WDATP missing KBs discovery - does it requre WUfB or will work with WSUS?


Dear Experts,

What is the method WDATP using for discovering missing Windows 10 KBs (e.g. missing updates). I recall reading about "Discovered Vulnerability" discovery process is fully independent from WU (windows update) subsisted. What about "Missing KBs" discovery? Is it also independent from built in Windows Update functioning? Will it work is customer still using WSUS?

I know WUfB is Microsoft’s preferred update mechanism. But is WUfB required for full WDATP experience?

Also, can you advise good method testing "Missing KBs" discovery working? So i far the only idea I came with is force uninstalling of update and then wait to see in the WDATP GUI. The documentation on those areas is shallow (here is what i use https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/next-gen-... ), or I can not find the right link. Can you please suggest official MS link explaining expected operational timers and inner pluming...

2 Replies

Right, perhaps i can join and ask those questions during AMA on threat and vulnerability management!

I'm also interested in how this feature works. We're piloting wdatp and our servers and win10 clients are showing a wide range of missing kbs in the wdatp portal. But windows update on the machines and the OMS update management feature in Azure are not showing anything missing. Obviously I want to know whether this is a false positive or if we've been missing something with our existing approach.

We are using wufb for clients, and plain windows update (no wsus) for servers.