Queries for the UpdateSummary table

For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.

Summary of updates available across machines

Count of updates available under various categories for each machine.

// To create an alert for this query, click '+ New alert rule'
UpdateSummary 
| where TimeGenerated>ago(14h) 
| summarize by Computer, CriticalUpdatesMissing, SecurityUpdatesMissing, OtherUpdatesMissing, TotalUpdatesMissing, ResourceId

Missing update specific product

WSUS computer membership.

// To create an alert for this query, click '+ New alert rule'
UpdateSummary
| summarize AggregatedValue = count() by WSUSServer, Computer, _ResourceId

Automatic update configuration

Automatic update configuration.

// To create an alert for this query, click '+ New alert rule'
UpdateSummary
| summarize AggregatedValue = count() by WindowsUpdateSetting, Computer, _ResourceId

Automatic update configuration is disabled

Computers with automatic update disabled.

// To create an alert for this query, click '+ New alert rule'
UpdateSummary
| where WindowsUpdateSetting == "Manual" 
| sort by TimeGenerated desc