cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Update Compliance - Query on Specific Security Updates

Simeon_Hemus
Copper Contributor

‎Jun 09 2020 02:10 PM - edited ‎Jun 09 2020 08:18 PM

‎Jun 09 2020 02:10 PM - edited ‎Jun 09 2020 08:18 PM

Update Compliance - Query on Specific Security Updates

I'm just trialling out Update Compliance and i can't seem to find any specific queries that i can put into the Log Analytics to return what security updates are actually installed on the computers that are reporting to "Update Compliance".

Microsoft send us emails about all of the Critical updates we need to have installed on our desktop fleet but how do you know if these updates are actually installed if it doesn't actually tell you what KB Updates are installed or not. It appears that Update Compliance only reports on whether the computer is up-to-date according to what the update ring is configured, so this is taking into account the Service Channel & the Quality update deferral period, so if there is a new Critical Microsoft Update, it doesn't get installed until the deferral date expires on that update ring.

 

So am i missing something? Is there a way to actually verify whether a particular update has been installed using Update Compliance?

2,625 Views
2 Likes
4 Replies
Reply
4 Replies
best response confirmed by Simeon_Hemus (Copper Contributor)
Aria Carley

‎Jun 25 2020 09:33 AM

‎Jun 25 2020 09:33 AM

Solution

Re: Update Compliance - Query on Specific Security Updates

Hello Simeon, WaaSDeploymentStatus contains "ReleaseName" which is KB article: schema here. You should be able to query for that. :)

1 Like
Reply
Simeon_Hemus

‎Jun 25 2020 01:05 PM

‎Jun 25 2020 01:05 PM

Re: Update Compliance - Query on Specific Security Updates

Thanks Aria,
I'll check this out.
0 Likes
Reply
Simeon_Hemus

‎Jul 17 2020 02:16 PM

‎Jul 17 2020 02:16 PM

Re: Update Compliance - Query on Specific Security Updates

For anyone that wants to know what the specific query is to search all computers for a specific update to find out whether it is installed or not, here it is:

 

WaaSDeploymentStatus
| where ReleaseName startswith "KB4560960" and TimeGenerated > ago(30d)
| summarize arg_max(ReleaseName, DeploymentStatus) by Computer
 
I found this website which has got a list of queries which is quite helpful:
0 Likes
Reply
Simeon_Hemus

‎Aug 10 2020 03:06 AM

‎Aug 10 2020 03:06 AM

Re: Update Compliance - Query on Specific Security Updates

I have another issue with Update Compliance now,

After a month or so since i deployed the Update Compliance Script on several computers, which configures several Registry Settings of which one of them is the CommecialId of my Log Analytics Workspace in registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection\CommercialId

I am now finding that some of the computers have lost this Commercial ID Registry setting and i have to redeploy the Update Compliance Script.  Does anyone know what is going on here?

Also after i have redeployed it, there may be some other issues because now it doesn't seem to be updating the WorkSpace with the latest information of the update status, as an example i've updated my computer and it is fully up-to-date, but in the Update Compliance Dashboard it is showing the computer as not-up-to-date.  Any Troubelshooting steps or articles that people have would be helpful.  Thanks,

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Simeon_Hemus (Copper Contributor)
Aria Carley

‎Jun 25 2020 09:33 AM

‎Jun 25 2020 09:33 AM

Solution

Re: Update Compliance - Query on Specific Security Updates

Hello Simeon, WaaSDeploymentStatus contains "ReleaseName" which is KB article: schema here. You should be able to query for that. :)

View solution in original post

1 Like
Reply