Force clients to download updates from Microsoft update site.
With more and more people working from home these days, having the ability to specify in a Software Update Group deployment to force download from MS update site would be terrific. I'd still like those clients to download content for applications from the internal DP over VPN, but downloading monthly updates would be much quicker if you could force them to use internet instead of VPN.

5 comments
-
yannara commented
Current option in 1806 "download content from Microsoft Updates" Works only, if there is a DP linked to that Group which does not have the content. See a long discussion here:
https://social.microsoft.com/Forums/en-US/1ab01073-b7d1-4cb3-8c12-86afdd062f75/downloading-directly-from-microsoft?forum=ConfigMgrCompliance -
Chris Roberts commented
I feel that a boundary group configuration of "Use MS Updates" would be really nice. Arrange our DA boundary so they only use MS for downloads.
-
Artyom Mossitchev commented
We are looking for a similar functionality as an option in Boundary group configuration that would force all clients in the boundary group to switch to Internet mode, i.e. be managed by cloud gateway and cloud DP. This will also force clients to download Microsoft updates from Microsoft CDN.
-
Jan Petersen commented
We need the same. This could also be managed by Boundary groups ?
-
Nick R. commented
This is exactly what my current client has need for as well:
- The company’s geographical structure is very spread-out, with small offices (1 to 5 people per office) in many different countries all over the globe. Seeing the low occupancy and the spread-out nature of these foreign offices, together with the fact that these offices rarely have IT infrastructure of their own, a private CDN for update distribution would not really be a viable option. Also, deploying a CDN in the cloud without the need for physical infrastructure is not considered an option, seeing the assumed cost factor for downloads.
- There is 1 central SCCM server, which houses both the management point role and the distribution point role (as well as all other CM roles).
- All clients are fitted with Direct-Access technology and will therefor in normal working conditions always have a connection to the office network and thus the SCCM server.==> Remote sites with low internet connection speeds are having many difficulties with downloading the updates over the Direct-Access VPN connection. Seeing the connection is always on, the clients will never fall back to use the Microsoft update servers as download source. Having the option in the deployment to force the client to download from internet would in our eyes be a solution for the issue.