diff --git a/Workbooks/UpdateComplianceV8.json b/Workbooks/UpdateComplianceV8.json new file mode 100644 index 0000000..755d774 --- /dev/null +++ b/Workbooks/UpdateComplianceV8.json @@ -0,0 +1,6182 @@ +{ + "version": "Notebook/1.0", + "items": [ + { + "type": 1, + "content": { + "json": "\r\n\r\n# Windows Update Compliance Dashboard\r\n---\r\n\r\nAn update compliance reporting solution for Windows client devices. Built by Jan Ketil Skanke, Sandy Zeng and Maurice Daly." + }, + "name": "Header Logo " + }, + { + "type": 1, + "content": { + "json": "The purpose of this dashboard is to give you full oversight of your Windows client device patching health. This includes;\n\n1. Patch compliance state over time\n2. Feature update state, including support \n3. Patch content source, and download figures per category\n4. Patching issues reported \n\n**Note:** Values are based on information obtained from multiple logs. The source date entries are opposite\n\n### ⚠ Important - Onboarding URL Documentation\nIn order for clients to communicate with Microsoft telemtry services, please ensure that endpoints listed in the following documentation links are avaialble through your firewall / proxy servers;\n\nhttps://docs.microsoft.com/en-us/windows/privacy/manage-windows-1809-endpoints#windows-update
\nhttps://docs.microsoft.com/en-us/windows/deployment/update/update-compliance-configuration-manual#required-endpoints
\nhttps://docs.microsoft.com/en-us/mem/intune/protect/windows-10-expedite-updates\n" + }, + "customWidth": "60", + "name": "Text - Workbook Summary" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCClient\r\n| extend URL = \"https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/ucclientupdatestatus\"\r\n| summarize arg_max(TimeGenerated,Type, URL)\r\n| extend LogDeltaCheck = iif(TimeGenerated > ago(3d),\"Service OK\",\"Service Issues\")\r\n| union (UCClientReadinessStatus\r\n\t| extend URL = \"https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/ucclientreadinessstatus\"\r\n | summarize arg_max(TimeGenerated,Type,URL))\r\n | extend LogDeltaCheck = iif(TimeGenerated > ago(3d),\"Service OK\",\"Service Issues\")\r\n| union (UCClientUpdateStatus\r\n\t| extend URL = \"https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/ucclientupdatestatus\"\r\n | summarize arg_max(TimeGenerated,Type,URL))\r\n | extend LogDeltaCheck = iif(TimeGenerated > ago(3d),\"Service OK\",\"Service Issues\")\r\n| union (UCDeviceAlert\r\n\t| extend URL = \"https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/ucdevicealert\"\r\n | summarize arg_max(TimeGenerated,Type,URL))\r\n | extend LogDeltaCheck = iif(TimeGenerated > ago(3d),\"Service OK\",\"Service Issues\")\r\n| union (UCServiceUpdateStatus\r\n\t| extend URL = \"https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/ucserviceupdatestatus\"\r\n | summarize arg_max(TimeGenerated,Type,URL))\r\n | extend LogDeltaCheck = iif(TimeGenerated > ago(3d),\"Service OK\",\"Service Issues\")\r\n| union (UCUpdateAlert\r\n\t| extend URL = \"https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/ucupdatealert\"\r\n | summarize arg_max(TimeGenerated,Type,URL)) \r\n | extend LogDeltaCheck = iif(TimeGenerated > ago(3d),\"Service OK\",\"Service Issues\")\r\n| union (WaaSDeploymentStatus\r\n\t| extend URL = \"https://docs.microsoft.com/en-us/windows/deployment/update/update-compliance-schema-waasdeploymentstatus\"\r\n | summarize arg_max(TimeGenerated,Type,URL))\r\n | extend LogDeltaCheck = iif(TimeGenerated > ago(3d),\"Service OK\",\"Service Issues\")\r\n| union (WaaSUpdateStatus\r\n\t| extend URL = \"https://docs.microsoft.com/en-us/windows/deployment/update/update-compliance-schema-waasupdatestatus\"\r\n | summarize arg_max(TimeGenerated,Type,URL))\r\n | extend LogDeltaCheck = iif(TimeGenerated > ago(3d),\"Service OK\",\"Service Issues\")\r\n| union (WUDOAggregatedStatus\r\n\t| extend URL = \"https://docs.microsoft.com/en-us/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus\"\r\n | summarize arg_max(TimeGenerated,Type,URL))\r\n | extend LogDeltaCheck = iif(TimeGenerated > ago(3d),\"Service OK\",\"Service Issues\")\r\n| union (WUDOStatus\r\n\t| extend URL = \"https://docs.microsoft.com/en-us/windows/deployment/update/update-compliance-schema-wudostatus\"\r\n | summarize arg_max(TimeGenerated,Type,URL))\r\n | extend LogDeltaCheck = iif(TimeGenerated > ago(3d),\"Service OK\",\"Service Issues\")\r\n| where isnotempty(Type)\r\n| project Type, TimeGenerated, URL, LogDeltaCheck\r\n| sort by TimeGenerated, LogDeltaCheck", + "size": 3, + "timeContext": { + "durationMs": 604800000 + }, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Type", + "formatter": 1, + "formatOptions": { + "linkColumn": "URL", + "linkTarget": "Url" + }, + "tooltipFormat": { + "tooltip": "Click here to view the Microsoft documentation on this log type" + } + }, + { + "columnMatch": "URL", + "formatter": 5 + }, + { + "columnMatch": "LogDeltaCheck", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "Not OK", + "representation": "2", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + } + } + ], + "labelSettings": [ + { + "columnId": "Type", + "label": "Log File Name" + }, + { + "columnId": "TimeGenerated", + "label": "Last Updated" + }, + { + "columnId": "LogDeltaCheck", + "label": "Service Issues" + } + ] + } + }, + "customWidth": "40", + "name": "Data Grid - Log Dates" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "7785f35d-7e1f-489c-a9d6-dd230b9a124e", + "version": "KqlParameterItem/1.0", + "name": "TimeRange", + "label": "Time Range", + "type": 4, + "value": { + "durationMs": 7776000000 + }, + "typeSettings": { + "selectableValues": [ + { + "durationMs": 86400000 + }, + { + "durationMs": 172800000 + }, + { + "durationMs": 259200000 + }, + { + "durationMs": 604800000 + }, + { + "durationMs": 1209600000 + }, + { + "durationMs": 2419200000 + }, + { + "durationMs": 2592000000 + }, + { + "durationMs": 5184000000 + }, + { + "durationMs": 7776000000 + } + ] + }, + "timeContext": { + "durationMs": 86400000 + } + }, + { + "id": "a3beee04-0d01-4d56-914a-829d8c715f07", + "version": "KqlParameterItem/1.0", + "name": "ActiveClientCount", + "label": "Active Client Count", + "type": 1, + "query": "IntuneDevices\n| where OS == \"Windows\"\n| where todatetime(LastContact) > ago (30d)\n| distinct DeviceId\n| summarize count()\n| project toint(count_)", + "isHiddenWhenLocked": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + { + "id": "e1692f84-4d5c-4563-9281-eab0141fdc12", + "version": "KqlParameterItem/1.0", + "name": "PatchingThreshold", + "label": "Patching Threshold", + "type": 1, + "query": "IntuneDevices\n| where OS == \"Windows\"\n| where todatetime(LastContact) > ago (30d)\n| distinct DeviceId\n| summarize count()\n| extend Threshold = toint(count_)*95/100\n| project toint(Threshold)\n", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 7776000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + { + "id": "1c758c03-b5fd-40e9-b58d-164474c61fee", + "version": "KqlParameterItem/1.0", + "name": "CustomHWLogs", + "type": 1, + "query": "search \"*\" | distinct $table\r\n| extend HWLogsAvailable = iif ($table contains \"DeviceInventory\",\"True\",\"False\")\r\n| where HWLogsAvailable == \"True\"\r\n| summarize count()\r\n| extend Available = iif (count_ > 0,\"True\",\"False\")\r\n| project Available", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 7776000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + { + "id": "ca0900cc-9041-40a4-8809-acce78bf338c", + "version": "KqlParameterItem/1.0", + "name": "ApplicationLogs", + "type": 1, + "query": "search \"*\" | distinct $table\r\n| extend HWLogsAvailable = iif ($table contains \"AppInventory\",\"True\",\"False\")\r\n| where HWLogsAvailable == \"True\"\r\n| summarize count()\r\n| extend Available = iif (count_ > 0,\"True\",\"False\")\r\n| project Available", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "Report Time Range" + }, + { + "type": 11, + "content": { + "version": "LinkItem/1.0", + "style": "tabs", + "links": [ + { + "id": "4f2673f9-8ffe-4321-9526-bf02f83d52f0", + "cellValue": "selectedTab", + "linkTarget": "parameter", + "linkLabel": "Update Summary", + "subTarget": "Summary", + "style": "link" + }, + { + "id": "e84ab260-738f-4b43-89f1-966b27ac90ec", + "cellValue": "selectedTab", + "linkTarget": "parameter", + "linkLabel": "Quality Update History", + "subTarget": "ByQualityUpdates", + "style": "link" + }, + { + "id": "8b1e9d6f-b3ea-4a07-9f2a-56078147c212", + "cellValue": "selectedTab", + "linkTarget": "parameter", + "linkLabel": "Details by Device", + "subTarget": "ByDevice", + "style": "link" + }, + { + "id": "f452fd96-ae28-4984-9e40-199e29399098", + "cellValue": "selectedTab", + "linkTarget": "parameter", + "linkLabel": "Details by Update", + "subTarget": "ByUpdate", + "style": "link" + }, + { + "id": "30a7afb4-1b86-4e8f-9a10-a8b660d65d37", + "cellValue": "selectedTab", + "linkTarget": "parameter", + "linkLabel": "Update Issues", + "subTarget": "ByComplianceIssue", + "style": "link" + }, + { + "id": "daa5d436-f3e9-4f27-afe5-a110acf8ac39", + "cellValue": "selectedTab", + "linkTarget": "parameter", + "linkLabel": "Delivery Optimization", + "subTarget": "ByDeliveryOptimisation", + "style": "link" + }, + { + "id": "51ef157d-c030-4d9b-bbec-e48d1cad3fce", + "cellValue": "selectedTab", + "linkTarget": "parameter", + "linkLabel": "Feature Updates", + "subTarget": "ByFeatureUpdate", + "style": "link" + }, + { + "id": "8a1ac3ec-7cdf-47f2-98bc-31ab051e8ccb", + "cellValue": "selectedTab", + "linkTarget": "parameter", + "linkLabel": "Windows 11 Readiness", + "subTarget": "ByWindows11", + "style": "link" + }, + { + "id": "f3c8a216-2065-4408-a06e-257cd48c5f39", + "cellValue": "selectedTab", + "linkTarget": "parameter", + "linkLabel": "Microsoft Office, Edge & Third Party", + "subTarget": "ByOtherUpdates", + "style": "link" + } + ] + }, + "name": "Parameters " + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "## Update Compliance Health\r\n\r\nUpdate compliance is operational on your devices.", + "style": "success" + }, + "name": "Summary Number Header" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "IntuneDevices\r\n| where OS == \"Windows\"\r\n| where todatetime(LastContact) > ago (30d)\r\n| distinct DeviceId\r\n| summarize count()\r\n| extend Descrption = \"Active Device Count\"\r\n| extend Summary = \"Intune managed devices ({TimeRange})\"\r\n| project toint(count_), Descrption, Summary", + "size": 3, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "columnMatch": "Descrption", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Monitoring", + "text": "{0}{1}" + } + ] + } + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "min": 0, + "palette": "green" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Summary" + }, + "showBorder": false, + "size": "auto" + } + }, + "name": "Active Device Count" + }, + { + "type": 1, + "content": { + "json": "--------\r\n
" + }, + "name": "Numbers Rule 1" + }, + { + "type": 1, + "content": { + "json": "## Windows Update for Business\r\n\r\nWindows Update for Business is reporting that not all of your devices are registered. This can be due to your update workload configuration, and/or retired devices in your environment. ", + "style": "info" + }, + "conditionalVisibility": { + "parameterName": "{ActiveClientCount}", + "comparison": "isNotEqualTo", + "value": "{PatchingThreshold}" + }, + "name": "WUfB Device Count - Not Matching" + }, + { + "type": 1, + "content": { + "json": "Windows Update for Business is reporting all devices as being onboarded.", + "style": "success" + }, + "conditionalVisibility": { + "parameterName": "{ActiveClientCount}", + "comparison": "isEqualTo", + "value": "{PatchingThreshold}" + }, + "name": "WUfB Device Count - Matching" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCClient\r\n| distinct AzureADDeviceId\r\n| summarize count()\r\n| extend Descrption = \"WUfB Devices\"\r\n| extend Summary = \"Registered devices ({TimeRange})\"\r\n| project toint(count_), Descrption, Summary", + "size": 3, + "color": "blue", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "columnMatch": "Descrption", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "CloudUpload", + "text": "{0}{1}" + } + ] + } + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "none" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Summary" + }, + "showBorder": false, + "size": "auto" + } + }, + "name": "Windows Update for Business Devices" + }, + { + "type": 1, + "content": { + "json": "------\r\n
" + }, + "conditionalVisibility": { + "parameterName": "CustomHWLogs", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Numbers Rule 3" + }, + { + "type": 1, + "content": { + "json": "### Patch Restart Requirement\r\nWindows and application patches require a restart in order to apply the updated files. Due to this, uptime of Windows devices should be monitored, and instructions relayed to staff to ensure they do not cause security issues running a device in sleep mode for extended periods as opposed to shutting down / restarting.", + "style": "upsell" + }, + "conditionalVisibility": { + "parameterName": "CustomHWLogs", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Patch Restart Text" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "DeviceInventory_CL \r\n| project TimeGenerated, ComputerName_s, ComputerUpTime_s\r\n| sort by ComputerUpTime_s desc\r\n| summarize round((avg(toint(ComputerUpTime_s))))\r\n| extend Type = \"Average Uptime\"", + "size": 3, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "columnMatch": "Type", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Clock", + "text": "{0}{1}" + } + ] + } + }, + "leftContent": { + "columnMatch": "avg_ComputerUpTime_s", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": ">=", + "thresholdValue": "7", + "representation": "2", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + } + }, + "showBorder": false, + "size": "auto" + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "CustomHWLogs", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Average Computer Uptime" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "DeviceInventory_CL \r\n| project TimeGenerated, ComputerName_s, ComputerUpTime_s\r\n| summarize toint(max(ComputerUpTime_s))\r\n| extend Type = \"Longest Uptime\"", + "size": 3, + "timeContext": { + "durationMs": 2592000000 + }, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "columnMatch": "Type", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Clock", + "text": "{0}{1}" + } + ] + } + }, + "leftContent": { + "columnMatch": "max_ComputerUpTime_s", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": ">", + "thresholdValue": "7", + "representation": "2", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + } + }, + "showBorder": false, + "size": "auto" + } + }, + "customWidth": "50", + "conditionalVisibility": { + "parameterName": "CustomHWLogs", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Longest Computer Uptime" + }, + { + "type": 1, + "content": { + "json": "------\r\n
" + }, + "name": "Numbers Rule 2" + }, + { + "type": 1, + "content": { + "json": "## Windows Update for Business Issues\r\n\r\nWUfB issues are present, please review the alerts tab", + "style": "warning" + }, + "name": "text - 6" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCUpdateAlert \r\n| summarize arg_max(TimeGenerated, *) by Recommendation, AzureADDeviceId\r\n| where isnotempty(DeviceName) and isnotempty(Recommendation)\r\n| extend IssueDescription = iif(Recommendation contains \"internet\",\"Connectivity Issue\",iff(Recommendation contains \"conflict\",\"Conflict\",iif(Recommendation contains \"Support\",\"Support Issue\",iif(Recommendation contains \"SetupDiag\",\"Compatibility Issue\",\"\"))))\r\n| summarize dcount(AzureADDeviceId) by Recommendation, IssueDescription\r\n| project dcount_AzureADDeviceId, IssueDescription ", + "size": 1, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart", + "gridSettings": { + "formatters": [ + { + "columnMatch": "dcount_AzureADDeviceId", + "formatter": 4, + "formatOptions": { + "min": 0, + "palette": "blue", + "customColumnWidthSetting": "100px" + } + } + ], + "labelSettings": [ + { + "columnId": "dcount_AzureADDeviceId", + "label": "Device Count" + } + ] + }, + "chartSettings": { + "showMetrics": false, + "showLegend": true + } + }, + "name": "WUfB Update Alerts" + } + ] + }, + "customWidth": "30", + "name": "Summary Numbers", + "styleSettings": { + "margin": "20px", + "padding": "20px", + "showBorder": true + } + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCClient\r\n| project TimeGenerated, AzureADDeviceId, OSSecurityUpdateStatus\r\n| extend TimeRounded = bin(TimeGenerated, 1d)\r\n| summarize arg_max(TimeRounded, *) by TimeRounded,AzureADDeviceId, OSSecurityUpdateStatus\r\n//| make-series ComputerCount = count(AzureADDeviceId) default = 0 on TimeRounded from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by OSSecurityUpdateStatus\r\n| summarize ComputerCount = dcount(AzureADDeviceId,4) by TimeGenerated, OSSecurityUpdateStatus", + "size": 1, + "aggregation": 5, + "title": "Quality Update Patch Trend", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "areachart", + "gridSettings": { + "sortBy": [ + { + "itemKey": "TimeGenerated", + "sortOrder": 2 + } + ] + }, + "sortBy": [ + { + "itemKey": "TimeGenerated", + "sortOrder": 2 + } + ], + "chartSettings": { + "xAxis": "TimeGenerated", + "yAxis": [ + "ComputerCount" + ], + "seriesLabelSettings": [ + { + "seriesName": "Up-to-date", + "label": "Fully Patched", + "color": "green" + }, + { + "seriesName": "Not Up-to-date", + "color": "red" + }, + { + "seriesName": "NotLatest", + "label": "Not Fully Patched", + "color": "orange" + }, + { + "seriesName": "MultipleSecurityUpdatesMissing", + "label": "Missing Multiple Patches", + "color": "redBright" + }, + { + "seriesName": "Latest", + "color": "green" + } + ], + "showDataPoints": true + } + }, + "name": "Quality Update Patch Trend" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCClientUpdateStatus\r\n| where ClientState == \"Installed\" and isnotempty( TargetKBNumber)\r\n| where UpdateCategory == \"WindowsQualityUpdate\" and UpdateClassification == \"Security\"\r\n| join kind=rightouter (IntuneDevices\r\n| where OS == \"Windows\"\r\n| where todatetime(LastContact) > ago (30d)\r\n| distinct ReferenceId)\r\non $left.AzureADDeviceId == $right.ReferenceId\r\n| where bin(UpdateInstalledTime, 1d) > {TimeRange:start}\r\n| extend TimeRounded = bin(TimeGenerated, 1d)\r\n| summarize arg_max(TimeRounded, *) by TimeRounded,AzureADDeviceId, TargetKBNumber\r\n| make-series ComputerCount = count(AzureADDeviceId) default = 0 on TimeRounded from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by TargetKBNumber\r\n//| summarize ComputerCount = dcount(AzureADDeviceId,4) by bin (TimeGenerated, 1d), TargetKBNumber\r\n", + "size": 1, + "aggregation": 2, + "title": "Successful Quality Update Installs - Per Day", + "color": "green", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "areachart", + "chartSettings": { + "showMetrics": false, + "showLegend": true + } + }, + "name": "Chart - Patch Per Day Success" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let UpdateData = WaaSDeploymentStatus \r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\" and UpdateReleasedDate between (ago(60d) .. now())\r\n| distinct ReleaseName, UpdateReleasedDate, TargetOSVersion;\r\nWaaSDeploymentStatus\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\" and ReleaseName in (UpdateData)\r\n| where isnotempty(UpdateReleasedDate)\r\n| where isnotempty(Computer) and Computer != \"#\"\r\n| extend DeploymentState = iff((DetailedStatus == \"Update successful\" or DetailedStatus == \"UpdateSuccessful\"),\"Update Successful\", DetailedStatus)\r\n| extend SummaryState = iff((DeploymentState == \"Update Successful\"),\"Installed\",\"Not Installed\")\r\n| where DeploymentState != \"NotStarted\"\r\n| where SummaryState == \"Not Installed\" \r\n| summarize arg_max(TimeGenerated, *) by ComputerID, ReleaseName, SummaryState\r\n| join kind=leftouter (UCClientUpdateStatus\r\n//| where TimeGenerated between (ago(30d) .. now())\r\n| distinct GlobalDeviceId, AzureADDeviceId)\r\non $left.ComputerID == $right.GlobalDeviceId\r\n| join kind=leftouter (IntuneDevices\r\n| summarize arg_max(TimeGenerated,*) by ReferenceId)\r\non $left.AzureADDeviceId == $right.ReferenceId\r\n| extend Active = iff( (todatetime(LastContact) between (ago(30d) .. now() )), \"Active\", \"Inactive\" )\r\n| where Active == \"Active\"\r\n//| project TimeGenerated, DeploymentState\r\n| extend TimeRounded = bin(TimeGenerated, 1d)\r\n| summarize arg_max(TimeRounded, *) by TimeRounded, AzureADDeviceId, DeploymentState\r\n| make-series ComputerCount = count(Computer) default = 0 on TimeRounded from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DeploymentState\r\n//| summarize dcount(Computer,2) by DeploymentState, TimeGenerated", + "size": 1, + "aggregation": 5, + "title": "Patch Installation State", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "barchart", + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "Commit", + "color": "green" + }, + { + "seriesName": "Pre-Install tasks passed", + "color": "orange" + } + ] + } + }, + "name": "Patch Installation State" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCClientUpdateStatus\r\n| where UpdateCategory == \"WindowsQualityUpdate\" and UpdateClassification == \"Security\" and UpdateReleaseTime > {TimeRange:start}\r\n| summarize arg_max(TimeGenerated, *) by AzureADDeviceId, UpdateReleaseTime\r\n| extend SummaryState = iff((ClientSubstate == \"UpdateInstalled\"),\"Patched\",\"Not Patched\")\r\n| join kind=innerunique \r\n (IntuneDevices\r\n | where OS contains \"Windows\"\r\n | where todatetime(LastContact) > ago (30d)\r\n | summarize arg_max(TimeGenerated, *) by ReferenceId\r\n ) on $left.AzureADDeviceId == $right.ReferenceId \r\n| summarize count() by SummaryState", + "size": 1, + "title": "Qualty & Security Patch Compliance", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart", + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "Not Patched", + "color": "red" + }, + { + "seriesName": "Patched", + "color": "green" + } + ] + } + }, + "customWidth": "33", + "name": "Graph - 2 Month Security Patch Compliance " + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let Inactive = UCClientUpdateStatus\r\n| summarize arg_max(TimeGenerated, *) by AzureADDeviceId\r\n| join kind=rightanti \r\n (IntuneDevices\r\n | where OS contains \"Windows\"\r\n | where todatetime( LastContact) > ago (30d)\r\n | summarize arg_max(TimeGenerated, *) by ReferenceId\r\n ) on $left.AzureADDeviceId == $right.ReferenceId\r\n| extend ActiveStatus = \"Inactive\"\r\n| summarize Count = count () by ActiveStatus;\r\nlet Active = UCClientUpdateStatus\r\n| summarize arg_max(TimeGenerated, *) by AzureADDeviceId\r\n| join kind=innerunique \r\n (IntuneDevices\r\n | where todatetime( LastContact) > ago (30d)\r\n | where OS == 'Windows'\r\n | summarize arg_max(TimeGenerated, *) by ReferenceId\r\n ) on $left.AzureADDeviceId == $right.ReferenceId \r\n| extend ActiveStatus = \"Active\"\r\n| summarize Count = count () by ActiveStatus;\r\nActive\r\n| union Inactive", + "size": 1, + "title": "Windows Updates - Client Activity ", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart", + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "Active", + "color": "green" + }, + { + "seriesName": "Inactive", + "color": "blue" + } + ] + } + }, + "customWidth": "33", + "name": "Piechart - Windows Intune Activity State" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCClientUpdateStatus\r\n| where UpdateCategory == \"WindowsQualityUpdate\" and UpdateClassification == \"Security\" and UpdateReleaseTime > {TimeRange:start}\r\n| summarize arg_max(TimeGenerated, *) by AzureADDeviceId, UpdateReleaseTime\r\n| join kind=innerunique \r\n (IntuneDevices\r\n | where todatetime(LastContact) > ago (30d)\r\n | summarize arg_max(TimeGenerated, *) by ReferenceId\r\n ) on $left.AzureADDeviceId == $right.ReferenceId \r\n| summarize count() by ClientSubstate", + "size": 1, + "title": "Quality Update State Summary", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart", + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "DeploymentState", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "dcount_ComputerID", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "graphSettings": { + "type": 0, + "topContent": { + "columnMatch": "DeploymentState", + "formatter": 1 + }, + "centerContent": { + "columnMatch": "dcount_ComputerID", + "formatter": 1, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "Update Successful", + "color": "green" + }, + { + "seriesName": "NotStarted", + "color": "gray" + }, + { + "seriesName": "Reboot pending", + "color": "orange" + }, + { + "seriesName": "Install started", + "color": "blue" + }, + { + "seriesName": "Commit", + "color": "grayBlue" + }, + { + "seriesName": "Download started", + "color": "yellow" + }, + { + "seriesName": "UpdateInstalled", + "label": "Updates Installed", + "color": "green" + } + ] + } + }, + "customWidth": "33", + "name": "Graph - Quality Update State " + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let UpdateData = WaaSDeploymentStatus \r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\" and UpdateReleasedDate between (ago(60d) .. now())\r\n| distinct ReleaseName, UpdateReleasedDate, TargetOSVersion;\r\nWaaSDeploymentStatus\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\" and ReleaseName in (UpdateData)\r\n| where isnotempty(UpdateReleasedDate)\r\n| where isnotempty(Computer) and Computer != \"#\"\r\n| extend DeploymentState = iff((DetailedStatus == \"Update successful\" or DetailedStatus == \"UpdateSuccessful\"),\"Update Successful\", DetailedStatus)\r\n| extend SummaryState = iff((DeploymentState == \"Update Successful\"),\"Installed\",\"Not Installed\")\r\n| where DeploymentState != \"NotStarted\"\r\n| where SummaryState == \"Not Installed\" \r\n| summarize arg_max(TimeGenerated, *) by ComputerID, ReleaseName, SummaryState\r\n| join kind=leftouter (UCClientUpdateStatus\r\n| where TimeGenerated between (ago(30d) .. now())\r\n| distinct GlobalDeviceId, AzureADDeviceId)\r\non $left.ComputerID == $right.GlobalDeviceId\r\n| join kind=leftouter (IntuneDevices\r\n| summarize arg_max(TimeGenerated,*) by ReferenceId)\r\non $left.AzureADDeviceId == $right.ReferenceId\r\n| extend Active = iff( (todatetime(LastContact) between (ago(30d) .. now() )), \"Active\", \"Inactive\" )\r\n| where Active == \"Active\"\r\n//| where TimeGenerated between (ago(3d) .. now()) \r\n| summarize dcount(Computer,4) by DeploymentState\r\n| order by dcount_Computer desc", + "size": 3, + "title": "Qualty & Security Patch States", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "DeploymentState", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "startsWith", + "thresholdValue": "Reboot", + "representation": "2", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "dcount_Computer", + "formatter": 4, + "formatOptions": { + "palette": "orange", + "customColumnWidthSetting": "125px" + } + } + ], + "labelSettings": [ + { + "columnId": "DeploymentState", + "label": "Deployment State" + }, + { + "columnId": "dcount_Computer", + "label": "Device Count" + } + ] + } + }, + "customWidth": "50", + "name": "Graph - Month Security Patch Issue States" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCClient\r\n| where TimeGenerated between (ago(30d) .. now())\r\n| extend OSVersion = case(isempty(OSVersion), strcat(\"Windows Insider Program\"), OSVersion !has \"Windows\", strcat(\"Windows 10-\", OSVersion), OSVersion )\r\n| extend OSVersion = replace_string(OSVersion, \"Windows 11_ version\", \"Windows 11-\")\r\n| extend OSFeatureUpdateStatus = case (OSEdition == 'EnterpriseS' and OSVersion contains \"1809\", 'InService', OSFeatureUpdateStatus )\r\n| extend OSVersion = case (OSEdition == 'EnterpriseS' and OSVersion contains \"1809\", 'Windows 10-1809 LTSC', OSVersion)\r\n| summarize arg_max(TimeGenerated,*) by AzureADDeviceId\r\n| join kind=innerunique \r\n (IntuneDevices\r\n | where todatetime(LastContact) > ago (30d)\r\n | summarize arg_max(TimeGenerated, *) by ReferenceId\r\n ) on $left.AzureADDeviceId == $right.ReferenceId \r\n| summarize arg_max(TimeGenerated, *) by AzureADDeviceId \r\n| summarize Count = count() by OSVersion, OSFeatureUpdateStatus\r\n| order by OSVersion", + "size": 3, + "title": "Windows Client Builds", + "timeContext": { + "durationMs": 2592000000 + }, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "OSFeatureUpdateStatus", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "EndOfService", + "representation": "3", + "text": "{0}{1}" + }, + { + "operator": "contains", + "thresholdValue": "Unknown", + "representation": "unknown", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "Count", + "formatter": 4, + "formatOptions": { + "min": 0, + "palette": "blue" + } + }, + { + "columnMatch": "SupportedState", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "Out of Support", + "representation": "2", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "Blank", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "dcount_ComputerID", + "formatter": 4, + "formatOptions": { + "min": 0, + "palette": "green" + } + } + ], + "labelSettings": [ + { + "columnId": "OSVersion", + "label": "Windows Build" + } + ] + }, + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "OSVersion", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "dcount_ComputerID", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "graphSettings": { + "type": 0, + "topContent": { + "columnMatch": "OSVersion", + "formatter": 1 + }, + "centerContent": { + "columnMatch": "dcount_ComputerID", + "formatter": 1, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "customWidth": "50", + "name": "Grid - Windows Builds - At a glance" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WaaSDeploymentStatus\r\n| where TimeGenerated between (ago(30d) .. now()) and DetailedStatus != \"NotStarted\" and isnotempty(Computer)\r\n| join kind=leftouter (UCClientUpdateStatus\r\n| where TimeGenerated between (ago(30d) .. now())\r\n| distinct GlobalDeviceId, AzureADDeviceId)\r\non $left.ComputerID == $right.GlobalDeviceId\r\n| join kind=leftouter (IntuneDevices\r\n| summarize arg_max(TimeGenerated,*) by ReferenceId)\r\non $left.AzureADDeviceId == $right.ReferenceId\r\n| extend Active = iff( (todatetime(LastContact) between (ago(30d) .. now() )), \"Active\", \"Inactive\" )\r\n| where Active == \"Active\"\r\n| summarize arg_max(TimeGenerated, *) by ComputerID\r\n| summarize dcount(ComputerID,2) by TargetOSVersion\r\n| order by TargetOSVersion", + "size": 3, + "title": "Windows Builds - Current Target Releases", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "dcount_ComputerID", + "formatter": 4, + "formatOptions": { + "palette": "blue", + "customColumnWidthSetting": "125px" + } + } + ], + "labelSettings": [ + { + "columnId": "TargetOSVersion", + "label": "Target OS Build" + }, + { + "columnId": "dcount_ComputerID", + "label": "Device Count" + } + ] + } + }, + "customWidth": "50", + "name": "Grid - Windows Build Deployment" + } + ] + }, + "customWidth": "70", + "name": "Summary Trends" + }, + { + "type": 1, + "content": { + "json": "
" + }, + "name": "text - 14" + }, + { + "type": 1, + "content": { + "json": "------" + }, + "name": "Trend Split" + } + ] + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "Summary" + }, + "name": "group - Summary" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "----\r\n## Quality Update Deployment details by Updates\r\n\r\nQuality updates deliver both security and non-security fixes to Windows 10. Quality updates include security updates, critical updates, servicing stack updates, and driver updates. They are typically released on the second Tuesday of each month, though they can be released at any time. The second-Tuesday releases are the ones that focus on security updates. Quality updates are cumulative, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update, including any out-of-band security fixes and any servicing stack updates that might have been released previously.\r\n\r\nMore information can be found here - https://docs.microsoft.com/en-us/windows/deployment/update/get-started-updates-channels-tools " + }, + "name": "text - 4" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "ffaba6e2-7793-4ad0-8d0e-37b7f96e32a5", + "version": "KqlParameterItem/1.0", + "name": "ReleaseName", + "label": "QualityUpdate", + "type": 2, + "isRequired": true, + "multiSelect": true, + "quote": "'", + "delimiter": ",", + "query": "WaaSDeploymentStatus\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\"\r\n| where isnotempty(UpdateReleasedDate ) and isnotempty(Computer)\r\n//| summarize Count = count() by ReleaseName, UpdateReleasedDate\r\n| project Value = ReleaseName, Label = strcat(OSVersion, ' - ', ReleaseName, ' - ', format_datetime(UpdateReleasedDate,'yyyy/MM/dd'))\r\n| distinct Value, Label\r\n| sort by Label desc", + "value": [ + "value::all" + ], + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ], + "showDefault": false + }, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "parameters - 5 - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WaaSDeploymentStatus\r\n| extend DetailedStatus = case(DetailedStatus == 'Update successful', 'UpdateSuccessful', DetailedStatus)\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\"\r\n| where ReleaseName in ({ReleaseName}) or '*' in ({ReleaseName})\r\n| project TimeGenerated, ReleaseName, DetailedStatus, Computer\r\n| summarize count () by TimeGenerated, ReleaseName, DetailedStatus\r\n", + "size": 1, + "aggregation": 3, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "areachart", + "gridSettings": { + "sortBy": [ + { + "itemKey": "count_", + "sortOrder": 2 + } + ] + }, + "sortBy": [ + { + "itemKey": "count_", + "sortOrder": 2 + } + ], + "chartSettings": { + "xAxis": "TimeGenerated", + "yAxis": [ + "count_" + ], + "group": "DetailedStatus", + "createOtherGroup": null, + "showLegend": true, + "seriesLabelSettings": [ + { + "seriesName": "Unknown", + "color": "gray" + }, + { + "seriesName": "UpdateSuccessful", + "color": "green" + } + ] + } + }, + "name": "query - 12" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let data = WaaSDeploymentStatus\r\n | extend DetailedStatus = case(DetailedStatus == 'Update successful', 'UpdateSuccessful', DetailedStatus)\r\n | summarize arg_max(TimeGenerated, *) by ComputerID, ReleaseName\r\n | where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\"\r\n | where ReleaseName in ({ReleaseName}) or '*' in ({ReleaseName})\r\n | project TimeGenerated, ReleaseName, DetailedStatus, Computer;\r\ndata\r\n| summarize DeviceCount = count () by DetailedStatus\r\n| union (data\r\n | summarize DeviceCount = count()\r\n | extend DetailedStatus = 'Total'\r\n) \r\n| order by DeviceCount desc\r\n| extend butonText = 'deployment'", + "size": 3, + "showAnalytics": true, + "title": "Deployment Overview", + "timeContextFromParameter": "TimeRange", + "showRefreshButton": true, + "exportFieldName": "DetailedStatus", + "exportParameterName": "DetailedStatus", + "exportDefaultValue": "Total", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "columnMatch": "DetailedStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "DeviceCount", + "formatter": 12, + "formatOptions": { + "palette": "coldHot" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "butonText", + "formatter": 1 + }, + "showBorder": false + }, + "graphSettings": { + "type": 0, + "topContent": { + "columnMatch": "resultName", + "formatter": 1 + }, + "centerContent": { + "columnMatch": "Count", + "formatter": 1, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "chartSettings": { + "group": "resultName", + "createOtherGroup": null, + "showLegend": true, + "seriesLabelSettings": [ + { + "seriesName": "Success", + "label": "Success", + "color": "green" + }, + { + "seriesName": "Unknown", + "label": "Unknown", + "color": "gray" + }, + { + "seriesName": "Failure", + "label": "Failure", + "color": "redBright" + }, + { + "seriesName": "In progress", + "label": "In progress", + "color": "yellow" + } + ] + } + }, + "name": "Deployment Overview", + "styleSettings": { + "margin": "0px", + "padding": "0px" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WaaSDeploymentStatus\r\n| extend DetailedStatus = case(DetailedStatus == 'Update successful', 'UpdateSuccessful', DetailedStatus)\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\"\r\n| where isnotempty(UpdateReleasedDate)\r\n| where isnotempty (Computer)\r\n| where ReleaseName in ({ReleaseName}) or '*' in ({ReleaseName})\r\n| summarize arg_max(TimeGenerated, *) by Computer, ReleaseName\r\n| where DetailedStatus == \"{DetailedStatus}\" or \"{DetailedStatus}\" == \"Total\"\r\n| project TimeGenerated, LastScan, Computer, DeploymentStatus, DetailedStatus, DeploymentError, CurrentOSVersion = OSVersion, CurrentOSBuild = OSBuild, ReleaseName, UpdateReleasedDate, DeferralDays, PauseState, ExpectedInstallDate\r\n| sort by UpdateReleasedDate, Computer desc", + "size": 0, + "showAnalytics": true, + "title": "DetailedStatus - {DetailedStatus}", + "timeContextFromParameter": "TimeRange", + "showRefreshButton": true, + "exportedParameters": [ + { + "fieldName": "Computer", + "parameterName": "DeviceName", + "defaultValue": "(none)" + }, + { + "parameterType": 1 + } + ], + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "DeploymentStatus", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "Update completed", + "representation": "success", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Failed", + "representation": "failed", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Unknown", + "representation": "unknown", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "In progress", + "representation": "pending", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Progress stalled", + "representation": "stopped", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "question", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "DetailedStatus", + "formatter": 1 + }, + { + "columnMatch": "Deployment Status", + "formatter": 7, + "formatOptions": { + "linkTarget": "GenericDetails", + "linkIsContextBlade": true + } + } + ], + "filter": true, + "sortBy": [ + { + "itemKey": "Computer", + "sortOrder": 1 + } + ], + "labelSettings": [ + { + "columnId": "TimeGenerated", + "label": "Time Generated" + }, + { + "columnId": "LastScan", + "label": "Last Scan" + }, + { + "columnId": "DeploymentStatus", + "label": "Deployment Status" + }, + { + "columnId": "DetailedStatus", + "label": "Detailed Status" + }, + { + "columnId": "DeploymentError", + "label": "Deployment Warning / Errors" + } + ] + }, + "sortBy": [ + { + "itemKey": "Computer", + "sortOrder": 1 + } + ] + }, + "name": "query - 4" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let UpdateData = WaaSDeploymentStatus\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\"\r\n| where ReleaseName in ({ReleaseName}) or '*' in ({ReleaseName})\r\n| where isnotempty(UpdateReleasedDate)\r\n| where isnotempty (Computer)\r\n| extend ReleaseName = strcat(OSVersion, ' - ', ReleaseName, ' - ', format_datetime(UpdateReleasedDate, 'yyyy/MM/dd'))\r\n| summarize arg_max(TimeGenerated, *) by Computer, ReleaseName\r\n| project ReleaseName, DeploymentStatus;\r\nUpdateData\r\n| summarize Total = count () by ReleaseName\r\n| join kind=fullouter UpdateData on ReleaseName\r\n| project ReleaseName, DeploymentStatus, Total\r\n| evaluate pivot(DeploymentStatus)\r\n| extend ['Update completed'] = column_ifexists('Update completed', 0 )\r\n| extend SuccessRate = (['Update completed'] * 100 / Total) // Calculate the percentage of succesful operations against the total\r\n| project-reorder SuccessRate\r\n| order by ReleaseName", + "size": 3, + "title": "All Deployment details", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "SuccessRate", + "formatter": 8, + "formatOptions": { + "min": 0, + "max": 80, + "palette": "redGreen" + }, + "numberFormat": { + "unit": 1, + "options": { + "style": "decimal", + "useGrouping": false + } + } + }, + { + "columnMatch": "Total", + "formatter": 4, + "formatOptions": { + "palette": "redGreen" + } + }, + { + "columnMatch": "TotalRuns", + "formatter": 4, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "Success", + "formatter": 8, + "formatOptions": { + "palette": "green" + } + }, + { + "columnMatch": "Fails", + "formatter": 8, + "formatOptions": { + "palette": "red" + } + } + ], + "sortBy": [ + { + "itemKey": "ReleaseName", + "sortOrder": 2 + } + ] + }, + "sortBy": [ + { + "itemKey": "ReleaseName", + "sortOrder": 2 + } + ] + }, + "name": "Deployment details" + } + ], + "exportParameters": true + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "ByUpdate" + }, + "name": "Group - ByUpdates" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "----\r\n## Quality Update Deployment details by Device\r\n\r\nQuality updates deliver both security and non-security fixes to Windows 10. Quality updates include security updates, critical updates, servicing stack updates, and driver updates. They are typically released on the second Tuesday of each month, though they can be released at any time. The second-Tuesday releases are the ones that focus on security updates. Quality updates are cumulative, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update, including any out-of-band security fixes and any servicing stack updates that might have been released previously.\r\n\r\nMore information can be found here - https://docs.microsoft.com/en-us/windows/deployment/update/get-started-updates-channels-tools " + }, + "name": "text - 4" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "ffaba6e2-7793-4ad0-8d0e-37b7f96e32a5", + "version": "KqlParameterItem/1.0", + "name": "DeviceName", + "label": "Device Name", + "type": 1, + "value": "", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "defaultValue": "value::1" + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "parameters - 5 - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let data = WaaSDeploymentStatus\r\n | extend DetailedStatus = case(DetailedStatus == 'Update successful', 'UpdateSuccessful', DetailedStatus)\r\n | summarize arg_max(TimeGenerated, *) by ComputerID, ReleaseName, DetailedStatus\r\n | where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\"\r\n | where \"{DeviceName:escape}\" == \"*\" or Computer contains \"{DeviceName:escape}\" or \"{DeviceName:escape}\" == \"All devices\"\r\n | project TimeGenerated, ReleaseName, DetailedStatus, Computer;\r\ndata\r\n| summarize DeviceCount = count () by DetailedStatus\r\n| union (data\r\n | summarize DeviceCount = count()\r\n | extend DetailedStatus = 'Total'\r\n) \r\n| order by DeviceCount desc\r\n| extend butonText = 'Deployment(s)'", + "size": 3, + "showAnalytics": true, + "title": "Deployment Overview", + "timeContextFromParameter": "TimeRange", + "showRefreshButton": true, + "exportFieldName": "DetailedStatus", + "exportParameterName": "DetailedStatus", + "exportDefaultValue": "Total", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "columnMatch": "DetailedStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "DeviceCount", + "formatter": 12, + "formatOptions": { + "palette": "coldHot" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "butonText", + "formatter": 1 + }, + "showBorder": false + }, + "graphSettings": { + "type": 0, + "topContent": { + "columnMatch": "resultName", + "formatter": 1 + }, + "centerContent": { + "columnMatch": "Count", + "formatter": 1, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "chartSettings": { + "group": "resultName", + "createOtherGroup": null, + "showLegend": true, + "seriesLabelSettings": [ + { + "seriesName": "Success", + "label": "Success", + "color": "green" + }, + { + "seriesName": "Unknown", + "label": "Unknown", + "color": "gray" + }, + { + "seriesName": "Failure", + "label": "Failure", + "color": "redBright" + }, + { + "seriesName": "In progress", + "label": "In progress", + "color": "yellow" + } + ] + } + }, + "name": "Deployment Overview Tiles", + "styleSettings": { + "margin": "0px", + "padding": "0px" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WaaSDeploymentStatus\r\n| extend DetailedStatus = case(DetailedStatus == 'Update successful', 'UpdateSuccessful', DetailedStatus)\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\"\r\n| where isnotempty(UpdateReleasedDate)\r\n| where isnotempty (Computer)\r\n| where \"{DeviceName:escape}\" == \"*\" or Computer contains \"{DeviceName:escape}\" or \"{DeviceName:escape}\" == \"All devices\"\r\n| summarize arg_max(TimeGenerated, *) by Computer, ReleaseName, DetailedStatus\r\n| where DetailedStatus == \"{DetailedStatus}\" or \"{DetailedStatus}\" == \"Total\"\r\n| extend KBNumber = (split(ReleaseName,\" \")[0])\r\n| extend MSSupportURL = strcat(\"https://support.microsoft.com/KB/\", KBNumber)\r\n| project TimeGenerated, LastScan, Computer, DeploymentStatus, DetailedStatus, DeploymentError, CurrentOSVersion = OSVersion, CurrentOSBuild = OSBuild, ReleaseName, UpdateReleasedDate, DeferralDays, PauseState, ExpectedInstallDate, MSSupportURL\r\n| sort by UpdateReleasedDate, Computer desc", + "size": 0, + "showAnalytics": true, + "title": "DetailedStatus - {DetailedStatus}", + "timeContextFromParameter": "TimeRange", + "showRefreshButton": true, + "exportedParameters": [ + { + "fieldName": "Computer", + "parameterName": "DeviceName_s", + "defaultValue": "(none)" + }, + { + "fieldName": "ReleaseName", + "parameterName": "ReleaseName_s", + "parameterType": 1 + }, + { + "fieldName": "DeploymentStatus", + "parameterName": "DeploymentStatus_s", + "parameterType": 1 + } + ], + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "DeploymentStatus", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "Update completed", + "representation": "success", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Failed", + "representation": "failed", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Unknown", + "representation": "unknown", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "In progress", + "representation": "pending", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Progress stalled", + "representation": "stopped", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "question", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "DetailedStatus", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "contains", + "thresholdValue": "Commit", + "representation": "Commit", + "text": "{0}{1}" + }, + { + "operator": "contains", + "thresholdValue": "Download", + "representation": "Download", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "NotStarted", + "representation": "Paused", + "text": "{0}{1}" + }, + { + "operator": "contains", + "thresholdValue": "Reboot", + "representation": "2", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "ReleaseName", + "formatter": 1, + "formatOptions": { + "linkColumn": "MSSupportURL", + "linkTarget": "Url" + } + }, + { + "columnMatch": "PauseState", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "Paused", + "representation": "2", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + }, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "MSSupportURL", + "formatter": 5 + }, + { + "columnMatch": "Deployment Status", + "formatter": 7, + "formatOptions": { + "linkTarget": "GenericDetails", + "linkIsContextBlade": true + } + } + ], + "filter": true, + "labelSettings": [ + { + "columnId": "TimeGenerated", + "label": "Time Generated" + }, + { + "columnId": "LastScan", + "label": "Last Scan" + }, + { + "columnId": "DeploymentStatus", + "label": "Deployment Status" + }, + { + "columnId": "DetailedStatus", + "label": "Last Status" + }, + { + "columnId": "DeploymentError", + "label": "Error Details" + }, + { + "columnId": "CurrentOSVersion", + "label": "OS Version" + }, + { + "columnId": "CurrentOSBuild", + "label": "OB Build" + }, + { + "columnId": "ReleaseName", + "label": "Microsoft KB" + }, + { + "columnId": "UpdateReleasedDate", + "label": "Update Release Date" + }, + { + "columnId": "DeferralDays", + "label": "Deferral Days" + }, + { + "columnId": "PauseState", + "label": "Pause State" + }, + { + "columnId": "ExpectedInstallDate", + "label": "Expected Install Date" + } + ] + }, + "sortBy": [] + }, + "name": "Quality Update Deployment Device Details" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let UpdateData = WaaSDeploymentStatus\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\"\r\n| where \"{DeviceName:escape}\" == \"*\" or Computer contains \"{DeviceName:escape}\" or \"{DeviceName:escape}\" == \"All devices\"\r\n| where isnotempty(UpdateReleasedDate)\r\n| where isnotempty (Computer)\r\n| extend ReleaseName = strcat(OSVersion, ' - ', ReleaseName, ' - ', format_datetime(UpdateReleasedDate, 'yyyy/MM/dd'))\r\n| summarize arg_max(TimeGenerated, *) by Computer, ReleaseName\r\n| project ReleaseName, DeploymentStatus;\r\nUpdateData\r\n| summarize Total = count () by ReleaseName\r\n| join kind=fullouter UpdateData on ReleaseName\r\n| project ReleaseName, DeploymentStatus, Total\r\n| evaluate pivot(DeploymentStatus)\r\n| extend ['Update completed'] = column_ifexists('Update completed', 0 )\r\n| extend SuccessRate = (['Update completed'] * 100 / Total) // Calculate the percentage of succesful operations against the total\r\n| project-reorder SuccessRate\r\n| order by ReleaseName", + "size": 3, + "title": "All Deployment details", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "SuccessRate", + "formatter": 8, + "formatOptions": { + "min": 0, + "max": 80, + "palette": "redGreen" + }, + "numberFormat": { + "unit": 1, + "options": { + "style": "decimal", + "useGrouping": false + } + } + }, + { + "columnMatch": "Total", + "formatter": 4, + "formatOptions": { + "palette": "redGreen" + } + }, + { + "columnMatch": "TotalRuns", + "formatter": 4, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "Success", + "formatter": 8, + "formatOptions": { + "palette": "green" + } + }, + { + "columnMatch": "Fails", + "formatter": 8, + "formatOptions": { + "palette": "red" + } + } + ], + "sortBy": [ + { + "itemKey": "ReleaseName", + "sortOrder": 2 + } + ] + }, + "sortBy": [ + { + "itemKey": "ReleaseName", + "sortOrder": 2 + } + ] + }, + "name": "Deployment details" + } + ] + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "ByDevice" + }, + "name": "Group - ByDevice" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "# Feature Updates\r\n-----\r\n\r\nFeature updates for Windows 10 are released twice a year, around March and September, via the Semi-Annual Channel. They will be serviced with monthly quality updates for 18 or 30 months from the date of the release, depending on the lifecycle policy.\r\n\r\nMore information can be found here - https://docs.microsoft.com/en-us/windows/release-health/release-information", + "style": "upsell" + }, + "name": "text - 7" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "30c46fa1-fbaf-4dc8-9f55-85545afa376a", + "version": "KqlParameterItem/1.0", + "name": "ReleaseName", + "type": 2, + "isRequired": true, + "multiSelect": true, + "quote": "'", + "delimiter": ",", + "query": "WaaSUpdateStatus\r\n| distinct OSVersion\r\n| sort by OSVersion desc", + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ], + "showDefault": false + }, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "defaultValue": "value::all", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "value": [ + "value::all" + ] + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "parameters - 6" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let WindowsBuilds1 = UCClient\r\n| where TimeGenerated > ago (30d)\r\n| extend var_OSBuild = tostring( extract_all(@\"(10.0.[0-9]*)\", OSBuild)[0])\r\n| extend OSVersion = case(isempty(OSVersion), strcat(\"Windows Insider Program\"), OSVersion !has \"Windows\", strcat(\"Windows 10-\", OSVersion), OSVersion )\r\n| extend var_OSVersion = replace_string(OSVersion, \"version_ \", \"\")\r\n| distinct var_OSVersion, var_OSBuild;\r\nlet WindowsBuilds2 = UCClientUpdateStatus\r\n| where TimeGenerated > ago (180d)\r\n| distinct TargetVersion, TargetBuild\r\n| extend var_OSBuild = tostring( extract_all(@\"(10.0.[0-9]*)\", TargetBuild)[0])\r\n| extend var_OSVersion = case(TargetVersion has \"Win11\", replace_string(TargetVersion, \"Win11\", \"Windows 11\"), TargetVersion !has \"Windows\", strcat(\"Windows 10-\", TargetVersion), TargetVersion )\r\n| distinct var_OSVersion, var_OSBuild;\r\nlet WindowsBuilds = WindowsBuilds1\r\n| union WindowsBuilds2\r\n| distinct var_OSBuild, var_OSVersion;\r\nIntuneDevices\r\n| where todatetime(LastContact) > ago(30d) and OS contains \"Windows\"\r\n| summarize arg_max(TimeGenerated, *) by ReferenceId\r\n| extend var_OSBuild = tostring( extract_all(@\"(10.0.[0-9]{5})\", OSVersion)[0])\r\n| join kind=leftouter (WindowsBuilds\r\n )\r\n on var_OSBuild\r\n| extend OSBuild = OSVersion\r\n| extend OSVersion= var_OSVersion\r\n| project bin(TimeGenerated,1d), DeviceName, UPN, Manufacturer, SkuFamily, OSBuild, OSVersion, DeviceId, ReferenceId\r\n| where isnotempty(OSVersion)\r\n| join kind=leftouter (UCClient\r\n| summarize arg_max(TimeGenerated, *) by AzureADDeviceId\r\n| project AzureADDeviceId, OSFeatureUpdateStatus\r\n )\r\n on $left.ReferenceId == $right.AzureADDeviceId\r\n| summarize arg_max(TimeGenerated,*) by ReferenceId\r\n| where isnotempty(OSFeatureUpdateStatus)\r\n| summarize dcount(DeviceId) by OSFeatureUpdateStatus", + "size": 3, + "title": "Windows Supported Build Count", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart", + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "InService", + "label": "Supported Build", + "color": "green" + }, + { + "seriesName": "EndOfService", + "label": "Unsupported Build", + "color": "red" + }, + { + "seriesName": "", + "label": "Unmanaged", + "color": "gray" + } + ], + "ySettings": { + "numberFormatSettings": { + "unit": 0, + "options": { + "style": "decimal", + "useGrouping": true + } + } + } + } + }, + "customWidth": "33", + "name": "Windows Supported Build Count", + "styleSettings": { + "maxWidth": "50%" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let WindowsBuilds1 = UCClient\r\n| where TimeGenerated > ago (30d)\r\n| extend var_OSBuild = tostring( extract_all(@\"(10.0.[0-9]*)\", OSBuild)[0])\r\n| extend OSVersion = case(isempty(OSVersion), strcat(\"Windows Insider Program\"), OSVersion !has \"Windows\", strcat(\"Windows 10-\", OSVersion), OSVersion )\r\n| extend var_OSVersion = replace_string(OSVersion, \"version_ \", \"\")\r\n| distinct var_OSVersion, var_OSBuild;\r\nlet WindowsBuilds2 = UCClientUpdateStatus\r\n| where TimeGenerated > ago (180d)\r\n| distinct TargetVersion, TargetBuild\r\n| extend var_OSBuild = tostring( extract_all(@\"(10.0.[0-9]*)\", TargetBuild)[0])\r\n| extend var_OSVersion = case(TargetVersion has \"Win11\", replace_string(TargetVersion, \"Win11\", \"Windows 11\"), TargetVersion !has \"Windows\", strcat(\"Windows 10-\", TargetVersion), TargetVersion )\r\n| distinct var_OSVersion, var_OSBuild;\r\nlet WindowsBuilds = WindowsBuilds1\r\n| union WindowsBuilds2\r\n| distinct var_OSBuild, var_OSVersion;\r\nIntuneDevices\r\n| where todatetime(LastContact) > ago(30d) and OS contains \"Windows\"\r\n| summarize arg_max(TimeGenerated, *) by ReferenceId\r\n| extend var_OSBuild = tostring( extract_all(@\"(10.0.[0-9]{5})\", OSVersion)[0])\r\n| join kind=leftouter (WindowsBuilds\r\n )\r\n on var_OSBuild\r\n| extend OSBuild = OSVersion\r\n| extend OSVersion= var_OSVersion\r\n| project bin(TimeGenerated,1d), DeviceName, UPN, Manufacturer, SkuFamily, OSBuild, OSVersion, DeviceId\r\n| where isnotempty(OSVersion)\r\n| summarize arg_max(TimeGenerated,*) by DeviceId\r\n| summarize dcount(DeviceId) by OSVersion", + "size": 3, + "title": "Windows Build Versions", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart", + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "OSVersion", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "dcount_ComputerID", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "graphSettings": { + "type": 0, + "topContent": { + "columnMatch": "OSVersion", + "formatter": 1 + }, + "centerContent": { + "columnMatch": "dcount_ComputerID", + "formatter": 1, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "1909", + "label": "Windows 10 1909" + }, + { + "seriesName": "1903", + "label": "Windows 10 1903" + }, + { + "seriesName": "1809", + "label": "Windows 10 1809" + }, + { + "seriesName": "20H2", + "label": "Windows 10 20H2" + }, + { + "seriesName": "1803", + "label": "Windows 10 1803" + }, + { + "seriesName": "2004", + "label": "Windows 10 2004" + }, + { + "seriesName": "1709", + "label": "Windows 10 1709" + }, + { + "seriesName": "21H1", + "label": "Windows 10 21H1" + } + ], + "ySettings": { + "numberFormatSettings": { + "unit": 0, + "options": { + "style": "decimal", + "useGrouping": true + } + } + } + }, + "mapSettings": { + "locInfo": "LatLong", + "sizeSettings": "dcount_ComputerID", + "sizeAggregation": "Sum", + "legendMetric": "dcount_ComputerID", + "legendAggregation": "Sum", + "itemColorSettings": { + "type": "heatmap", + "colorAggregation": "Sum", + "nodeColorField": "dcount_ComputerID", + "heatmapPalette": "greenRed" + } + } + }, + "customWidth": "33", + "name": "Windows Build Versions", + "styleSettings": { + "maxWidth": "50%" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let data = WaaSDeploymentStatus\r\n | extend DetailedStatus = case(DetailedStatus == 'Update successful', 'UpdateSuccessful', DetailedStatus)\r\n | summarize arg_max(TimeGenerated, *) by ComputerID, ReleaseName\r\n | where UpdateCategory == \"Feature\"\r\n | where ReleaseName in ({ReleaseName}) or '*' in ({ReleaseName})\r\n | project TimeGenerated, ReleaseName, DetailedStatus, Computer;\r\ndata\r\n| summarize DeviceCount = count () by DetailedStatus\r\n| union (data\r\n | summarize DeviceCount = count()\r\n | extend DetailedStatus = 'Total'\r\n) \r\n| order by DeviceCount desc\r\n| extend butonText = 'Deployments'", + "size": 3, + "title": "Feature Update Deployment States", + "timeContextFromParameter": "TimeRange", + "exportFieldName": "DetailedStatus", + "exportParameterName": "DetailedStatus", + "exportDefaultValue": "Total", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "gridSettings": { + "formatters": [ + { + "columnMatch": "DeviceCount", + "formatter": 4, + "formatOptions": { + "palette": "green" + } + } + ] + }, + "tileSettings": { + "titleContent": { + "columnMatch": "DetailedStatus", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "DeviceCount", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + }, + "secondaryContent": { + "columnMatch": "butonText", + "formatter": 1 + }, + "showBorder": false + } + }, + "customWidth": "33", + "name": "Feature Update Deployment States" + } + ] + }, + "name": "Feature Update Piecharts" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let WindowsBuilds1 = UCClient\r\n| extend var_OSBuild = tostring( extract_all(@\"(10.0.[0-9]*)\", OSBuild)[0])\r\n| extend OSVersion = case(isempty(OSVersion), strcat(\"Windows Insider Program\"), OSVersion !has \"Windows\", strcat(\"Windows 10-\", OSVersion), OSVersion )\r\n| extend var_OSVersion = replace_string(OSVersion, \"version_ \", \"\")\r\n| distinct var_OSVersion, var_OSBuild;\r\nlet WindowsBuilds2 = UCClientUpdateStatus\r\n| where TimeGenerated > ago (60d)\r\n| distinct TargetVersion, TargetBuild\r\n| extend var_OSBuild = tostring( extract_all(@\"(10.0.[0-9]*)\", TargetBuild)[0])\r\n| extend var_OSVersion = case(TargetVersion has \"Win11\", replace_string(TargetVersion, \"Win11\", \"Windows 11\"), TargetVersion !has \"Windows\", strcat(\"Windows 10-\", TargetVersion), TargetVersion )\r\n| distinct var_OSVersion, var_OSBuild;\r\nlet WindowsBuilds = WindowsBuilds1\r\n| union WindowsBuilds2\r\n| distinct var_OSBuild, var_OSVersion;\r\nIntuneDevices\r\n| summarize arg_max(OSVersion, *) by TimeGenerated, DeviceId\r\n| where OS == 'Windows' and todatetime( LastContact) > ago (30d)\r\n| extend var_OSBuild = tostring( extract_all(@\"(10.0.[0-9]{5})\", OSVersion)[0])\r\n| join kind=leftouter (WindowsBuilds\r\n )\r\n on var_OSBuild\r\n| extend OSBuild = OSVersion\r\n| extend OSVersion= var_OSVersion\r\n| where isnotempty(OSVersion)\r\n| project bin(TimeGenerated,1d), DeviceName, UPN, Manufacturer, SkuFamily, OSBuild, OSVersion, DeviceId\r\n| summarize dcount(DeviceId) by bin(TimeGenerated,1d), OSVersion \r\n| render timechart ", + "size": 1, + "aggregation": 2, + "title": "Feature Update Trend - {TimeRange}", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "areachart", + "chartSettings": { + "xAxis": "TimeGenerated", + "group": "OSVersion", + "createOtherGroup": null + } + }, + "customWidth": "50", + "name": "Feature Update Trend " + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCClientUpdateStatus\r\n| where UpdateCategory == \"WindowsFeatureUpdate\"\r\n| extend DeploymentName = case(DeploymentId == \"de33ab73-0ba2-43dd-9ab9-50e294f6ae1a\", \"Northwest Bank - Pre-Clients Feature Update Ring (Retired)\", DeploymentId == \"8cdd1da8-2e58-4d96-89c4-c27438d8a3cd\", \"Northwest Bank - Production Feature Update Ring (Retired)\", DeploymentId == \"25eb1adb-570b-457d-805c-6250e57e1d97\", \"Northwest Bank - Pilot Demo\", DeploymentId == \"97a5354e-c3cb-4360-9856-1506c0863255\", \"Northwest Bank - Production Feature Update\", DeploymentId == \"ff2eb291-9a9b-4958-9000-443edccca849\", \"Northwest Bank - Pre-Client Feature Update\", DeploymentId == \"\", \"No Deployment Assigned\", DeploymentId)\r\n| summarize dcount(AzureADDeviceId, 4) by TimeGenerated, DeploymentName ", + "size": 1, + "aggregation": 2, + "title": "Trending - Feature Update Policy Assignment", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "areachart", + "gridSettings": { + "sortBy": [ + { + "itemKey": "DeploymentName", + "sortOrder": 1 + } + ] + }, + "sortBy": [ + { + "itemKey": "DeploymentName", + "sortOrder": 1 + } + ], + "chartSettings": { + "showLegend": true + } + }, + "customWidth": "50", + "name": "Timeline - Feature Update Policy Assignment" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCClientUpdateStatus\r\n| where UpdateCategory contains \"Feature\" and ClientState == \"Installing\"\r\n| summarize dcount(AzureADDeviceId) by ClientSubstate, TimeGenerated", + "size": 1, + "aggregation": 2, + "title": "Feature Update - Installation States - {TimeRange}", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "barchart" + }, + "name": "Timeline - Feature Update Install States" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "-------\r\n\r\n
" + }, + "name": "Hardware HR 1" + }, + { + "type": 1, + "content": { + "json": "## Custom Hardware Reports\r\n\r\nYou are currently collecting custom hardare logs. Below are reports which take into account OEM specific information.", + "style": "success" + }, + "name": "text - 2" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "DeviceInventory_CL\r\n| summarize arg_max(TimeGenerated, *) by SerialNumber_s, SMBIOSUUID_g\r\n| where isnotempty(WindowsVersion_s) and isnotempty(OSName_s)\r\n| extend OSReleaseName = strcat(trim('Microsoft ',OSName_s), \" - \", WindowsVersion_s)\r\n| extend OSName = tostring(extract_all(@'(Windows\\s\\d.)', OSName_s)[0])\r\n| project Manufacturer = Manufacturer_s, OSReleaseName, OSName\r\n| evaluate pivot (Manufacturer)\r\n", + "size": 3, + "showAnalytics": true, + "title": "Windows Build - By Manufacturer", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "OSName", + "formatter": 5 + }, + { + "columnMatch": "FUJITSU", + "formatter": 8, + "formatOptions": { + "palette": "orange" + } + }, + { + "columnMatch": "dcount_Manufacturer", + "formatter": 5 + }, + { + "columnMatch": "_Empty", + "formatter": 5 + } + ], + "hierarchySettings": { + "treeType": 1, + "groupBy": [ + "OSName" + ], + "expandTopLevel": true + } + }, + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "Manufacturer", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "dcount_Manufacturer", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "name": "Windows Build - By Manufacturer" + }, + { + "type": 1, + "content": { + "json": "
" + }, + "name": "Break" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "DeviceInventory_CL\r\n| summarize arg_max(TimeGenerated, *) by SerialNumber_s, SMBIOSUUID_g\r\n| where isnotempty(WindowsVersion_s) and isnotempty(OSName_s)\r\n| extend OSBuildVersion = OSBuild_s\r\n| extend OSReleaseName = strcat(trim('Microsoft ',OSName_s), \" - \", WindowsVersion_s)\r\n| extend OSSku = tostring(extract_all(@'(.*\\d.)(.*)', OSName_s)[0][1])\r\n| project Manufacturer = Manufacturer_s, OSSku\r\n| evaluate pivot (OSSku)\r\n\r\n", + "size": 3, + "showAnalytics": true, + "title": "Windows Build - By Manufacturer", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Enterprise", + "formatter": 4, + "formatOptions": { + "palette": "green" + } + }, + { + "columnMatch": "Pro", + "formatter": 4, + "formatOptions": { + "palette": "yellow" + } + }, + { + "columnMatch": "Education", + "formatter": 4, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "Enterprise Insider Preview", + "formatter": 4, + "formatOptions": { + "palette": "purple" + } + }, + { + "columnMatch": "dcount_Manufacturer", + "formatter": 5 + }, + { + "columnMatch": "_Empty", + "formatter": 5 + } + ] + }, + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "Manufacturer", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "dcount_Manufacturer", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "name": "Windows Build - By Manufacturer", + "styleSettings": { + "maxWidth": "30%" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "DeviceInventory_CL\r\n| summarize arg_max(TimeGenerated, *) by SerialNumber_s, SMBIOSUUID_g\r\n| where isnotempty(WindowsVersion_s) and isnotempty(OSName_s)\r\n| summarize count() by Manufacturer_s\r\n\r\n", + "size": 3, + "showAnalytics": true, + "title": "Windows Build - By Manufacturer", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Enterprise", + "formatter": 4, + "formatOptions": { + "palette": "green" + } + }, + { + "columnMatch": "Pro", + "formatter": 4, + "formatOptions": { + "palette": "yellow" + } + }, + { + "columnMatch": "Education", + "formatter": 4, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "Enterprise Insider Preview", + "formatter": 4, + "formatOptions": { + "palette": "purple" + } + }, + { + "columnMatch": "dcount_Manufacturer", + "formatter": 5 + }, + { + "columnMatch": "_Empty", + "formatter": 5 + } + ] + }, + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "Manufacturer", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "dcount_Manufacturer", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "name": "Windows Build - By Manufacturer - Piechart", + "styleSettings": { + "maxWidth": "30%" + } + }, + { + "type": 1, + "content": { + "json": "
\r\n\r\n-------\r\n\r\n
" + }, + "name": "Hardware HR 3 " + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "## Manufacturer Specific Information" + }, + "name": "text - 2 - Copy" + } + ] + }, + "name": "Model Header & Filter" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "5b98f4ae-e570-41d0-a4a1-d6427913f71d", + "version": "KqlParameterItem/1.0", + "name": "Manufacturer", + "type": 2, + "isRequired": true, + "query": "DeviceInventory_CL\r\n| distinct Manufacturer_s\r\n| order by Manufacturer_s asc", + "typeSettings": { + "additionalResourceOptions": [ + "value::1" + ], + "showDefault": false + }, + "timeContext": { + "durationMs": 7776000000 + }, + "timeContextFromParameter": "TimeRange", + "defaultValue": "value::1", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "value": "HP" + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "ManufacturerFilter", + "styleSettings": { + "maxWidth": "20%" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "DeviceInventory_CL\n| where Manufacturer_s == (\"{Manufacturer}\")\n| summarize arg_max(TimeGenerated, *) by ManagedDeviceID_g\n| summarize count()\n| extend Header = \"Unique {Manufacturer} Models\"\n", + "size": 3, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "sortBy": [], + "tileSettings": { + "titleContent": { + "columnMatch": "Header", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + }, + "showBorder": false + } + }, + "conditionalVisibility": { + "parameterName": "Manufacturer", + "comparison": "isNotEqualTo" + }, + "name": "Model Count", + "styleSettings": { + "maxWidth": "20%" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "DeviceInventory_CL\r\n| summarize arg_max(TimeGenerated, *) by SerialNumber_s, SMBIOSUUID_g\r\n| where isnotempty(WindowsVersion_s) and isnotempty(OSName_s) and Manufacturer_s == (\"{Manufacturer}\")\r\n| extend OSReleaseName = strcat(trim('Microsoft ', OSName_s), \" - \", WindowsVersion_s)\r\n| extend OSName = tostring(extract_all(@'(Windows\\s\\d.)', OSName_s)[0])\r\n| project Model = Model_s, OSReleaseName, OSName\r\n| evaluate pivot (Model)\r\n", + "size": 3, + "showAnalytics": true, + "title": "Windows Build - By Model", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "OSName", + "formatter": 5 + }, + { + "columnMatch": "FUJITSU", + "formatter": 8, + "formatOptions": { + "palette": "orange" + } + }, + { + "columnMatch": "dcount_Manufacturer", + "formatter": 5 + }, + { + "columnMatch": "_Empty", + "formatter": 5 + } + ], + "hierarchySettings": { + "treeType": 1, + "groupBy": [ + "OSName" + ], + "expandTopLevel": true + } + }, + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "Manufacturer", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "dcount_Manufacturer", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "conditionalVisibility": { + "parameterName": "Manufacturer", + "comparison": "isNotEqualTo" + }, + "name": "Windows Build - By Model" + }, + { + "type": 1, + "content": { + "json": "
" + }, + "name": "Break" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "DeviceInventory_CL\r\n| summarize arg_max(TimeGenerated, *) by SerialNumber_s, SMBIOSUUID_g\r\n| where isnotempty(WindowsVersion_s) and isnotempty(OSName_s) and Manufacturer_s contains (\"{Manufacturer}\")\r\n| extend OSBuildVersion = OSBuild_s\r\n| extend OSReleaseName = strcat(trim('Microsoft ',OSName_s), \" - \", WindowsVersion_s)\r\n| extend OSSku = tostring(extract_all(@'(.*\\d.)(.*)', OSName_s)[0][1])\r\n| project Model = Model_s, OSSku\r\n| order by OSSku desc\r\n| evaluate pivot (OSSku)\r\n\r\n\r\n", + "size": 3, + "showAnalytics": true, + "title": "Windows Build - By Model", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Enterprise", + "formatter": 4, + "formatOptions": { + "palette": "green" + } + }, + { + "columnMatch": "Pro", + "formatter": 4, + "formatOptions": { + "palette": "yellow" + } + }, + { + "columnMatch": "Education", + "formatter": 4, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "Enterprise Insider Preview", + "formatter": 4, + "formatOptions": { + "palette": "purple" + } + }, + { + "columnMatch": "dcount_Manufacturer", + "formatter": 5 + }, + { + "columnMatch": "_Empty", + "formatter": 5 + } + ] + }, + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "Manufacturer", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "dcount_Manufacturer", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "name": "Windows Build - By Model", + "styleSettings": { + "maxWidth": "40%" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "DeviceInventory_CL\r\n| summarize arg_max(TimeGenerated, *) by SerialNumber_s, SMBIOSUUID_g\r\n| where isnotempty(WindowsVersion_s) and isnotempty(OSName_s) and Manufacturer_s contains (\"{Manufacturer}\")\r\n| summarize count() by Model_s\r\n\r\n", + "size": 3, + "showAnalytics": true, + "title": "Windows Build - By Model", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Enterprise", + "formatter": 4, + "formatOptions": { + "palette": "green" + } + }, + { + "columnMatch": "Pro", + "formatter": 4, + "formatOptions": { + "palette": "yellow" + } + }, + { + "columnMatch": "Education", + "formatter": 4, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "Enterprise Insider Preview", + "formatter": 4, + "formatOptions": { + "palette": "purple" + } + }, + { + "columnMatch": "dcount_Manufacturer", + "formatter": 5 + }, + { + "columnMatch": "_Empty", + "formatter": 5 + } + ] + }, + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "Manufacturer", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "dcount_Manufacturer", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "name": "Windows Build - By Model", + "styleSettings": { + "maxWidth": "30%" + } + }, + { + "type": 1, + "content": { + "json": "
\r\n\r\n-------" + }, + "name": "Hardware HR 2" + } + ] + }, + "conditionalVisibility": { + "parameterName": "CustomHWLogs", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Custom Hardware Feature Update Reports" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WaaSDeploymentStatus\r\n| extend DetailedStatus = case(DetailedStatus == 'Update successful', 'UpdateSuccessful', DetailedStatus)\r\n| where UpdateCategory == \"Feature\"\r\n| where isnotempty(UpdateReleasedDate)\r\n| where isnotempty (Computer)\r\n| where ReleaseName in ('Win11-21H2', '21H2') or '*' in ('Win11-21H2', '21H2')\r\n| where DeploymentStatus != \"Unknown\"\r\n| summarize arg_max(TimeGenerated, *) by Computer, ReleaseName\r\n| where DetailedStatus == \"Total\" or \"Total\" == \"Total\"\r\n| project\r\n TimeGenerated,\r\n LastScan,\r\n Computer,\r\n DeploymentStatus,\r\n DetailedStatus,\r\n DeploymentError,\r\n CurrentOSVersion = OSVersion,\r\n CurrentOSBuild = OSBuild,\r\n ReleaseName,\r\n UpdateReleasedDate,\r\n DeferralDays,\r\n PauseState,\r\n ExpectedInstallDate\r\n| sort by UpdateReleasedDate, Computer desc", + "size": 0, + "showAnalytics": true, + "title": "Full Details - Feature Update Information", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "DeploymentStatus", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "Update completed", + "representation": "success", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Failed", + "representation": "failed", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Unknown", + "representation": "unknown", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "In progress", + "representation": "pending", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Progress stalled", + "representation": "stopped", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "question", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "PauseState", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "Paused", + "representation": "2", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true, + "sortBy": [ + { + "itemKey": "$gen_thresholds_DeploymentStatus_3", + "sortOrder": 2 + } + ] + }, + "sortBy": [ + { + "itemKey": "$gen_thresholds_DeploymentStatus_3", + "sortOrder": 2 + } + ] + }, + "name": "Feature Update Details" + } + ] + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "ByFeatureUpdate" + }, + "name": "group - Feature Updates" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "# Patch Alerting\r\n-----\r\n\r\nPlease pay attention to this section for machines which are flagged for warning based on the following values\r\n\r\n1. Last Scan Date\r\n2. Missing Security Updates\r\n3. Unsupported Windows Builds", + "style": "warning" + }, + "name": "text - 7" + }, + { + "type": 1, + "content": { + "json": "### PrintNightmare Patch Monitor\r\n________________________\r\nMore information on this CVE and assoicated OOB updates can be found here - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 " + }, + "name": "text - 2" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WaaSDeploymentStatus\r\n| where TimeGenerated > ago (90d)\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\"\r\n| where ReleaseName matches regex \"(KB5004946|KB5004945|KB5004245|KB5004237)\"\r\n| where isnotempty(UpdateReleasedDate)\r\n| where isnotempty (Computer)\r\n| summarize dcount(Computer) by TimeGenerated, DeploymentStatus", + "size": 0, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "areachart", + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "Unknown", + "color": "gray" + }, + { + "seriesName": "Update completed", + "color": "green" + }, + { + "seriesName": "Progress stalled", + "color": "orange" + }, + { + "seriesName": "In progress", + "color": "yellow" + }, + { + "seriesName": "Failed", + "color": "red" + } + ] + } + }, + "name": "PrintNightmare Query" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WaaSDeploymentStatus\r\n| where TimeGenerated > ago (90d)\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\"\r\n| where ReleaseName matches regex \"(KB5004946|KB5004945|KB5004245|KB5004237)\"\r\n| where isnotempty(UpdateReleasedDate)\r\n| where isnotempty (Computer)\r\n| extend ReleaseName = strcat(OSVersion, ' - ', ReleaseName, ' - ', format_datetime(UpdateReleasedDate, 'yyyy/MM/dd'))\r\n| summarize arg_max(UpdateReleasedDate, *) by Computer, ReleaseName\r\n| summarize TotalRuns = count(), Success = countif(DeploymentStatus == 'Update completed'), Fails = countif(DeploymentStatus == 'Failed'), Unknown = countif(DeploymentStatus == 'Unknown'), ['In progress'] = countif(DeploymentStatus == 'In progress'), ['Progress stalled'] = countif(DeploymentStatus == 'Progress stalled') by ReleaseName // Summarize the total, successful and failed operations by name\r\n| extend SuccessRate = (Success * 100 / TotalRuns) // Calculate the percentage of succesful operations against the total\r\n| project ReleaseName, TotalRuns, [\"✔️Success\"] = Success, [\"❌Fails\"] = Fails, Unknown, ['In progress'], ['Progress stalled'], SuccessRate\r\n| order by ReleaseName", + "size": 3, + "timeContext": { + "durationMs": 2592000000 + }, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "PrintNightmare Stats" + } + ] + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "ByAlert" + }, + "name": "Group - Patch Warnings" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "# Update Sources - {TimeRange}\r\n-----\r\nThe below statistics show the sources for update content across all devices. Downloads from the CDN and peers are determined by delivery optimisation policies on your clients. \r\n\r\nMore information on delivery optimisation can be found here - https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization ", + "style": "info" + }, + "name": "text - 0" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WUDOAggregatedStatus\r\n| project ContentType, BytesFromCDN, BytesFromPeers, BWOptPercent28Days, DeviceCount\r\n| extend TotalBytes = (BytesFromCDN + BytesFromPeers)\r\n| sort by BytesFromCDN", + "size": 3, + "showAnalytics": true, + "title": "Content Types", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart", + "chartSettings": { + "yAxis": [ + "TotalBytes" + ], + "showMetrics": false, + "showLegend": true + } + }, + "customWidth": "33", + "name": "Delivery Optimization Type Piechart" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WUDOStatus \r\n| summarize Count = dcount(ComputerID, 4) by DownloadMode, DownloadModeSrc\r\n| project [\"Download Mode\"] = DownloadMode, [\"Download Source\"] = DownloadModeSrc, [\"Device Count\"] = Count\r\n| order by [\"Device Count\"]", + "size": 3, + "showAnalytics": true, + "title": "Delivery Optimisation Mode", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart" + }, + "customWidth": "33", + "name": "Delivery Optimization Mode Piechart" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WUDOAggregatedStatus\r\n| summarize sum(BytesFromCDN), sum(BytesFromPeers)\r\n| extend Total = (sum_BytesFromCDN + sum_BytesFromPeers)\r\n| project pCDN = (todouble(sum_BytesFromCDN) * 100 / todouble(Total)) , pPeers = (todouble(sum_BytesFromPeers) * 100 / todouble(Total))\r\n| evaluate narrow()\r\n| extend percent = '%'\r\n| project Column, todouble (Value)", + "size": 3, + "title": "Content Distribution", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart", + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "pCDN", + "label": "CDN Distribution", + "color": "orange" + }, + { + "seriesName": "pPeers", + "label": "Peer Distribution", + "color": "green" + } + ], + "ySettings": { + "numberFormatSettings": { + "unit": 1, + "options": { + "style": "decimal", + "useGrouping": true, + "maximumSignificantDigits": 2 + } + } + } + } + }, + "customWidth": "33", + "name": "Delivery Optimization Source Piechart" + } + ] + }, + "name": "Delivery Optimization Piecharts" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "
\r\n" + }, + "name": "Delivery Optimisation HR 1" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WUDOAggregatedStatus\r\n| summarize arg_max(TimeGenerated, *) by ContentType\r\n| extend BytesFromCDNGB = format_bytes(BytesFromCDN, 2)\r\n| extend BytesFromPeersGB = format_bytes(BytesFromPeers, 2)\r\n| extend [\"Total Bytes\"] = format_bytes((BytesFromCDN + BytesFromPeers),2, \"TB\")\r\n| sort by BytesFromCDN desc\r\n| project [\"Content Type\"] = ContentType, [\"Bytes from CDN\"] = BytesFromCDNGB, [\"Bytes from Peers\"] = BytesFromPeersGB, [\"Total Bytes\"], [\"Device Count\"] = DeviceCount\r\n\r\n", + "size": 3, + "showAnalytics": true, + "title": "Content Break Down", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Device Count", + "formatter": 4, + "formatOptions": { + "palette": "blue" + } + }, + { + "columnMatch": "BWOptPercent28Days", + "formatter": 0, + "numberFormat": { + "unit": 1, + "options": { + "style": "decimal", + "useGrouping": false + } + } + } + ], + "sortBy": [ + { + "itemKey": "Bytes from Peers", + "sortOrder": 1 + } + ] + }, + "sortBy": [ + { + "itemKey": "Bytes from Peers", + "sortOrder": 1 + } + ] + }, + "name": "Delivery Optmization Table" + }, + { + "type": 1, + "content": { + "json": "
\r\n\r\n---------------\r\n\r\n
\r\n" + }, + "name": "Delivery Optimisation HR 2" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WUDOAggregatedStatus\r\n| summarize arg_max(TimeGenerated, *) by ContentType\r\n| project ContentType, BytesFromCDN, BytesFromPeers\r\n| sort by BytesFromCDN", + "size": 0, + "title": "Content Types - By Source", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "barchart", + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "ContentType", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "BytesFromCDN", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "graphSettings": { + "type": 0, + "topContent": { + "columnMatch": "ContentType", + "formatter": 1 + }, + "centerContent": { + "columnMatch": "BytesFromCDN", + "formatter": 1, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "chartSettings": { + "xAxis": "ContentType", + "seriesLabelSettings": [ + { + "seriesName": "BytesFromCDN", + "label": "Bytes from CDN", + "color": "orange" + }, + { + "seriesName": "BytesFromPeers", + "label": "Bytes from Peers", + "color": "green" + } + ] + } + }, + "name": "query - 5" + }, + { + "type": 1, + "content": { + "json": "
\r\n\r\n----\r\n\r\n
" + }, + "conditionalVisibility": { + "parameterName": "CustomHWLogs", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Delivery Optimization Network Breakdown - HR" + }, + { + "type": 1, + "content": { + "json": "## Delivery Optimization Network Breakdown\r\n\r\nCustom hardware logs are available, and below is a breakdown of content distribution per subnet.", + "style": "success" + }, + "conditionalVisibility": { + "parameterName": "CustomHWLogs", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Delivery Optimization Network Breakdown" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WUDOStatus \r\n| join kind=innerunique \r\n (UCClient\r\n | project GlobalDeviceId, AzureADDeviceId\r\n ) on $left.ComputerID == $right.GlobalDeviceId\r\n| join kind=innerunique \r\n (IntuneDevices\r\n | project ReferenceId, DeviceId\r\n ) on $left.AzureADDeviceId == $right.ReferenceId\r\n| join kind=innerunique \r\n (DeviceInventory_CL\r\n ) on $left.DeviceId == $right.ManagedDeviceID_g\r\n| where isnotempty(tostring(parse_json(NetworkAdapters_s)[(0)].NetIPv4DefaultGateway))\r\n| summarize sum(BytesFromPeers), sum(BytesFromCDN), sum(PeersSuccessCount), sum(PeersCannotConnectCount) by tostring(parse_json(NetworkAdapters_s)[0].NetIPv4DefaultGateway)\r\n| order by sum_BytesFromPeers desc\r\n| extend Total = (sum_BytesFromPeers + sum_BytesFromCDN)\r\n| extend CDNPercent = (todouble(sum_BytesFromCDN) * 100 / todouble(Total)) , PeerPercent = (todouble(sum_BytesFromPeers) * 100 / todouble(Total))\r\n| project [\"Network Gateway\"] = NetworkAdapters_s_0_NetIPv4DefaultGateway, [\"Peer Connections\"] = sum_PeersSuccessCount, [\"Peer Errors\"] = sum_PeersCannotConnectCount, [\"GB from Peers\"] = sum_BytesFromPeers, [\"GB from CDN\"] = sum_BytesFromCDN, [\"Peer Percentage\"] = PeerPercent, [\"CDN Percentage\"] = CDNPercent\r\n| order by [\"GB from Peers\"] desc\r\n", + "size": 0, + "title": "Delivery Optimization By IP Range", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Peer Connections", + "formatter": 4, + "formatOptions": { + "palette": "green" + } + }, + { + "columnMatch": "Peer Errors", + "formatter": 4, + "formatOptions": { + "palette": "red" + } + }, + { + "columnMatch": "GB from Peers", + "formatter": 4, + "formatOptions": { + "palette": "green" + }, + "numberFormat": { + "unit": 2, + "options": { + "style": "decimal", + "useGrouping": true, + "maximumFractionDigits": 2 + } + } + }, + { + "columnMatch": "GB from CDN", + "formatter": 4, + "formatOptions": { + "palette": "orange" + }, + "numberFormat": { + "unit": 2, + "options": { + "style": "decimal", + "useGrouping": true, + "maximumFractionDigits": 2 + } + } + }, + { + "columnMatch": "Peer Percentage", + "formatter": 4, + "formatOptions": { + "min": 0, + "max": 100, + "palette": "green" + }, + "numberFormat": { + "unit": 1, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "CDN Percentage", + "formatter": 4, + "formatOptions": { + "min": 0, + "max": 100, + "palette": "orange" + }, + "numberFormat": { + "unit": 1, + "options": { + "style": "decimal" + } + } + } + ], + "sortBy": [ + { + "itemKey": "Network Gateway", + "sortOrder": 1 + } + ] + }, + "sortBy": [ + { + "itemKey": "Network Gateway", + "sortOrder": 1 + } + ] + }, + "conditionalVisibility": { + "parameterName": "CustomHWLogs", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Delivery Optimization By IP Range" + } + ] + }, + "customWidth": "60", + "name": "DeliveryColumnLeft" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "5796c5de-30fd-4bd3-b8ee-4c9027aa6c32", + "version": "KqlParameterItem/1.0", + "name": "DOState", + "type": 1, + "query": "WUDOAggregatedStatus\r\n| summarize sum(BytesFromCDN), sum(BytesFromPeers)\r\n| extend Total = (sum_BytesFromCDN + sum_BytesFromPeers)\r\n| project pPeers = (todouble(sum_BytesFromPeers) * 100 / todouble(Total))\r\n| evaluate narrow()\r\n| extend DOState = iif(todouble(Value) < 30,\"Bad\",iif(todouble(Value) < 60,\"Good\",iif(todouble(Value) >= 60,\"Optimal\",\"Poor\")))\r\n| project DOState", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "Delivery Optimization Parameters" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WUDOAggregatedStatus\r\n| summarize arg_max(TimeGenerated, *) by ContentType\r\n| extend BytesFromCDNGB = format_bytes(BytesFromCDN, 2)\r\n| extend BytesFromPeersGB = format_bytes(BytesFromPeers, 2)\r\n| sort by BytesFromCDN desc \r\n| extend CDNDistributionPercentage = todecimal(round((100 - BWOptPercent28Days),2))\r\n| extend PeerDistributionPercentage = todecimal(round((BWOptPercent28Days),2))\r\n| summarize [\"CDN Percentage\"] = avg(todecimal(round((CDNDistributionPercentage),1))), [\"Peer Percentage\"] = avg(todecimal(round((PeerDistributionPercentage),1)))", + "size": 3, + "title": "Delivery Optimisation Split", + "timeContext": { + "durationMs": 259200000 + }, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "CDN Percentage", + "formatter": 4, + "formatOptions": { + "min": 0, + "max": 100, + "palette": "red", + "compositeBarSettings": { + "labelText": "", + "columnSettings": [] + }, + "customColumnWidthSetting": "150px" + } + }, + { + "columnMatch": "Peer Percentage", + "formatter": 4, + "formatOptions": { + "min": 0, + "max": 100, + "palette": "green", + "customColumnWidthSetting": "150px" + } + } + ] + }, + "tileSettings": { + "titleContent": {}, + "showBorder": false, + "sortCriteriaField": "CDN Percentage", + "size": "auto" + } + }, + "conditionalVisibility": { + "parameterName": "s", + "comparison": "isEqualTo", + "value": "s" + }, + "name": "query - 7" + }, + { + "type": 1, + "content": { + "json": "## Bandwidth Savings - Optimal\r\n\r\nYour delivery optimization settings are working very well, and you have significant volumes of traffic using peer to peer distribution.", + "style": "success" + }, + "conditionalVisibility": { + "parameterName": "DOState", + "comparison": "isEqualTo", + "value": "Optimal" + }, + "name": "Delivery Optimization - Optimal" + }, + { + "type": 1, + "content": { + "json": "## Bandwidth Savings - Good\r\n\r\nYour delivery optimization settings are working, and you have a good level of traffic using peer to peer distribution.", + "style": "success" + }, + "conditionalVisibility": { + "parameterName": "DOState", + "comparison": "isEqualTo", + "value": "Good" + }, + "name": "Delivery Optimization - Good" + }, + { + "type": 1, + "content": { + "json": "## Bandwidth Savings - Poor\r\n\r\nDelivery optimization levels show that your clients are sharing content, but the level of peer to peer sharing could be improved.\r\n\r\n**Recommendation:** Please review your firewall configuration and delivery optimization URL access.", + "style": "warning" + }, + "conditionalVisibility": { + "parameterName": "DOState", + "comparison": "isEqualTo", + "value": "Poor" + }, + "name": "Delivery Optimization - Poor" + }, + { + "type": 1, + "content": { + "json": "## Bandwidth Savings - Bad\r\n\r\nDelivery optimization levels show that your clients are not sharing any significent content via peer to peer communications,\r\n\r\n**Recommendation:** Please review your firewall configuration and delivery optimization URL access.\r\n\r\n**Note** - If you are using cloud only clients with physical location seperation, this is expected and you can ignore this warning.", + "style": "error" + }, + "conditionalVisibility": { + "parameterName": "DOState", + "comparison": "isEqualTo", + "value": "Bad" + }, + "name": "Delivery Optimization - Bad" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WUDOAggregatedStatus\r\n| summarize arg_max(TimeGenerated, *) by ContentType\r\n| extend BytesFromCDNGB = format_bytes(BytesFromCDN, 2)\r\n| extend BytesFromPeersGB = format_bytes(BytesFromPeers, 2)\r\n| extend TotalRawBytes = (BytesFromGroupPeers + BytesFromPeers)\r\n| summarize [\"Bandwidth Saving\"] = format_bytes(sum(TotalRawBytes),2)\r\n| extend Type = \"Bandwidth Savings\"", + "size": 3, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "columnMatch": "Type", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + }, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + "leftContent": { + "columnMatch": "Bandwidth Saving", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Share", + "text": "{0}{1}" + } + ] + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal" + } + } + }, + "showBorder": true, + "sortCriteriaField": "Bandwidth Saving", + "size": "auto" + } + }, + "name": "Deliery Optimization - Bytes from Peers Tile", + "styleSettings": { + "maxWidth": "250px" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WUDOAggregatedStatus\r\n| summarize arg_max(TimeGenerated, *) by ContentType\r\n| summarize [\"CDN Bandwidth\"] = format_bytes(sum(BytesFromCDN),2)\r\n| extend Type = \"CDN Bandwidth\"", + "size": 3, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "columnMatch": "Type", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Download", + "text": "{0}{1}" + } + ] + }, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + "leftContent": { + "columnMatch": "CDN Bandwidth", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "Unshare", + "text": "{0}{1}" + } + ] + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal" + } + } + }, + "showBorder": true, + "sortCriteriaField": "Bandwidth Saving", + "size": "auto" + } + }, + "name": "Deliery Optimization - Bytes from CDN Tile ", + "styleSettings": { + "maxWidth": "250px" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WUDOAggregatedStatus\r\n| summarize sum(BytesFromCDN), sum(BytesFromPeers) by TimeGenerated\r\n| project sum_BytesFromCDN, sum_BytesFromPeers, TimeGenerated\r\n\r\n\r\n", + "size": 1, + "title": "Update Sources Trend", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "areachart", + "tileSettings": { + "showBorder": false + }, + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "sum_BytesFromCDN", + "label": "CDN Delivered", + "color": "orange" + }, + { + "seriesName": "sum_BytesFromPeers", + "label": "Peer Delivered", + "color": "green" + } + ] + } + }, + "name": "query - 8" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WUDOAggregatedStatus\r\n| summarize sum(BytesFromCDN), sum(BytesFromPeers) by TimeGenerated\r\n| project sum_BytesFromCDN, sum_BytesFromPeers, TimeGenerated\r\n", + "size": 1, + "title": "Update Sources Trend Last 7 days", + "timeContext": { + "durationMs": 604800000 + }, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "areachart", + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "sum_BytesFromCDN", + "color": "orange" + }, + { + "seriesName": "sum_BytesFromPeers", + "color": "green" + } + ] + } + }, + "name": "query - 4" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WUDOAggregatedStatus\r\n| summarize sum(BytesFromCDN), sum(BytesFromPeers) by TimeGenerated\r\n| project sum_BytesFromCDN, sum_BytesFromPeers, TimeGenerated", + "size": 1, + "title": "Update Sources Trend Last 48 hours", + "timeContext": { + "durationMs": 259200000 + }, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "areachart", + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "sum_BytesFromCDN", + "color": "orange" + }, + { + "seriesName": "sum_BytesFromPeers", + "color": "green" + } + ] + } + }, + "name": "query - 6" + } + ] + }, + "customWidth": "40", + "name": "Bandwidth Saving", + "styleSettings": { + "margin": "10px", + "padding": "10px", + "showBorder": true + } + } + ] + }, + "name": "Group - Content Distribution" + } + ] + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "ByDeliveryOptimisation" + }, + "name": "Group - ByDeliveryOptimisation" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "# Windows 11 Readiness Status\r\n-----\r\n\r\nThis report provide on which devices in your environment meet the [hardware requriement](https://www.microsoft.com/en-us/windows/windows-11-specifications) for Windows 11", + "style": "info" + }, + "name": "text - 7" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "5b7ffc78-5bda-4635-8458-cf77ce182223", + "version": "KqlParameterItem/1.0", + "name": "OSBuild", + "label": "Current Build", + "type": 2, + "multiSelect": true, + "quote": "'", + "delimiter": ",", + "query": "UCClientReadinessStatus\r\n| extend MainBuild = tostring(split(OSBuild, \".\")[0])\r\n| summarize by MainBuild, OSBuild\r\n| project Value = OSBuild, Label = OSBuild, group = MainBuild\r\n| sort by group", + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ], + "showDefault": false + }, + "timeContext": { + "durationMs": 7776000000 + }, + "timeContextFromParameter": "TimeRange", + "defaultValue": "value::all", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + { + "id": "adab14d9-4241-4f65-801a-4f62a9a36d15", + "version": "KqlParameterItem/1.0", + "name": "TargetOSBuild", + "label": "Target Build", + "type": 2, + "query": "UCClientReadinessStatus\r\n| distinct TargetOSBuild", + "value": "10.0.22000.194", + "typeSettings": { + "additionalResourceOptions": [], + "showDefault": false + }, + "timeContext": { + "durationMs": 7776000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "Windows 11 Parameters" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "## Windows 11 Upgrade Summary\r\n\r\nBelow are summary stats on your environment" + }, + "name": "Summary Number Header" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCClientReadinessStatus\r\n| summarize arg_max(TimeGenerated, *) by DeviceName\r\n| where ['OSName '] == \"Windows 10\"\r\n| where ReadinessStatus == \"Capable\"\r\n| summarize count()\r\n| extend Descrption = \"Windows 11 Capable\"\r\n| extend Summary = \"Intune managed devices ({TimeRange})\"\r\n| project toint(count_), Descrption, Summary", + "size": 3, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "columnMatch": "Descrption", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + } + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "min": 0, + "palette": "green" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Summary" + }, + "showBorder": false, + "size": "auto" + } + }, + "name": "Windows 11 Capable" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let DeviceDetails = UCClient\r\n| summarize arg_max(TimeGenerated, *) by GlobalDeviceId\r\n| join kind=innerunique \r\n (IntuneDevices\r\n | summarize arg_max(TimeGenerated, *) by ReferenceId\r\n ) on $left.AzureADDeviceId == $right.ReferenceId;\r\nUCClientReadinessStatus \r\n| summarize arg_max(TimeGenerated, *) by GlobalDeviceId\r\n| where OSBuild has_any ({OSBuild}) and TargetOSBuild == \"{TargetOSBuild}\"\r\n| join kind=innerunique DeviceDetails on $left.AzureADDeviceId == $right.ReferenceId\r\n| where ReadinessStatus == \"NotCapable\"\r\n| summarize count()\r\n| extend Descrption = \"Windows 11 Not Capable\"\r\n| extend Summary = \"Intune managed devices ({TimeRange})\"\r\n| project toint(count_), Descrption, Summary", + "size": 3, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "columnMatch": "Descrption", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "3", + "text": "{0}{1}" + } + ] + } + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "min": 0, + "palette": "red" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Summary" + }, + "showBorder": false, + "size": "auto" + } + }, + "name": "Windows 11 Not Capable" + }, + { + "type": 1, + "content": { + "json": "------\r\n
" + }, + "name": "Numbers Rule 2" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "b47ac6be-2215-44d8-9df3-63c38f191ef6", + "version": "KqlParameterItem/1.0", + "name": "Windows11Devices", + "type": 1, + "query": "UCClient\n| where OSVersion contains \"11\"\n| summarize arg_max(TimeGenerated, *) by GlobalDeviceId\n| summarize count() by OSVersion\n| extend Windows11Devices = iif(count_ > 0,\"True\",\"False\")\n| project Windows11Devices", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 7776000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "Windows 11 Check" + }, + { + "type": 1, + "content": { + "json": "## Windows 11 Builds\r\n\r\nGreat news, Windows 11 is already in use in your environment. Below are the builds of Windows 11 currently in use within your environment", + "style": "success" + }, + "conditionalVisibility": { + "parameterName": "Windows11Devices", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Windows 11 Builds" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCClient\r\n| where OSVersion contains \"11\"\r\n| summarize arg_max(TimeGenerated, *) by GlobalDeviceId\r\n| summarize count()\r\n| extend Descrption = \"Windows 11 Device Count\"\r\n| extend Summary = \"Managed devices ({TimeRange})\"\r\n| project toint(count_), Descrption, Summary", + "size": 3, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "columnMatch": "Descrption", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + } + }, + "leftContent": { + "columnMatch": "count_", + "formatter": 12, + "formatOptions": { + "min": 0, + "palette": "green" + }, + "numberFormat": { + "unit": 17, + "options": { + "style": "decimal", + "maximumFractionDigits": 2, + "maximumSignificantDigits": 3 + } + } + }, + "secondaryContent": { + "columnMatch": "Summary" + }, + "showBorder": false, + "size": "auto" + } + }, + "name": "Windows 11 Devices" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCClient\r\n| where OSVersion contains \"11\"\r\n| summarize arg_max(TimeGenerated, *) by GlobalDeviceId\r\n| summarize count() by OSBuild\r\n| order by count_ desc", + "size": 3, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "count_", + "formatter": 4, + "formatOptions": { + "palette": "green", + "compositeBarSettings": { + "labelText": "", + "columnSettings": [] + }, + "customColumnWidthSetting": "20ch" + } + } + ], + "labelSettings": [ + { + "columnId": "OSBuild", + "label": "Windows 11 Build" + }, + { + "columnId": "count_", + "label": "Device Count" + } + ] + } + }, + "conditionalVisibility": { + "parameterName": "Windows11Devices", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Windows 11 Builds" + } + ] + }, + "customWidth": "30", + "name": "Windows 11 Summary", + "styleSettings": { + "margin": "20px", + "padding": "20px", + "showBorder": true + } + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCClientReadinessStatus \r\n| summarize arg_max(TimeGenerated, *) by GlobalDeviceId\r\n| where OSBuild has_any ({OSBuild}) and TargetOSBuild == \"{TargetOSBuild}\"\r\n| extend Readiness = iff(OSVersion contains \"Win11\", \"Upgraded\", iff(OSVersion contains \"Windows 11\", \"Upgraded\", ReadinessStatus))\r\n| join kind=innerunique \r\n (IntuneDevices\r\n | summarize arg_max(TimeGenerated, *) by ReferenceId\r\n | where isnotempty (Manufacturer)\r\n ) on $left.AzureADDeviceId == $right.ReferenceId\r\n| summarize count() by Readiness", + "size": 3, + "showAnalytics": true, + "title": "Windows 11 readiness Status", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart", + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "Capable", + "color": "green" + }, + { + "seriesName": "Unknown", + "color": "orange" + }, + { + "seriesName": "NotCapable", + "color": "red" + }, + { + "seriesName": "Upgraded", + "color": "blue" + }, + { + "color": "blue" + } + ] + } + }, + "name": "Windows 11 Upgrade Piechart", + "styleSettings": { + "maxWidth": "40%" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCClientReadinessStatus \r\n| summarize arg_max(TimeGenerated, *) by GlobalDeviceId\r\n| where OSBuild has_any ({OSBuild}) and TargetOSBuild == \"{TargetOSBuild}\"\r\n| extend Readiness = iff(OSVersion contains \"Win11\", \"Upgraded\", iff(OSVersion contains \"Windows 11\", \"Upgraded\", ReadinessStatus))\r\n| join kind=innerunique \r\n (IntuneDevices\r\n | summarize arg_max(TimeGenerated, *) by ReferenceId\r\n ) on $left.AzureADDeviceId == $right.ReferenceId\r\n| where isnotempty (Manufacturer)\r\n| project Manufacturer, Readiness\r\n| evaluate pivot(Readiness)\r\n| order by Upgraded desc", + "size": 0, + "showAnalytics": true, + "title": "Windows 11 Readines Scan Status by Manufacturer", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "NotCapable", + "formatter": 4, + "formatOptions": { + "palette": "orangeRed", + "customColumnWidthSetting": "120px" + } + }, + { + "columnMatch": "Unknown", + "formatter": 4, + "formatOptions": { + "palette": "orange", + "customColumnWidthSetting": "100px" + } + }, + { + "columnMatch": "Upgraded", + "formatter": 4, + "formatOptions": { + "palette": "green" + } + }, + { + "columnMatch": "Capable", + "formatter": 8, + "formatOptions": { + "palette": "blueGreen" + } + }, + { + "columnMatch": "NotStarted", + "formatter": 8, + "formatOptions": { + "palette": "yellowGreenBlue" + } + } + ], + "labelSettings": [ + { + "columnId": "NotCapable", + "label": "Not Capable" + } + ] + } + }, + "name": "Windows 11 Datagrid" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCClientReadinessStatus \r\n| summarize arg_max(TimeGenerated, *) by GlobalDeviceId\r\n| where OSBuild has_any ({OSBuild}) and TargetOSBuild == \"{TargetOSBuild}\"\r\n| join kind=innerunique \r\n (IntuneDevices\r\n | summarize arg_max(TimeGenerated, *) by ReferenceId\r\n ) on $left.AzureADDeviceId == $right.ReferenceId\r\n| where ReadinessStatus == 'NotCapable'\r\n//| extend ReadinessReasonArray = split(ReadinessReason, ';')\r\n//| extend ReadinessReason = array_slice(ReadinessReasonArray, 0, -2)\r\n//| mv-expand ReadinessReason\r\n| extend ReadinessReason = trim_end(\";\", tostring(ReadinessReason))\r\n| project ReadinessReason, Manufacturer\r\n| evaluate pivot(Manufacturer)", + "size": 0, + "showAnalytics": true, + "title": "Windows 11 Not Capable - Reasons by Manufacturer", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "barchart", + "gridSettings": { + "formatters": [ + { + "columnMatch": "FUJITSU", + "formatter": 8, + "formatOptions": { + "palette": "blueGreen" + } + }, + { + "columnMatch": "Hewlett-Packard", + "formatter": 8, + "formatOptions": { + "palette": "bluePurple" + } + }, + { + "columnMatch": "HP", + "formatter": 8, + "formatOptions": { + "palette": "greenBlue" + } + }, + { + "columnMatch": "LENOVO", + "formatter": 8, + "formatOptions": { + "palette": "orangeRed" + } + }, + { + "columnMatch": "Microsoft Corporation", + "formatter": 8, + "formatOptions": { + "palette": "yellowGreen" + } + } + ], + "sortBy": [ + { + "itemKey": "ReadinessReason", + "sortOrder": 1 + } + ] + }, + "sortBy": [ + { + "itemKey": "ReadinessReason", + "sortOrder": 1 + } + ], + "chartSettings": { + "showMetrics": false, + "showLegend": true + } + }, + "name": "query - 6" + } + ] + }, + "customWidth": "70", + "name": "Windows 11 Upgrade Details", + "styleSettings": { + "maxWidth": "70&" + } + }, + { + "type": 1, + "content": { + "json": "## Windows 11 Readiness Details", + "style": "info" + }, + "name": "text - 8" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "82499f64-dd38-4fac-92e2-8d8fbd1564d6", + "version": "KqlParameterItem/1.0", + "name": "Windows11Readiness", + "label": "Windows 11 Readiness", + "type": 2, + "isRequired": true, + "query": "UCClientReadinessStatus\r\n| extend Readiness = iff(OSVersion contains \"Win11\", \"Upgraded\", ReadinessStatus)\r\n| distinct Readiness", + "value": "NotCapable", + "typeSettings": { + "additionalResourceOptions": [], + "showDefault": false + }, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + { + "id": "48d057e4-00fb-4ab4-b9ff-8c37a89624e3", + "version": "KqlParameterItem/1.0", + "name": "DeviceName", + "type": 1, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange" + }, + { + "id": "17e57a8b-91af-48c1-aa6f-d5ebd5a9423f", + "version": "KqlParameterItem/1.0", + "name": "UPN", + "label": "User Principal Name", + "type": 1, + "value": "", + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange" + }, + { + "id": "20a1ceac-5788-4272-b84a-e45f1e4c5264", + "version": "KqlParameterItem/1.0", + "name": "Manufacturer", + "type": 2, + "multiSelect": true, + "quote": "'", + "delimiter": ",", + "query": "IntuneDevices\r\n| where OS == 'Windows' and isnotempty(Manufacturer)\r\n| distinct Manufacturer", + "typeSettings": { + "additionalResourceOptions": [ + "value::all" + ], + "showDefault": false + }, + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "defaultValue": "value::all", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + { + "id": "3bf5fbdc-4c44-45a5-94cb-79897538c911", + "version": "KqlParameterItem/1.0", + "name": "ReadinessReason", + "type": 2, + "query": "UCClientReadinessStatus \r\n| summarize arg_max(TimeGenerated, *) by AzureADDeviceId\r\n| where ReadinessStatus == 'NotCapable'\r\n| extend ReadinessReasonArray = split(ReadinessReason, ';')\r\n| extend ReadinessReason = array_slice(ReadinessReasonArray, 0, -2)\r\n| mv-expand ReadinessReason\r\n| distinct tostring(ReadinessReason)", + "value": "CpuFms", + "typeSettings": { + "additionalResourceOptions": [] + }, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "Windows 11 Detail Parameters" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let DeviceDetails = UCClient\r\n| summarize arg_max(TimeGenerated, *) by GlobalDeviceId\r\n| join kind=innerunique \r\n (IntuneDevices\r\n | summarize arg_max(TimeGenerated, *) by ReferenceId\r\n ) on $left.AzureADDeviceId == $right.ReferenceId;\r\nUCClientReadinessStatus \r\n| summarize arg_max(TimeGenerated, *) by GlobalDeviceId\r\n| where OSBuild has_any ({OSBuild}) and TargetOSBuild == \"{TargetOSBuild}\"\r\n| extend Readiness = iff(OSVersion contains \"Win11\", \"Upgraded\", ReadinessStatus)\r\n| where Readiness == \"{Windows11Readiness}\"\r\n| join kind=innerunique DeviceDetails on $left.AzureADDeviceId == $right.ReferenceId\r\n| extend DeviceName = DeviceName1\r\n| extend DeviceUrl = strcat('https://endpoint.microsoft.com/#blade/Microsoft_Intune_Devices/DeviceSettingsBlade/overview/mdmDeviceId/', DeviceId)\r\n| where \"{DeviceName:escape}\" == \"*\" or DeviceName contains \"{DeviceName:escape}\" or isempty (DeviceName)\r\n| where \"{UPN:escape}\" == \"*\" or UPN contains \"{UPN:escape}\" or isempty (UPN)\r\n| where Manufacturer has_any ({Manufacturer})\r\n| project DeviceName, CurrentOSVersion = OSVersion, CurrentOSBuild = OSBuild1, TargetOSName, TargetOSVersion, TargetOSBuild, Readiness, DeviceFamily, Country, OSServicingChannel, UserName, UserEmail, EncryptionStatusString, JoinType, Manufacturer, Model, SerialNumber, StorageTotal, StorageFree, DeviceUrl\r\n", + "size": 3, + "showAnalytics": true, + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "DeviceName", + "formatter": 1, + "formatOptions": { + "linkColumn": "DeviceUrl", + "linkTarget": "Url" + } + }, + { + "columnMatch": "ReadinessStatus", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "NotStarted", + "representation": "unknown", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "DeviceUrl", + "formatter": 5 + } + ] + } + }, + "conditionalVisibility": { + "parameterName": "Windows11Readiness", + "comparison": "isNotEqualTo", + "value": "NotCapable" + }, + "name": "Windows 11 Non Capatible " + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let DeviceDetails = UCClient\r\n| summarize arg_max(TimeGenerated, *) by GlobalDeviceId\r\n| join kind=innerunique \r\n (IntuneDevices\r\n | summarize arg_max(TimeGenerated, *) by ReferenceId\r\n ) on $left.AzureADDeviceId == $right.ReferenceId;\r\nUCClientReadinessStatus \r\n| summarize arg_max(TimeGenerated, *) by GlobalDeviceId\r\n| where OSBuild has_any ({OSBuild}) and TargetOSBuild == \"{TargetOSBuild}\"\r\n| join kind=innerunique DeviceDetails on $left.AzureADDeviceId == $right.ReferenceId\r\n| where ReadinessStatus == \"NotCapable\"\r\n//| extend ReadinessReasonArray = split(ReadinessReason, ';')\r\n//| extend ReadinessReason = array_slice(ReadinessReasonArray, 0, -2)\r\n//| mv-expand ReadinessReason\r\n| extend ReadinessReason = trim_end(\";\", tostring(ReadinessReason))\r\n| extend DeviceName = DeviceName1\r\n| extend DeviceUrl = strcat('https://endpoint.microsoft.com/#blade/Microsoft_Intune_Devices/DeviceSettingsBlade/overview/mdmDeviceId/', DeviceId)\r\n| where \"{DeviceName:escape}\" == \"*\" or DeviceName contains \"{DeviceName:escape}\" or isempty (DeviceName)\r\n| where \"{UPN:escape}\" == \"*\" or UPN contains \"{UPN:escape}\" or isempty (UPN)\r\n| where ReadinessReason has_any (\"{ReadinessReason}\") //or ReadinessReason in ({ReadinessReason}) or '*' in ({ReadinessReason})\r\n| where Manufacturer has_any ({Manufacturer})\r\n| project ReadinessScanTime, ReadinessExpiryTime, DeviceName, CurrentOSVersion = OSVersion, CurrentOSBuild = OSBuild1, TargetOSName, TargetOSVersion, TargetOSBuild, ReadinessStatus, ReadinessReason, DeviceFamily, Country, OSServicingChannel, UserName, UserEmail, EncryptionStatusString, JoinType, Manufacturer, Model, SerialNumber, StorageTotal, StorageFree, DeviceUrl\r\n", + "size": 3, + "showAnalytics": true, + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "DeviceName", + "formatter": 1, + "formatOptions": { + "linkColumn": "DeviceUrl", + "linkTarget": "Url" + } + }, + { + "columnMatch": "ReadinessStatus", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "NotCapable", + "representation": "4", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "DeviceUrl", + "formatter": 5 + } + ], + "rowLimit": 100, + "filter": true + }, + "sortBy": [] + }, + "name": "Windows 11 Capable - Full Details" + } + ] + }, + "conditionalVisibility": { + "parameterName": "Windows11Readiness", + "comparison": "isEqualTo", + "value": "NotCapable" + }, + "name": "group - NotCapable" + } + ] + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "ByWindows11" + }, + "name": "Group - Windows 11 Readiness" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "----\r\n## Quality Update Deployment Issues\r\n\r\nThis page provides an oversight as to devices which are failing to update, along with a description of the update failure, and overall exceptions charts.", + "style": "warning" + }, + "name": "text - 4" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "8bc1bde2-a39b-45e1-81bc-21c311841ff3", + "version": "KqlParameterItem/1.0", + "name": "DeviceName", + "label": "Device Name", + "type": 1, + "value": "", + "timeContext": { + "durationMs": 2592000000 + }, + "timeContextFromParameter": "TimeRange", + "defaultValue": "value::1" + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "parameters - 5 - Copy - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WaaSDeploymentStatus\r\n| extend DetailedStatus = case(DetailedStatus == 'Update successful', 'UpdateSuccessful', DetailedStatus)\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\"\r\n| where isnotempty(UpdateReleasedDate)\r\n| where isnotempty (Computer)\r\n| where isnotempty(DeploymentError)\r\n| where DeploymentStatus != \"Update completed\"\r\n| where \"{DeviceName:escape}\" == \"*\" or Computer contains \"{DeviceName:escape}\" or \"{DeviceName:escape}\" == \"All devices\"\r\n| summarize arg_max(TimeGenerated, *) by Computer, ReleaseName, DetailedStatus\r\n| summarize Count = dcount(ComputerID, 4) by DetailedStatus\r\n", + "size": 3, + "title": "Deployment State", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart", + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "Commit", + "color": "blue" + }, + { + "seriesName": "Install started", + "color": "green" + }, + { + "seriesName": "Reboot pending", + "color": "orange" + } + ] + } + }, + "customWidth": "33", + "name": "Update Exception Piechart" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WaaSDeploymentStatus\r\n| extend DetailedStatus = case(DetailedStatus == 'Update successful', 'UpdateSuccessful', DetailedStatus)\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\"\r\n| where isnotempty(UpdateReleasedDate)\r\n| where isnotempty (Computer)\r\n| where isnotempty(DeploymentError)\r\n| where DeploymentStatus != \"Update completed\"\r\n| where \"{DeviceName:escape}\" == \"*\" or Computer contains \"{DeviceName:escape}\" or \"{DeviceName:escape}\" == \"All devices\"\r\n| summarize arg_max(TimeGenerated, *) by Computer, ReleaseName, DetailedStatus\r\n| summarize Count = dcount(ComputerID, 4) by DeploymentStatus", + "size": 3, + "title": "Deployment Status", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart", + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "Update completed", + "color": "green" + }, + { + "seriesName": "In progress", + "color": "yellow" + }, + { + "seriesName": "Progress stalled", + "color": "orange" + }, + { + "seriesName": "Failed", + "color": "red" + } + ] + } + }, + "customWidth": "33", + "name": "Deployment Status Issue Piechart" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WaaSDeploymentStatus\r\n| extend DetailedStatus = case(DetailedStatus == 'Update successful', 'UpdateSuccessful', DetailedStatus)\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\"\r\n| where isnotempty(UpdateReleasedDate)\r\n| where isnotempty (Computer)\r\n| where isnotempty(DeploymentError)\r\n| where DeploymentStatus != \"Update completed\"\r\n| where \"{DeviceName:escape}\" == \"*\" or Computer contains \"{DeviceName:escape}\" or \"{DeviceName:escape}\" == \"All devices\"\r\n| summarize arg_max(TimeGenerated, *) by Computer, ReleaseName, DetailedStatus\r\n| summarize Count = dcount(ComputerID, 4) by PauseState\r\n| extend UpdatesActive = case(PauseState == 'NotConfigured', 'Active', PauseState)\r\n| project Count, UpdatesActive", + "size": 3, + "title": "Update Status", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart", + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "Active", + "color": "green" + }, + { + "seriesName": "Paused", + "color": "orange" + } + ] + } + }, + "customWidth": "33", + "name": "Update Activity Chart" + }, + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "c0e02f85-61f5-44c3-9c3d-3404583ee4e2", + "version": "KqlParameterItem/1.0", + "name": "MissingPatches", + "type": 1, + "query": "let UpdateData = WaaSDeploymentStatus \n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\" and UpdateReleasedDate between (ago(60d) .. now())\n| distinct ReleaseName, UpdateReleasedDate, TargetOSVersion;\nWaaSDeploymentStatus\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\" and ReleaseName in (UpdateData)\n| where isnotempty(UpdateReleasedDate)\n| where isnotempty(Computer) and Computer != \"#\"\n| extend DeploymentState = iff((DetailedStatus == \"Update successful\" or DetailedStatus == \"UpdateSuccessful\"),\"Update Successful\", DetailedStatus)\n| extend SummaryState = iff((DeploymentState == \"Update Successful\"),\"Patched\",\"Not Patched\")\n| summarize arg_max(TimeGenerated, *) by ComputerID, ReleaseName, SummaryState\n| join kind=leftouter (UCClientUpdateStatus\n| where TimeGenerated between (ago(30d) .. now())\n| distinct GlobalDeviceId, AzureADDeviceId)\non $left.ComputerID == $right.GlobalDeviceId\n| join kind=leftouter (IntuneDevices\n| summarize arg_max(TimeGenerated,*) by ReferenceId)\non $left.AzureADDeviceId == $right.ReferenceId\n| extend Active = iff( (todatetime(LastContact) between (ago(30d) .. now() )), \"Active\", \"Inactive\" )\n| summarize arg_max(TimeGenerated, *) by ReleaseName, AzureADDeviceId\n| where Active == \"Active\" and SummaryState == \"Not Patched\" and DetailedStatus != \"NotStarted\"\n| summarize count()\n| extend MissingPatches = iif(count_ > 0,\"True\",\"False\")\n| project MissingPatches\n", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + { + "id": "3140eb15-884c-4f0a-8696-fef3b17ab1b0", + "version": "KqlParameterItem/1.0", + "name": "FeatureUpdateIssues", + "type": 1, + "query": "UCUpdateAlert\n| where UpdateCategory == \"WindowsFeatureUpdate\"\n| summarize arg_max(TimeGenerated, *) by AzureADDeviceId, DeploymentId, AlertSubtype, ServiceSubstate, ClientSubstate\n| where AlertStatus == 'Active' and UpdateCategory contains \"Feature\"\n| join kind=innerunique \n (IntuneDevices\n | summarize arg_max(TimeGenerated, *) by ReferenceId\n )\n on $left.AzureADDeviceId == $right.ReferenceId\n| join kind=innerunique\n (WaaSDeploymentStatus\n | summarize arg_max(TimeGenerated, *) by ComputerID\n )\n on $left.GlobalDeviceId == $right.ComputerID\n| extend DeviceUrl = strcat('https://endpoint.microsoft.com/#blade/Microsoft_Intune_Devices/DeviceSettingsBlade/overview/mdmDeviceId/', DeviceId) \n| extend DeviceName = DeviceName1\n| where DeploymentStatus != \"Update completed\"\n| summarize count()\n| extend FeatureUpdateIssues = iif(count_ > 0,\"True\",\"False\")\n| project FeatureUpdateIssues", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 0 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + { + "id": "335d1e6b-47a9-44d9-931a-ca7f0fb8bd5c", + "version": "KqlParameterItem/1.0", + "name": "FeaturePolicyIssues", + "type": 1, + "query": "IntuneDevices\n| where OS == \"Windows\"\n| where todatetime(LastContact) > ago (30d)\n| distinct ReferenceId\n| join kind=innerunique (UCUpdateAlert\n| where UpdateCategory == \"WindowsFeatureUpdate\"\n| extend TargetVersion = case (isempty(TargetVersion), \"Unknown TargetVersion\", TargetVersion startswith \"Win\", TargetVersion, strcat(\"Windows 10-\", TargetVersion))\n| extend DeploymentName = strcat(TargetVersion, \" (\", DeploymentId, \")\")\n| project TimeGenerated, DeploymentName, AzureADDeviceId, ServiceSubstate, ClientSubstate, StartTime, ResolvedTime, AlertStatus\n| where isnotempty(StartTime)\n)\non $left.ReferenceId == $right.AzureADDeviceId\n| where ServiceSubstate == \"RemovedFromDeployment\" or ClientSubstate == \"RemovedFromDeployment\"\n| project TimeGenerated, AzureADDeviceId, DeploymentName, ServiceSubstate, StartTime, ResolvedTime\n| summarize arg_min(TimeGenerated,*) by AzureADDeviceId, DeploymentName, ServiceSubstate, StartTime, ResolvedTime\n| mv-expand TimeRange = range(bin(StartTime, 1d), ResolvedTime , 1d)\n| summarize count()\n| extend FeaturePolicyIssues = iif(count_ > 0,\"True\",\"False\")\n| project FeaturePolicyIssues", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 7776000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + { + "id": "3d55a133-1b67-4314-b5a1-a03569eca4e0", + "version": "KqlParameterItem/1.0", + "name": "SafeGuardIssues", + "type": 1, + "query": "WaaSDeploymentStatus\n | extend DetailedStatus = case(DetailedStatus == 'Update successful', 'UpdateSuccessful', DetailedStatus)\n | summarize arg_max(TimeGenerated, *) by ComputerID, ReleaseName\n | where UpdateCategory == \"Feature\"\n | where DetailedStatus == \"Safeguard Hold\"\n | summarize count()\n | extend SafeGuardIssues = iif(count_ > 0,\"True\",\"False\")\n | project SafeGuardIssues", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 7776000000 + }, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "Patching Alert Parameters" + }, + { + "type": 1, + "content": { + "json": "## Missing Patch Alert\r\n\r\nThe following devices are active but missing vital patches at the time of the query. \r\n* Please note that data is only gathered every 25 hours and due to this some machines might already have remediated their patching state.", + "style": "warning" + }, + "conditionalVisibility": { + "parameterName": "MissingPatches", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Missing Patches" + }, + { + "type": 1, + "content": { + "json": "## Missing Patch Alert\r\n\r\nGreat news. No missing patch warnings are present", + "style": "success" + }, + "conditionalVisibility": { + "parameterName": "MissingPatches", + "comparison": "isNotEqualTo", + "value": "True" + }, + "name": "No Missing Patches " + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let UpdateData = WaaSDeploymentStatus \r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\" and UpdateReleasedDate between (ago(60d) .. now())\r\n| distinct ReleaseName, UpdateReleasedDate, TargetOSVersion;\r\nWaaSDeploymentStatus\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\" and ReleaseName in (UpdateData)\r\n| where isnotempty(UpdateReleasedDate)\r\n| where isnotempty(Computer) and Computer != \"#\"\r\n| extend DeploymentState = iff((DetailedStatus == \"Update successful\" or DetailedStatus == \"UpdateSuccessful\"),\"Update Successful\", DetailedStatus)\r\n| extend SummaryState = iff((DeploymentState == \"Update Successful\"),\"Patched\",\"Not Patched\")\r\n| summarize arg_max(TimeGenerated, *) by ComputerID, ReleaseName, SummaryState\r\n| join kind=leftouter (UCClientUpdateStatus\r\n| where TimeGenerated between (ago(30d) .. now())\r\n| distinct GlobalDeviceId, AzureADDeviceId)\r\non $left.ComputerID == $right.GlobalDeviceId\r\n| join kind=leftouter (IntuneDevices\r\n| summarize arg_max(TimeGenerated,*) by ReferenceId)\r\non $left.AzureADDeviceId == $right.ReferenceId\r\n| extend Active = iff( (todatetime(LastContact) between (ago(30d) .. now() )), \"Active\", \"Inactive\" )\r\n| summarize arg_max(TimeGenerated, *) by ReleaseName, AzureADDeviceId\r\n| where Active == \"Active\" and SummaryState == \"Not Patched\" and DetailedStatus != \"NotStarted\"\r\n| summarize arg_max(TimeGenerated, *) by AzureADDeviceId, ReleaseName\r\n| extend DeviceUrl = strcat('https://endpoint.microsoft.com/#blade/Microsoft_Intune_Devices/DeviceSettingsBlade/overview/mdmDeviceId/', DeviceId) \r\n| extend KBNumber = split(ReleaseName,\"(\")[0]\r\n| extend KBUrl = strcat('https://www.catalog.update.microsoft.com/Search.aspx?q=', KBNumber) \r\n| project TimeGenerated, Computer, ReleaseName, UpdateReleasedDate, UpdateClassification, OSVersion, TargetOSVersion, DeviceUrl, DetailedStatus, DeploymentError, KBUrl\r\n| sort by TimeGenerated, Computer", + "size": 0, + "title": "Missing Patches - {TimeRange}", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "exportToExcelOptions": "all", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Computer", + "formatter": 1, + "formatOptions": { + "linkColumn": "DeviceUrl", + "linkTarget": "Url" + }, + "tooltipFormat": { + "tooltip": "Click here to view the device details in the Microsoft Endpoint Manager Admin Center" + } + }, + { + "columnMatch": "ReleaseName", + "formatter": 1, + "formatOptions": { + "linkColumn": "KBUrl", + "linkTarget": "Url" + }, + "tooltipFormat": { + "tooltip": "Click here to view the KB in the Microsoft Update Catalog site" + } + }, + { + "columnMatch": "DeviceUrl", + "formatter": 5 + }, + { + "columnMatch": "DetailedStatus", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "Reboot pending", + "representation": "2", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Install started", + "representation": "success", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "1", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "KBUrl", + "formatter": 5 + } + ], + "rowLimit": 50, + "filter": true, + "sortBy": [ + { + "itemKey": "DeploymentError", + "sortOrder": 1 + } + ] + }, + "sortBy": [ + { + "itemKey": "DeploymentError", + "sortOrder": 1 + } + ] + }, + "conditionalVisibility": { + "parameterName": "MissingPatches", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Grid - Patches Missed" + }, + { + "type": 1, + "content": { + "json": "## Update Issues\r\nThe following devices are active but have alerts that could prevent security patching from being completed.", + "style": "warning" + }, + "name": "Update Issues" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WaaSDeploymentStatus\r\n| extend DetailedStatus = case(DetailedStatus == 'Update successful', 'UpdateSuccessful', DetailedStatus)\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\"\r\n| where isnotempty(UpdateReleasedDate)\r\n| where isnotempty (Computer)\r\n| where isnotempty(DeploymentError)\r\n| where DeploymentStatus != \"Update completed\"\r\n| where \"{DeviceName:escape}\" == \"*\" or Computer contains \"{DeviceName:escape}\" or \"{DeviceName:escape}\" == \"All devices\"\r\n| summarize arg_max(TimeGenerated, *) by Computer, ReleaseName, DetailedStatus\r\n| project Computer, DeploymentStatus, DetailedStatus, DeploymentError, CurrentOSVersion = OSVersion, CurrentOSBuild = OSBuild, ReleaseName, UpdateReleasedDate, DeferralDays, PauseState, ExpectedInstallDate, TimeGenerated, LastScan\r\n| sort by TimeGenerated desc, Computer desc", + "size": 3, + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "DeploymentStatus", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "contains", + "thresholdValue": "Failed", + "representation": "4", + "text": "{0}{1}" + }, + { + "operator": "contains", + "thresholdValue": "Progress stalled", + "representation": "2", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "In progress", + "representation": "1", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "DetailedStatus", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "contains", + "thresholdValue": "Reboot", + "representation": "2", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "PauseState", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "Paused", + "representation": "2", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + } + } + ], + "rowLimit": 25, + "filter": true, + "hierarchySettings": { + "treeType": 1, + "groupBy": [ + "DeploymentStatus" + ], + "expandTopLevel": true + } + } + }, + "name": "query - 5" + }, + { + "type": 1, + "content": { + "json": "
" + }, + "name": "text - 11" + }, + { + "type": 1, + "content": { + "json": "## Feature Update Issues\r\n\r\nWindows feature updates are the major release of the operating system, and are released typically twice a year, with updates moving to annually from Windows 10 21H2 and Windows 11. More information on the current Windows release cycle can be found here - https://docs.microsoft.com/en-us/windows/release-health/release-information\r\n", + "style": "warning" + }, + "conditionalVisibility": { + "parameterName": "FeatureUpdateIssues", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Feature Update Issues" + }, + { + "type": 1, + "content": { + "json": "## Feature Update Issues\r\n\r\nWindows feature updates are rolling out successfully. No issues detected!\r\n", + "style": "success" + }, + "conditionalVisibility": { + "parameterName": "FeatureUpdateIssues", + "comparison": "isNotEqualTo", + "value": "True" + }, + "name": "No Feature Update Issues " + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCUpdateAlert \r\n| summarize arg_max(TimeGenerated, *) by GlobalDeviceId\r\n| where AlertStatus == 'Active' and UpdateCategory contains \"Feature\"\r\n| join kind=innerunique\r\n (WaaSDeploymentStatus\r\n | summarize arg_max(TimeGenerated, *) by ComputerID\r\n )\r\n on $left.GlobalDeviceId == $right.ComputerID\r\n| where notempty(Description)\r\n| summarize dcount(GlobalDeviceId,2) by Description\r\n", + "size": 3, + "title": "Update Error Descriptions", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Description", + "formatter": 0, + "formatOptions": { + "customColumnWidthSetting": "500px" + } + }, + { + "columnMatch": "dcount_GlobalDeviceId", + "formatter": 4, + "formatOptions": { + "palette": "blue", + "customColumnWidthSetting": "150px" + } + } + ], + "labelSettings": [ + { + "columnId": "dcount_GlobalDeviceId", + "label": "Device Count" + } + ] + }, + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "Description", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "dcount_GlobalDeviceId", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "conditionalVisibility": { + "parameterName": "FeatureUpdateIssues", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Graph - Feature Update Failures - Descriptions", + "styleSettings": { + "maxWidth": "50%" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCUpdateAlert\r\n| where UpdateCategory == \"WindowsFeatureUpdate\"\r\n| summarize arg_max(TimeGenerated, *) by AzureADDeviceId, DeploymentId, AlertSubtype, ServiceSubstate, ClientSubstate\r\n| where AlertStatus == 'Active' and UpdateCategory contains \"Feature\"\r\n| where isnotempty(ErrorSymName)\r\n| summarize dcount(GlobalDeviceId,2) by ErrorSymName\r\n", + "size": 3, + "title": "Update Error Types", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "labelSettings": [ + { + "columnId": "dcount_GlobalDeviceId", + "label": "Device Count" + } + ] + } + }, + "conditionalVisibility": { + "parameterName": "FeatureUpdateIssues", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Graph - Feature Update Failures - Alerts", + "styleSettings": { + "maxWidth": "50%" + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCUpdateAlert\r\n| where UpdateCategory == \"WindowsFeatureUpdate\"\r\n| summarize arg_max(TimeGenerated, *) by AzureADDeviceId, DeploymentId, AlertSubtype, ServiceSubstate, ClientSubstate\r\n| where AlertStatus == 'Active' and UpdateCategory contains \"Feature\"\r\n| join kind=innerunique \r\n (IntuneDevices\r\n | summarize arg_max(TimeGenerated, *) by ReferenceId\r\n )\r\n on $left.AzureADDeviceId == $right.ReferenceId\r\n| join kind=innerunique\r\n (WaaSDeploymentStatus\r\n | summarize arg_max(TimeGenerated, *) by ComputerID\r\n )\r\n on $left.GlobalDeviceId == $right.ComputerID\r\n| extend DeviceUrl = strcat('https://endpoint.microsoft.com/#blade/Microsoft_Intune_Devices/DeviceSettingsBlade/overview/mdmDeviceId/', DeviceId) \r\n| extend DeviceName = DeviceName1\r\n| where DeploymentStatus != \"Update completed\"\r\n| project\r\n TimeGenerated,\r\n LastContact,\r\n DeviceName,\r\n CurrentOSVersion = OSVersion,\r\n TargetVersion,\r\n TargetBuild,\r\n Description,\r\n Recommendation,\r\n DeploymentError,\r\n AlertData,\r\n DeploymentStatus,\r\n UpdateCategory,\r\n UpdateClassification,\r\n UserName,\r\n UserEmail,\r\n JoinType,\r\n Manufacturer,\r\n Model,\r\n SerialNumber,\r\n DeviceUrl, \r\n AlertSubtype,\r\n ServiceSubstate,\r\n ClientSubstate", + "size": 0, + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "DeviceName", + "formatter": 1, + "formatOptions": { + "linkColumn": "DeviceUrl", + "linkTarget": "Url" + } + }, + { + "columnMatch": "DeploymentStatus", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "Unknown", + "representation": "2", + "text": "{0}{1}" + }, + { + "operator": "==", + "thresholdValue": "Failed", + "representation": "4", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "DeviceUrl", + "formatter": 5 + } + ], + "labelSettings": [ + { + "columnId": "DeploymentError", + "label": "Deployment Error" + }, + { + "columnId": "UpdateCategory", + "label": "Update Category" + }, + { + "columnId": "UpdateClassification", + "label": "Update Classification" + } + ] + } + }, + "conditionalVisibility": { + "parameterName": "FeatureUpdateIssues", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Update Issues - Feature Updates" + }, + { + "type": 1, + "content": { + "json": "## Feature Update Policy Issues\r\n\r\nDevices listed in the below grid currently have no feature update policy in effect. This could be due to issues with device registration with the Windows Update telemetry service.", + "style": "error" + }, + "conditionalVisibility": { + "parameterName": "FeaturePolicyIssues", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Feature Policy Issues" + }, + { + "type": 1, + "content": { + "json": "## Feature Update Policy Issues\r\n\r\nNo feature update policy assignemt issues at present.", + "style": "success" + }, + "conditionalVisibility": { + "parameterName": "FeaturePolicyIssues", + "comparison": "isNotEqualTo", + "value": "True" + }, + "name": "No Feature Policy Issues" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "IntuneDevices\r\n| where OS == \"Windows\"\r\n| where todatetime(LastContact) > ago (30d)\r\n| distinct ReferenceId\r\n| join kind=innerunique (UCUpdateAlert\r\n| where UpdateCategory == \"WindowsFeatureUpdate\"\r\n| extend TargetVersion = case (isempty(TargetVersion), \"Unknown TargetVersion\", TargetVersion startswith \"Win\", TargetVersion, strcat(\"Windows 10-\", TargetVersion))\r\n| extend DeploymentName = strcat(TargetVersion, \" (\", DeploymentId, \")\")\r\n| project TimeGenerated, DeploymentName, AzureADDeviceId, ServiceSubstate, ClientSubstate, StartTime, ResolvedTime, AlertStatus\r\n| where isnotempty(StartTime)\r\n)\r\non $left.ReferenceId == $right.AzureADDeviceId\r\n| where ServiceSubstate == \"RemovedFromDeployment\" or ClientSubstate == \"RemovedFromDeployment\"\r\n| project TimeGenerated, AzureADDeviceId, DeploymentName, ServiceSubstate, StartTime, ResolvedTime\r\n| summarize arg_min(TimeGenerated,*) by AzureADDeviceId, DeploymentName, ServiceSubstate, StartTime, ResolvedTime\r\n| mv-expand TimeRange = range(bin(StartTime, 1d), ResolvedTime , 1d)\r\n| summarize DeviceCount = count() by bin(todatetime(TimeRange),1d), DeploymentName\r\n| as Results\r\n| make-series SumCount = sum(DeviceCount) default=0 on TimeRange in range(toscalar(Results | summarize min(TimeRange)), now(), 1d) by DeploymentName\r\n| render timechart", + "size": 1, + "aggregation": 2, + "title": "Trending - Feature Update Policy Issues", + "color": "red", + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "timechart", + "gridSettings": { + "formatters": [ + { + "columnMatch": "Device Name", + "formatter": 1, + "formatOptions": { + "linkColumn": "DeviceUrl", + "linkTarget": "Url" + } + }, + { + "columnMatch": "DeviceUrl", + "formatter": 5 + }, + { + "columnMatch": "DeviceName1", + "formatter": 1, + "formatOptions": { + "linkColumn": "DeviceUrl", + "linkTarget": "Url", + "linkIsContextBlade": false + } + } + ] + }, + "sortBy": [], + "tileSettings": { + "showBorder": false + }, + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "", + "color": "red" + }, + { + "seriesName": "dcount_AzureADDeviceId", + "label": "Policy Issues" + } + ] + } + }, + "conditionalVisibility": { + "parameterName": "FeaturePolicyIssues", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Timeline - Feature Update Policy Issue " + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let onboardedclients = UCServiceUpdateStatus\r\n| summarize arg_max(TimeGenerated, *) by AzureADDeviceId, UpdateCategory, ServiceSubstate, DeploymentId\r\n| where UpdateCategory == \"WindowsFeatureUpdate\" and ServiceSubstate != \"RemovedFromDeployment\"\r\n| distinct AzureADDeviceId;\r\nUCClientUpdateStatus\r\n| summarize arg_max(TimeGenerated, *) by AzureADDeviceId, UpdateCategory\r\n| where UpdateCategory == \"WindowsFeatureUpdate\" and AzureADDeviceId !in~ (onboardedclients)\r\n| join kind=leftouter (IntuneDevices\r\n| summarize arg_max(TimeGenerated,*) by DeviceId)\r\non $left.AzureADDeviceId == $right.ReferenceId\r\n| extend DeviceUrl = strcat('https://endpoint.microsoft.com/#blade/Microsoft_Intune_Devices/DeviceSettingsBlade/overview/mdmDeviceId/', DeviceId)\r\n| extend DeploymentName = case(DeploymentId == \"de33ab73-0ba2-43dd-9ab9-50e294f6ae1a\", \"Northwest Bank - Pre-Clients Feature Update Ring\", DeploymentId == \"8cdd1da8-2e58-4d96-89c4-c27438d8a3cd\", \"Northwest Bank - Production Feature Update Ring\", DeploymentId == \"25eb1adb-570b-457d-805c-6250e57e1d97\", \"Northwest Bank - Pilot Demo\", DeploymentId == \"97a5354e-c3cb-4360-9856-1506c0863255\", \"Northwest Bank - Production Feature Update\", DeploymentId)\r\n| where isnotempty(DeviceName1)\r\n| project TimeGenerated, AzureADDeviceId, GlobalDeviceId, [\"Device Name\"] = DeviceName1, TargetVersion, ClientState, FurthestClientSubstate, UpdateSource, DeviceUrl, DeploymentId, DeploymentName\r\n| order by TimeGenerated desc", + "size": 3, + "title": "Feature Update Policy Issues Details", + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "AzureADDeviceId", + "formatter": 5 + }, + { + "columnMatch": "GlobalDeviceId", + "formatter": 5 + }, + { + "columnMatch": "Device Name", + "formatter": 1, + "formatOptions": { + "linkColumn": "DeviceUrl", + "linkTarget": "Url" + } + }, + { + "columnMatch": "DeviceUrl", + "formatter": 5 + }, + { + "columnMatch": "DeploymentId", + "formatter": 5 + }, + { + "columnMatch": "DeviceName1", + "formatter": 1, + "formatOptions": { + "linkColumn": "DeviceUrl", + "linkTarget": "Url", + "linkIsContextBlade": false + } + } + ], + "rowLimit": 50, + "hierarchySettings": { + "treeType": 1, + "groupBy": [ + "TimeGenerated" + ], + "expandTopLevel": true + }, + "sortBy": [ + { + "itemKey": "TimeGenerated", + "sortOrder": 2 + } + ], + "labelSettings": [ + { + "columnId": "TargetVersion", + "label": "Target Version" + }, + { + "columnId": "ClientState", + "label": "State" + }, + { + "columnId": "FurthestClientSubstate", + "label": "Detailed State" + }, + { + "columnId": "UpdateSource", + "label": "Update Source" + }, + { + "columnId": "DeploymentName", + "label": "Deployment Name" + } + ] + }, + "sortBy": [ + { + "itemKey": "TimeGenerated", + "sortOrder": 2 + } + ] + }, + "conditionalVisibility": { + "parameterName": "FeaturePolicyIssues", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Grid - Feature Update Policy Issue" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "UCServiceUpdateStatus\n| summarize arg_max(TimeGenerated, *) by AzureADDeviceId, DeploymentId, ServiceSubstate, TargetVersion\n| where UpdateCategory == 'WindowsFeatureUpdate'\n| extend State = case( ServiceSubstate != 'RemovedFromDeployment', 'Good', 'Bad')\n| as TotalResults\n| where State == 'Good'\n| distinct AzureADDeviceId\n| join kind=rightanti TotalResults on AzureADDeviceId\n| join kind=leftouter (IntuneDevices\n| summarize arg_max(TimeGenerated, *) by ReferenceId\n| project TimeGenerated, LastContact, ReferenceId, DeviceName, UPN, IntuneAccountId\n)\non $left.AzureADDeviceId == $right.ReferenceId\n| project TimeGenerated, State, DeploymentId, LastContact, AzureADDeviceId, DeviceName, UPN, TargetVersion, ServiceSubstate, IntuneAccountId\n| order by TimeGenerated desc", + "size": 3, + "title": "Feature Update Policy Removed & Unassigned", + "timeContext": { + "durationMs": 2592000000 + }, + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "conditionalVisibility": { + "parameterName": "FeaturePolicyIssues", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "Grid - Removed and Unassigned" + }, + { + "type": 1, + "content": { + "json": "\r\n## Safeguard Hold Detected\r\n\r\nSafeguard holds prevent a device with a known issue from being offered a new operating system version.\r\n\r\nMicrosoft uses quality and compatibility data to identify issues that might cause a Windows client feature update to fail or roll back. When we find such an issue, we might apply safeguard holds to the updating service to prevent affected devices from installing the update in order to safeguard them from these experiences. We also use safeguard holds when a customer, a partner, or Microsoft internal validation finds an issue that would cause severe impact (for example, rollback of the update, data loss, loss of connectivity, or loss of key functionality) and when a workaround is not immediately available.\r\n\r\nMore information can be found here - https://docs.microsoft.com/en-us/windows/deployment/update/safeguard-holds
\r\nThe Windows Health Dashboard could also contains information on Safeguard holds - https://docs.microsoft.com/en-us/windows/release-health/", + "style": "error" + }, + "conditionalVisibility": { + "parameterName": "SafeGuardIssues", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "SafeGuard Hold" + }, + { + "type": 1, + "content": { + "json": "\r\n## Safeguard Hold Issues\r\n\r\nNo safeguard holds have been detected.", + "style": "success" + }, + "conditionalVisibility": { + "parameterName": "SafeGuardIssues", + "comparison": "isNotEqualTo", + "value": "True" + }, + "name": "No SafeGuard Hold " + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WaaSDeploymentStatus\r\n | extend DetailedStatus = case(DetailedStatus == 'Update successful', 'UpdateSuccessful', DetailedStatus)\r\n | summarize arg_max(TimeGenerated, *) by ComputerID, ReleaseName\r\n | where UpdateCategory == \"Feature\"\r\n | where DetailedStatus == \"Safeguard Hold\"\r\n | summarize dcount (Computer) by DetailedStatus, TimeGenerated\r\n | project dcount_Computer, TimeGenerated", + "size": 1, + "timeContextFromParameter": "TimeRange", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "areachart", + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "dcount_Computer", + "label": "Safeguard Hold", + "color": "red" + } + ] + } + }, + "conditionalVisibility": { + "parameterName": "SafeGuardIssues", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "query - 21" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "WaaSDeploymentStatus\r\n | extend DetailedStatus = case(DetailedStatus == 'Update successful', 'UpdateSuccessful', DetailedStatus)\r\n | summarize arg_max(TimeGenerated, *) by ComputerID, ReleaseName\r\n | where UpdateCategory == \"Feature\"\r\n | where DetailedStatus == \"Safeguard Hold\"\r\n| project TimeGenerated, Computer, OSVersion, DetailedStatus, DeploymentStatus, DeploymentError, DeploymentErrorCode", + "size": 0, + "timeContextFromParameter": "TimeRange", + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "table", + "gridSettings": { + "formatters": [ + { + "columnMatch": "DetailedStatus", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "Safeguard Hold", + "representation": "2", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + } + }, + { + "columnMatch": "DeploymentStatus", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "Failed", + "representation": "4", + "text": "{0}{1}" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "success", + "text": "{0}{1}" + } + ] + } + } + ], + "filter": true, + "hierarchySettings": { + "treeType": 1, + "groupBy": [ + "OSVersion" + ], + "expandTopLevel": true + }, + "sortBy": [ + { + "itemKey": "OSVersion", + "sortOrder": 2 + } + ] + }, + "sortBy": [ + { + "itemKey": "OSVersion", + "sortOrder": 2 + } + ] + }, + "conditionalVisibility": { + "parameterName": "SafeGuardIssues", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "query - 10" + } + ] + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "ByComplianceIssue" + }, + "name": "ByComplianceIssue" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "--------\r\n\r\n## Quality Update History\r\n\r\nThis tab displays Windows client updates per build of Windows 10/11 within monthly deployment cycles, including the success and failure rates per KB.\r\n" + }, + "name": "text - 0" + }, + { + "type": 1, + "content": { + "json": "### Critial Security Updates - By Age\r\n-------\r\n" + }, + "name": "text - 10" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let UpdateData = WaaSDeploymentStatus\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\"\r\n| where isnotempty(UpdateReleasedDate)\r\n| where UpdateReleasedDate between (ago(30d) .. now() )\r\n| where isnotempty (Computer)\r\n| extend KBNumber = (split(ReleaseName,\" \")[0])\r\n| extend ReleaseName = strcat(OSVersion, ' - ', ReleaseName, ' - ', format_datetime(UpdateReleasedDate, 'yyyy/MM/dd'))\r\n| summarize arg_max(TimeGenerated, *) by Computer, ReleaseName\r\n| project ReleaseName, DeploymentStatus, KBNumber;\r\nUpdateData\r\n| summarize Total = count () by ReleaseName\r\n| join kind=fullouter UpdateData on ReleaseName\r\n| project ReleaseName, DeploymentStatus, KBNumber, Total\r\n| evaluate pivot(DeploymentStatus)\r\n| extend ['Update completed'] = column_ifexists('Update completed', 0 )\r\n| extend SuccessRate = (['Update completed'] * 100 / Total) // Calculate the percentage of succesful operations against the total\r\n| extend [\"Support URL\"] = strcat(\"https://support.microsoft.com/KB/\", KBNumber)\r\n| project-away KBNumber\r\n| project-reorder SuccessRate\r\n| order by ReleaseName", + "size": 3, + "title": "Updates 0-30 Days", + "showExportToExcel": true, + "exportToExcelOptions": "all", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "SuccessRate", + "formatter": 8, + "formatOptions": { + "palette": "redGreen" + }, + "numberFormat": { + "unit": 1, + "options": { + "style": "decimal", + "useGrouping": false + } + } + }, + { + "columnMatch": "Total", + "formatter": 4, + "formatOptions": { + "palette": "redGreen" + } + }, + { + "columnMatch": "TotalRuns", + "formatter": 4, + "formatOptions": { + "palette": "redGreen" + } + } + ], + "sortBy": [ + { + "itemKey": "ReleaseName", + "sortOrder": 2 + } + ] + }, + "sortBy": [ + { + "itemKey": "ReleaseName", + "sortOrder": 2 + } + ] + }, + "name": "query - 5" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let UpdateData = WaaSDeploymentStatus\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\"\r\n| where isnotempty(UpdateReleasedDate)\r\n| where UpdateReleasedDate between (ago(60d) .. ago(31d) )\r\n| where isnotempty (Computer)\r\n| extend KBNumber = (split(ReleaseName,\" \")[0])\r\n| extend ReleaseName = strcat(OSVersion, ' - ', ReleaseName, ' - ', format_datetime(UpdateReleasedDate, 'yyyy/MM/dd'))\r\n| summarize arg_max(TimeGenerated, *) by Computer, ReleaseName\r\n| project ReleaseName, DeploymentStatus, KBNumber;\r\nUpdateData\r\n| summarize Total = count () by ReleaseName\r\n| join kind=fullouter UpdateData on ReleaseName\r\n| project ReleaseName, DeploymentStatus, KBNumber, Total\r\n| evaluate pivot(DeploymentStatus)\r\n| extend ['Update completed'] = column_ifexists('Update completed', 0 )\r\n| extend SuccessRate = (['Update completed'] * 100 / Total) // Calculate the percentage of succesful operations against the total\r\n| extend [\"Support URL\"] = strcat(\"https://support.microsoft.com/KB/\", KBNumber)\r\n| project-away KBNumber\r\n| project-reorder SuccessRate\r\n| order by ReleaseName", + "size": 3, + "title": "Updates 31-60 Days", + "showExportToExcel": true, + "exportToExcelOptions": "all", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "SuccessRate", + "formatter": 8, + "formatOptions": { + "min": 0, + "max": 100, + "palette": "redGreen" + }, + "numberFormat": { + "unit": 1, + "options": { + "style": "decimal", + "useGrouping": false + } + } + }, + { + "columnMatch": "Total", + "formatter": 4, + "formatOptions": { + "palette": "redGreen" + } + }, + { + "columnMatch": "Support URL", + "formatter": 7, + "formatOptions": { + "linkTarget": "Url", + "linkIsContextBlade": false + } + }, + { + "columnMatch": "TotalRuns", + "formatter": 4, + "formatOptions": { + "palette": "redGreen" + } + } + ] + } + }, + "name": "query - 6" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let UpdateData = WaaSDeploymentStatus\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\"\r\n| where isnotempty(UpdateReleasedDate)\r\n| where UpdateReleasedDate between (ago(90d) .. ago(61d) )\r\n| where isnotempty (Computer)\r\n| extend KBNumber = (split(ReleaseName,\" \")[0])\r\n| extend ReleaseName = strcat(OSVersion, ' - ', ReleaseName, ' - ', format_datetime(UpdateReleasedDate, 'yyyy/MM/dd'))\r\n| summarize arg_max(TimeGenerated, *) by Computer, ReleaseName\r\n| project ReleaseName, DeploymentStatus, KBNumber;\r\nUpdateData\r\n| summarize Total = count () by ReleaseName\r\n| join kind=fullouter UpdateData on ReleaseName\r\n| project ReleaseName, DeploymentStatus, KBNumber, Total\r\n| evaluate pivot(DeploymentStatus)\r\n| extend ['Update completed'] = column_ifexists('Update completed', 0 )\r\n| extend SuccessRate = (['Update completed'] * 100 / Total) // Calculate the percentage of succesful operations against the total\r\n| extend [\"Support URL\"] = strcat(\"https://support.microsoft.com/KB/\", KBNumber)\r\n| project-away KBNumber\r\n| project-reorder SuccessRate\r\n| order by ReleaseName", + "size": 3, + "title": "Updates 61-90 Days", + "showExportToExcel": true, + "exportToExcelOptions": "all", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "SuccessRate", + "formatter": 8, + "formatOptions": { + "palette": "redGreen" + }, + "numberFormat": { + "unit": 1, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "Total", + "formatter": 4, + "formatOptions": { + "palette": "redGreen" + } + }, + { + "columnMatch": "Support URL", + "formatter": 7, + "formatOptions": { + "linkTarget": "Url" + } + }, + { + "columnMatch": "TotalRuns", + "formatter": 4, + "formatOptions": { + "palette": "redGreen" + } + } + ] + } + }, + "name": "query - 7" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let UpdateData = WaaSDeploymentStatus\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\"\r\n| where isnotempty(UpdateReleasedDate)\r\n| where UpdateReleasedDate between (ago(365d) .. ago(121d) )\r\n| where isnotempty (Computer)\r\n| extend KBNumber = (split(ReleaseName,\" \")[0])\r\n| extend ReleaseName = strcat(OSVersion, ' - ', ReleaseName, ' - ', format_datetime(UpdateReleasedDate, 'yyyy/MM/dd'))\r\n| summarize arg_max(TimeGenerated, *) by Computer, ReleaseName\r\n| project ReleaseName, DeploymentStatus, KBNumber;\r\nUpdateData\r\n| summarize Total = count () by ReleaseName\r\n| join kind=fullouter UpdateData on ReleaseName\r\n| project ReleaseName, DeploymentStatus, KBNumber, Total\r\n| evaluate pivot(DeploymentStatus)\r\n| extend ['Update completed'] = column_ifexists('Update completed', 0 )\r\n| extend SuccessRate = (['Update completed'] * 100 / Total) // Calculate the percentage of succesful operations against the total\r\n| extend [\"Support URL\"] = strcat(\"https://support.microsoft.com/KB/\", KBNumber)\r\n| project-away KBNumber\r\n| project-reorder SuccessRate\r\n| order by ReleaseName", + "size": 3, + "title": "Updates 120 Days +", + "showExportToExcel": true, + "exportToExcelOptions": "all", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "SuccessRate", + "formatter": 8, + "formatOptions": { + "min": 0, + "max": 100, + "palette": "redGreen" + }, + "numberFormat": { + "unit": 1, + "options": { + "style": "decimal", + "useGrouping": false + } + } + }, + { + "columnMatch": "Total", + "formatter": 4, + "formatOptions": { + "palette": "redGreen" + } + }, + { + "columnMatch": "Support URL", + "formatter": 7, + "formatOptions": { + "linkTarget": "Url" + } + }, + { + "columnMatch": "TotalRuns", + "formatter": 4, + "formatOptions": { + "palette": "redGreen" + } + } + ] + } + }, + "name": "query - 9" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "let UpdateData = WaaSDeploymentStatus\r\n| where UpdateCategory == \"Quality\" and UpdateClassification == \"Security\"\r\n| where isnotempty(UpdateReleasedDate)\r\n| where UpdateReleasedDate between (ago(120d) .. ago(91d) )\r\n| where isnotempty (Computer)\r\n| extend KBNumber = (split(ReleaseName,\" \")[0])\r\n| extend ReleaseName = strcat(OSVersion, ' - ', ReleaseName, ' - ', format_datetime(UpdateReleasedDate, 'yyyy/MM/dd'))\r\n| summarize arg_max(TimeGenerated, *) by Computer, ReleaseName\r\n| project ReleaseName, DeploymentStatus, KBNumber;\r\nUpdateData\r\n| summarize Total = count () by ReleaseName\r\n| join kind=fullouter UpdateData on ReleaseName\r\n| project ReleaseName, DeploymentStatus, KBNumber, Total\r\n| evaluate pivot(DeploymentStatus)\r\n| extend ['Update completed'] = column_ifexists('Update completed', 0 )\r\n| extend SuccessRate = (['Update completed'] * 100 / Total) // Calculate the percentage of succesful operations against the total\r\n| extend [\"Support URL\"] = strcat(\"https://support.microsoft.com/KB/\", KBNumber)\r\n| project-away KBNumber\r\n| project-reorder SuccessRate\r\n| order by ReleaseName", + "size": 3, + "title": "Updates 91 - 120 Days", + "showExportToExcel": true, + "exportToExcelOptions": "all", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "SuccessRate", + "formatter": 8, + "formatOptions": { + "palette": "redGreen" + } + }, + { + "columnMatch": "Total", + "formatter": 4, + "formatOptions": { + "palette": "redGreen" + } + }, + { + "columnMatch": "Support URL", + "formatter": 7, + "formatOptions": { + "linkTarget": "Url" + } + } + ] + } + }, + "name": "query - 8" + } + ] + }, + "name": "Quality Update Details" + } + ] + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "ByQualityUpdates" + }, + "name": "ByQualityUpdates" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "## Microsoft 365 Apps for Enterprise\r\n\r\nIn this tab you have a consolidated view of your Microsoft 365 Apps for Enterprise build numbers, across all of your Intune managed Windows 10/11 devices. Information on the current latest builds can be found in the Microsoft Docs - https://docs.microsoft.com/en-us/officeupdates/update-history-microsoft365-apps-by-date", + "style": "info" + }, + "customWidth": "50", + "name": "Office Header", + "styleSettings": { + "margin": "5", + "padding": "5", + "showBorder": true + } + }, + { + "type": 1, + "content": { + "json": "## Microsoft Edge Updates\r\n\r\nBelow is a full break down of the versions of Microsoft Edge and the device count against each version. Release notes and latest version information can be found here - https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel \r\n

", + "style": "info" + }, + "customWidth": "50", + "name": "Edge Header", + "styleSettings": { + "showBorder": true + } + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "AppInventory_CL \r\n| where AppName_s contains \"Microsoft 365\"\r\n| summarize arg_max(TimeGenerated, *) by ManagedDeviceID_g\r\n| join kind=innerunique \r\n (IntuneDevices\r\n | where todatetime(LastContact) > ago (30d)\r\n | summarize arg_max(TimeGenerated, *) by DeviceId\r\n ) on $left.ManagedDeviceID_g == $right.DeviceId \r\n| summarize dcount(ManagedDeviceID_g,2) by AppVersion_s\r\n| order by AppVersion_s desc", + "size": 3, + "title": "Microsoft 365 Apps for Enterprise - By Build", + "timeContext": { + "durationMs": 2592000000 + }, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart" + }, + "customWidth": "50", + "name": "Piechart - Office Builds" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "AppInventory_CL \r\n| where isnotempty(AppName_s)\r\n| where AppName_s == \"Microsoft Edge\"\r\n| summarize arg_max(TimeGenerated, *) by ManagedDeviceID_g\r\n| join kind=innerunique \r\n (IntuneDevices\r\n | where todatetime(LastContact) > ago (30d)\r\n | summarize arg_max(TimeGenerated, *) by DeviceId\r\n ) on $left.ManagedDeviceID_g == $right.DeviceId \r\n| summarize dcount(ManagedDeviceID_g,2) by AppVersion_s,AppName_s\r\n| order by AppVersion_s desc", + "size": 3, + "title": "Microsoft Edge - By Build", + "timeContext": { + "durationMs": 2592000000 + }, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart" + }, + "customWidth": "50", + "name": "Piechart - Edge Builds" + }, + { + "type": 1, + "content": { + "json": "## Third Party Applications\r\n\r\nIn this section details of all application information obtained through custom app inventory is displayed. Future updates of this section will include the latest version information where available from Patch My PC", + "style": "info" + }, + "name": "text - 1 - Copy" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "AppInventory_CL \r\n| where isnotempty(AppPublisher_s)\r\n| distinct AppPublisher_s\r\n| count\r\n| extend Title = \"Application Vendors\"", + "size": 3, + "title": "Application Vendor Count", + "color": "blue", + "timeContext": { + "durationMs": 2592000000 + }, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart", + "tileSettings": { + "titleContent": { + "columnMatch": "Title" + }, + "leftContent": { + "columnMatch": "Count" + }, + "showBorder": true + } + }, + "customWidth": "33", + "name": "PieChart - Application Vendor Count" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "AppInventory_CL \r\n| where isnotempty(AppName_s)\r\n| distinct AppName_s\r\n| count\r\n| extend Title = \"Applications\"", + "size": 3, + "title": "Application Count", + "color": "blue", + "timeContext": { + "durationMs": 2592000000 + }, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "piechart", + "tileSettings": { + "titleContent": { + "columnMatch": "Title" + }, + "leftContent": { + "columnMatch": "Count" + }, + "showBorder": true + }, + "chartSettings": { + "seriesLabelSettings": [ + { + "seriesName": "Applications", + "color": "green" + } + ] + } + }, + "customWidth": "33", + "name": "PieChart - Application Count" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "AppInventory_CL \r\n| where isnotempty(AppName_s)\r\n| summarize arg_max(TimeGenerated, *) by AppName_s, AppVersion_s, ManagedDeviceID_g\r\n| summarize dcount(ManagedDeviceID_g) by AppName_s, AppVersion_s\r\n| top 10 by dcount_ManagedDeviceID_g", + "size": 0, + "title": "Top 10 Common Applications", + "timeContext": { + "durationMs": 2592000000 + }, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "formatters": [ + { + "columnMatch": "AppVersion_s", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + }, + "emptyValCustomText": "Unavailable" + } + } + ], + "labelSettings": [ + { + "columnId": "AppName_s", + "label": "Application" + }, + { + "columnId": "AppVersion_s", + "label": "Version" + }, + { + "columnId": "dcount_ManagedDeviceID_g", + "label": "Device Count" + } + ] + } + }, + "customWidth": "33", + "name": "DataGrid - Top 10 Applications" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "AppInventory_CL \r\n| where isnotempty(AppName_s)\r\n| summarize arg_max(TimeGenerated, *) by AppPublisher_s, AppName_s, AppVersion_s, ManagedDeviceID_g\r\n| summarize dcount(ManagedDeviceID_g) by AppName_s, AppVersion_s, AppPublisher_s\r\n| order by dcount_ManagedDeviceID_g desc, AppName_s, AppVersion_s asc", + "size": 0, + "title": "Application Inventory", + "timeContext": { + "durationMs": 2592000000 + }, + "showExportToExcel": true, + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "labelSettings": [ + { + "columnId": "AppName_s", + "label": "Application" + }, + { + "columnId": "AppVersion_s", + "label": "Version" + }, + { + "columnId": "AppPublisher_s", + "label": "Publisher" + }, + { + "columnId": "dcount_ManagedDeviceID_g", + "label": "Device Count" + } + ] + } + }, + "name": "query - 17" + } + ] + }, + "conditionalVisibility": { + "parameterName": "ApplicationLogs", + "comparison": "isEqualTo", + "value": "True" + }, + "name": "App Patch Details" + }, + { + "type": 1, + "content": { + "json": "## Application Logs Unavailable\r\n\r\nApplication reports are only available where custom application logs are available.", + "style": "error" + }, + "conditionalVisibility": { + "parameterName": "ApplicationLogs", + "comparison": "isNotEqualTo", + "value": "True" + }, + "name": "Application Logs Unavailable" + } + ] + }, + "conditionalVisibility": { + "parameterName": "selectedTab", + "comparison": "isEqualTo", + "value": "ByOtherUpdates" + }, + "name": "ByOtherUpdates" + } + ], + "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json" +} \ No newline at end of file