Settings tab
- Verify or supply information about the Azure subscription and the Log Analytics workspace that are used for Update Compliance and click Save Settings
Note: This configuration can only be completed when Update Compliance is already configured.
- When the initial setup is complete, the Windows tab will display Update Compliance data in the charts
Note: After the initial setup it can take up to 24 hours before the charts are shown and during this time the Windows tab will display Waiting for Update Compliance data.
Overview of the software updates page
When the Update Compliance solution is configured and it’s been over 24 hours after the initial setup of the Windows tab on the Software updates page, it’s time to look at the information that is provided. The first section of the page provides an introduction, as shown below in Figure 2. That introduction contains a few cross-links to related products and the Configure settings button. That button can be used to adjust and verify the applied settings related to the Update Compliance solution (see also Figure 1).
The second section of the page provides a high-level overview of the Windows update status, as shown below in Figure 3. That overview is created by looking at the Devices by update status. A single colored line that shows the number of devices that are Up to date (devices that have installed the security updates that were released within the past two months), Missing security updates (devices that don’t have are two months or more behind on security updates) or Unsupported operating systems (devices that are running an unsupported operating system). That information can be verified by actually looking into the Update Compliance solution, as shown below in Figure 4. The same number of devices should be shown in the Overall security update status section.
Important: Keep in mind that just like with the Update Compliance solution, the Windows devices that are running Insider Preview releases are not part of the security update status information.
Note: The environment used for showing this information is mainly running Windows Insider Preview releases. The devices shown as not up-to-date are not enough online to provide an up-to-date status.
The third and last section of the page provides a high-level overview of the End of service overview, as shown below in Figure 5. That provides an overview in a table of all operating system versions that aren’t the latest version (including the number of devices per version). That information can used to determine how many devices need to install the latest version and can provide some insights in the progress of the deployment of a new deployment.
Note: The environment used for showing this information is mainly running Windows Insider Preview releases. No devices are shown, as their all running the latest Windows version or a preview version.
When more detailed information is needed, simply return to the Update Compliance solution for more information. That could also mean to look a custom workbook that provides more detailed information, based on the data from the Update Compliance solution. For ideas around a custom workbook, have a look at this post: Enhance Update Compliance with a custom Workbook in Microsoft Endpoint Manager admin center.
For more information about Update Compliance and the different schemas, refer to the following docs.