Missing devices in Windows Update for Business reports?

  • Thread starter Thread starter Aakanksha_Saxena
  • Start date Start date
A

Aakanksha_Saxena

We have a new alert that can assist you with improving your Windows Update reporting in Azure Workbooks. Find out how this alert can help you enhance organizational security by showing you which devices may be absent from the reports. Then let's explore how you can solve this issue.

Current Windows Update for Business reports experience


Are you using Windows Update for Business reports to gain useful insights into your compliance status? Ideally, all devices within a tenant would be included in Windows Update for Business reports after enrollment at the tenant level. But sometimes, the number of devices actively sending diagnostic data to Windows Update for Business reports is lower than expected.

Devices don't always send data to diagnostic reports as they should. You might need to check your devices to ensure they are active and properly configured.

We just added a new feature to help you find these devices with the new DeviceDiagnosticDataNotReceived alert.

A new alert for devices missing in reports


The DeviceDiagnosticDataNotReceived alert compares device data from Entra ID with Windows Update for Business reports to help identify devices that aren't sending diagnostic data.

You can use Log Analytics or Windows Update for Business reports, which are built on queries from Log Analytics, to locate missing devices. Let's see how you can work with this alert in either service.

Find missing devices in Windows Update for Business reports


A new feature in the Windows Update for Business reports workbook will help you see how many devices are not showing up in the reports. It also shows you which devices are not sending data.

Let's look at how you can use active alerts to find the total count of devices and the device name, device ID, and the last login time of any missing device.

The missing device information is displayed in the Azure Workbooks' Overview tab, within the Total devices KPI card.

  1. Go to portal.azure.com.
  2. Navigate to Monitor > Workbooks > Insights.
  3. Open the Windows Update for Business workbook.
  4. On the Overview page, locate the Total devices KPI card.
  5. Select View details.

Screenshot of view of devices for which data is available in Windows Update for Business reports.
Screenshot of view of devices for which data is available in Windows Update for Business reports.

  1. Explore the Missing devices tab to see details of currently unavailable devices.

Screenshot of missing devices view in Windows Update for Business reports (a mockup).
Screenshot of missing devices view in Windows Update for Business reports (a mockup).

The Missing devices tab houses the list of devices identified by the DeviceDiagnosticDataNotReceived alert which displays information about the total count of devices currently unavailable in the report. These devices are not currently sending diagnostic data. The report also shows relevant details for these devices (device ID, and alert-specific timestamps).


Important: If you notice that the DeviceName field is blank or contains a “#,” it means that the AllowDeviceNameInDiagnosticData policy is not configured. We are working to integrate more functionality that would enable you to view the device names in Windows Update for Business reports. This is not available at present, and you would only see the DeviceName field populated for devices with this policy configured.

The timestamp of a device's last login, pulled from the Entra ID object, is displayed in the AlertData field.

A search bar is available to make it easier to locate a specific device record, since the device list shows only a few rows at a time.


Important: The list only shows up to 250 rows of active alerts at the moment. However, you can access the complete list of results by using the export button.

Screenshot of the newly added Missing devices tab in the Total devices KPI card (a mockup).
Screenshot of the newly added Missing devices tab in the Total devices KPI card (a mockup).

Query the missing device data in Log Analytics


Log Analytics lets you see the same alert information, and more. Use it to check for resolved and deleted alerts, too.

To find devices that don't send diagnostic data, you can query the UCDeviceAlert table in Log Analytics from Azure Monitor.

  1. Go to portal.azure.com.
  2. Navigate to Monitor > Logs.
  3. (Optional) Set the time range.
  4. Run the following query:
    UCDeviceAlert
    | where AlertSubtype == "DeviceDiagnosticDataNotReceived"
    | project DeviceName, AzureADDeviceId, AlertStatus, AlertSubtype, StartTime, AlertData, Description, Recommendation

Screenshot of the query to find devices with an active DeviceDiagnosticDataNotReceived alert in Log Analytics (a mockup).
Screenshot of the query to find devices with an active DeviceDiagnosticDataNotReceived alert in Log Analytics (a mockup).

This query will display all the information that relates to the DeviceDiagnosticDataNotReceived alert. You'll see a list of alerts that are active, resolved, or deleted. To find the devices that are relevant, look at these fields: AzureADDeviceId, StartTime, and AlertData.

For alert details and recommended remediation steps, see the StartTime, AlertData, Description, and Recommendation fields.


Important: The AlertData field does not show up in the tables by default in Log Analytics. Add it specifically to your queries to include it in your query results.

If you need extra help, check out Log Analytics tutorial.

Check for appropriate configuration of diagnostic data


Use the DeviceDiagnosticDataNotReceived alert to help you pinpoint exactly which devices need attention. Then ensure that they're active and correctly configured to send diagnostic data.

  1. Make sure the device is powered on. Use parameters like device Entra ID and Tenant ID from the alert record, along with the LastLogOnTimeStamp in Entra ID to identify device activity more precisely.
  2. Ensure that the device is connected to the internet.
  3. Verify and fix any configuration issues. Learn more about troubleshooting with Prerequisites for Windows Update for Business reports.
Verify your Windows device population for reporting


A good goal is for the total number of your devices to match the sum of these counts from Windows Update for Business reports:

  • Total count of devices (Overview > Total devices KPI)
  • Total count of devices with the active DeviceDiagnosticDataNotReceived alert (Overview > Total devices > View details > Missing devices)

This alert will help you find devices that need fixes. Use this information to reduce the discrepancy between the enrolled and reported devices.

Start using the new alert today


We're happy to announce this new alert that will help you gain more value from Windows Update for Business reports. We encourage you to use it as you create more comprehensive and more reliable data reports. This is one of many improvements we're introducing based on your feedback, so stay tuned for more updates.

If you want to learn more, we invite you to check out these additional resources:


Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X/Twitter. Looking for support? Visit Windows on Microsoft Q&A.

Continue reading...
 
Back
Top