- What’s your ENow AppGov Score? Free Microsoft Entra ID app security assessment - Thu, Nov 30 2023
- Docker logs tail: Troubleshoot Docker containers with real-time logging - Wed, Sep 13 2023
- dsregcmd: Troubleshoot and manage Azure Active Directory (Microsoft Entra ID) joined devices - Thu, Aug 31 2023
If you want to check the Windows 11 readiness of a single device, Microsoft provides the PC Health Check app. It is primarily targeted at private consumers. For organizations with hundreds or thousands of PCs, it doesn't make sense to run this app on every single device. For these customers, the cloud service Update Compliance offers a centralized solution that has been extended to report Windows 11 readiness.
Update Compliance is found in the Azure portal. It ingests Windows client diagnostic data to report on missing patches and outstanding feature updates. Microsoft has included the license for this service by default with Windows 10 or Windows 11. Microsoft also waives Azure Log Analytics ingestion and retention charges as part of the solution.
Currently, Update Compliance works only with Windows 10 or Windows 11 Pro, Education, and Enterprise editions. It supports both the standard single-session on-premises versions and the multisession Azure versions. It is not compatible with Windows Server SKUs.
The Update Compliance tool collects system data, including the following:
- Update deployment progress
- Windows Update for Business configuration data
- Delivery optimization usage data
How does Update Compliance work?
It takes the information collected from the end users' devices and sends the data to the customer's tenant Azure portal where Update Compliance has been configured.
To make the connection between Azure and your client devices, a CommercialID is generated in Azure, which is used to identify devices in your environment. It is a globally unique identifier assigned to your specific Log Analytics workspace.
Requirements for use
Below are the requirements for using the tool:
- Check to make sure your system meets the requirements to use Update Compliance.
- Add a Log Analytics Workspace if one does not exist.
- Add and configure Update Compliance in your Azure portal.
- Configure client devices to send diagnostic data to the Update Compliance tool.
For the basic setup of Update Compliance, see our step-by-step guide.
Viewing the Windows 11 Readiness Status report
After you have waited for the recommended 24 hours or so for the machines to be scanned and added to the Azure Portal in your WaasUpdateInsights, you should be able to see the machines listed.
Navigate to the Workbooks blade.
Under Workbooks > WaaSUpdateInsights, you will see the Windows 11 Readiness Status workbook.
Under the Update Compliance – Windows 11 Readiness Status, you will see the devices listed that have been scanned for Windows 11 Readiness. In the example below, the device is listed as NotCapable.
If you continue to scroll down to the bottom of the blade, you will see the ReadinessStatus and the ReadinessReason. The Windows 11 Update Readiness Status report shows the device name, the status of the readiness check, and the reason if the machine has failed the status check.
As you can see below, the device does not have a TPM installed, so it has failed the Windows 11 Readiness Status.
The Windows 11 Readiness Status check as part of the Update Compliance Azure solution is an excellent way for organizations to check devices across the organization for Windows 11 upgrade readiness. The tool makes scanning devices for Windows 11 readiness easy to achieve, even if the devices are located across different sites or on the Internet.
Subscribe to 4sysops newsletter!
The Microsoft-provided enrollment script or a GPO provides an automated way to enroll machines. The scan processes, by default, do require waiting for 24 hours or more to see the devices show up in the Update Compliance dashboard.