Jump to content


nhottinger

How to set SCCM 2211 so VPN users get updates through Microsoft?

Recommended Posts

Currently running SCCM 2111 on prem.  No cloud presence, no CMG, not using Intune.  Management wants to make sure our remote users are getting windows updates through Microsoft and not coming back through the VPN for updates from SCCM.  What are my options and any documentation on how to set it up would be helpful.

Share this post


Link to post
Share on other sites

Thanks for the response.  I see that settings "if software updates are not available...download content from Microsoft Updates" however, the way I read that is if the dist point is not available go to MS, but if it is available to go SCCM.  We want all remote devices to go to MS instead of SCCM to reduce traffic over the VPN.  

Share this post


Link to post
Share on other sites

Then just tell the clients not to download from any of the DP's.  Leave the box checked to go to MS.  Im assuming then you have M/S split tunneled in your VPN environment, otherwise they will go through your concentrators to get the updates "directly from MS.  Which will be twice the load on your network.  Remember, unlike apps and packages, updates will immediately start downloading and wait to deploy.  (apps & packages wont download until the deadline or user starts it).  At least that is the way it was.  Even if you didnt make the update available right away)

 

Share this post


Link to post
Share on other sites

You can either create two different deployments for the same update groups.

* One deployment as described above for your identified machines that leverage VPN

* One deployment for internal machines (of which you would have to download the software updates to the DP and deploy as you would normally).

OR

* You could do "deploy directly from Microsoft" for all machines but then all your machines will go out to MS for the patch - so if your concern is network bandwidth utilization on your WAN that will also see an uptick

DO (Delivery Optimization) and Branche Cache will also help if you use it.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.