Muokkaa

Jaa


Configuring Microsoft Intune devices for Windows Update for Business reports

This article is targeted at configuring devices enrolled to Microsoft Intune for Windows Update for Business reports, within Microsoft Intune itself. Configuring devices for Windows Update for Business reports in Microsoft Intune breaks down to the following steps:

  1. Create a configuration profile for devices you want to enroll. The configuration profile contains settings for all the Mobile Device Management (MDM) policies that must be configured.
  2. Wait for data to populate. The length of this process depends on the computer being on, connected to the internet, and correctly configured. Some data types take longer to appear than others. For more information, see Use Windows Update for Business reports.

Tip

  • If you need to troubleshoot client enrollment, consider deploying the configuration script as a Win32 app to a few devices and reviewing the logs it creates. Additional checks are performed with the script to ensure devices are correctly configured.
  • Intune provides compliance reports and they have their own prerequisites for use. The number of devices that appear in the Intune reports may also vary from the Windows Update for Business reports. For more information, see Intune compliance reports for updates.

Create a configuration profile

Create a configuration profile that will set the required policies for Windows Update for Business reports. There are two profile types that can be used to create a configuration profile for Windows Update for Business reports (select one):

Settings catalog

  1. In the Intune admin center, go to Devices > Windows > Configuration profiles.

  2. On the Configuration profiles view, select Create profile.

  3. Select the following options, then select Create when you're done:

    • Platform: Windows 10 and later
    • Profile type: Settings Catalog
  4. You're now on the Configuration profile creation page. On the Basics tab, provide a Name and Description for the profile.

  5. On the Configuration settings page, you'll add multiple settings from the System category. Using the Settings picker, select the System category.

  6. Add the following required settings and values the System category:

    • Setting: Allow Telemetry
      • Value: Basic
        • Basic is the minimum value, but it can be safely set to a higher value. Basic is also known as required diagnostic data.
  7. Add the following recommended settings and values from the System category:

    Note

    These settings aren't required, but they're recommended to ensure that users of the device cannot override the diagnostic data level of the device.

    • Setting: Configure Telemetry Opt In Settings Ux

      • Value: Disabled
        • By turning this setting on, you're disabling the ability for a user to potentially override the diagnostic data level of devices such that data won't be available for those devices in Windows Update for Business reports.
    • Setting: Configure Telemetry Opt In Change Notification

      • Value: Disabled
        • By turning this setting on, you're disabling notifications of diagnostic data changes.
    • Setting: Allow device name to be sent in Windows diagnostic data

      • Value: Allowed
        • If this policy is disabled, the device name won't be sent and won't be visible in Windows Update for Business reports.
  8. Continue through the next set of tabs Scope tags, Assignments, and Applicability Rules to assign the configuration profile to devices you wish to enroll.

  9. Review the settings and then select Create.

Custom OMA URI-based profile

  1. In the Intune admin center, go to Devices > Windows > Configuration profiles.

  2. On the Configuration profiles view, select Create profile.

  3. Select the following options, then select Create when you're done:

    • Platform:Windows 10 and later
    • Profile type: Templates
    • Template name: Custom
  4. You're now on the Configuration profile creation screen. On the Basics tab, provide a Name and Description.

  5. On the Configuration settings page, you'll be adding multiple OMA-URI Settings that correspond to the policies described in Manually configuring devices for Windows Update for Business reports.

    Required settings:

    1. Add a setting configuring the Windows Diagnostic Data level for devices:
      • Name: Allow Telemetry
      • Description: Sets the maximum allowed diagnostic data to be sent to Microsoft, required for Windows Update for Business reports.
      • OMA-URI: ./Vendor/MSFT/Policy/Config/System/AllowTelemetry
      • Data type: Integer
      • Value: 1
        • 1 is the minimum value meaning required or basic diagnostic data, but it can be safely set to a higher value.

    Recommended settings, but not required:

    1. Add settings for Disabling devices' Diagnostic Data opt-in settings interface. If these aren't disabled, users of each device can potentially override the diagnostic data level of devices such that data won't be available for those devices in Windows Update for Business reports:
      • Name: Disable Telemetry opt-in interface
      • Description: Disables the ability for end users of devices can adjust diagnostic data to levels lower than defined by the Allow Telemetry setting.
      • OMA-URI: ./Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptInSettingsUx
      • Data type: Integer
      • Value: 1
    2. Add a setting to Allow device name in diagnostic data; otherwise, the device name won't be in Windows Update for Business reports:
      • Name: Allow device name in Diagnostic Data
      • Description: Allows device name in Diagnostic Data.
      • OMA-URI: ./Vendor/MSFT/Policy/Config/System/AllowDeviceNameInDiagnosticData
      • Data type: Integer
      • Value: 1
    3. Add a setting to Configure Telemetry Opt In Change Notification. Diagnostic data opt-in change notifications won't appear when changes occur.
      • Name: Configure Telemetry Opt In Change Notification
      • Description: Disables Telemetry Opt In Change Notification
      • OMA-URI: ./Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptInChangeNotification
      • Data type: Integer
      • Value: 1
  6. Continue through the next set of tabs Scope tags, Assignments, and Applicability Rules to assign the configuration profile to devices you wish to enroll.

  7. Review the settings and then select Create.

Deploy the configuration script

The Windows Update for Business reports Configuration Script is a useful tool for properly enrolling devices in Windows Update for Business reports, though it isn't strictly necessary. It checks to ensure that devices have the required services running and checks connectivity to the endpoints detailed in the section on Manually configuring devices for Windows Update for Business reports. You can deploy the script as a Win32 app. For more information, see Win32 app management in Microsoft Intune.

Note

Using the script is optional when configuring devices through Intune. The script can be leveraged as a troubleshooting tool to ensure that devices are properly configured for Windows Update for Business reports.

When you deploy the configuration script as a Win32 app, you won't be able to retrieve the results of logs on the device without having access to the device, or saving results of the logs to a shared filesystem. We recommend deploying the script in pilot mode to a subset of devices that you can access. After following this guidance, you can deploy the configuration script in deployment mode as a Win32 app to all Windows Update for Business reports devices.

Next steps

Use Windows Update for Business reports