Force clients to download updates from Microsoft update site.
With more and more people working from home these days, having the ability to specify in a Software Update Group deployment to force download from MS update site would be terrific. I'd still like those clients to download content for applications from the internal DP over VPN, but downloading monthly updates would be much quicker if you could force them to use internet instead of VPN.
This functionality just shipped in #configmgr 2010.
Could you provide a link to this feature's documentation in configmgr 2010? I've been looking everywhere for it.
Joshua Binney commented
Doesn't this still require splitting the VPN Tunnel?
Bryan Dam commented
ConfigMgr 1902 introduced/revised a setting called 'Prefer cloud based sources over on-premise sources'*. Set this on your VPN boundary groups and those clients should download updates from Microsoft instead of your on-prem DPs.
If you want all your clients to always download from Microsoft then use the "No Deployment Package" ADR deployment option introduced in 1806.
In both cases make sure that all your deployments have the 'If software updates are not available on distribution point in current, neighbor or site boundary groups, download content from Microsoft Updates' option enabled too.
Between these three things this UserVoice item should be considered complete.
Pablo Badilla M. commented
I've never gotten this to work in years. What about creating ADRs with "No deployment Package"? Is that broken as well?
Is this case solved???
Any updates on this? We have clients on prem. Not everyone is on the cloud so we can setup CMG or co-management.
We really need this to work.
Matias Hohl commented
A must for us to... Please Microsoft tell us about the roadmap of this feature.
Matt MN commented
With the current COVID situation and 99% of our staff working remotely this is a must.
Cherif BENAMMAR commented
I would suggest the following, since the creation of the deployment, set the option to download one or multiple updates directly from MS sites instead of downloading them first to a package and distribute it. I don' need to download less required updates like SQL ones but it is critical to install them.
Current option in 1806 "download content from Microsoft Updates" Works only, if there is a DP linked to that Group which does not have the content. See a long discussion here:
Chris Roberts commented
I feel that a boundary group configuration of "Use MS Updates" would be really nice. Arrange our DA boundary so they only use MS for downloads.
Artyom Mossitchev commented
We are looking for a similar functionality as an option in Boundary group configuration that would force all clients in the boundary group to switch to Internet mode, i.e. be managed by cloud gateway and cloud DP. This will also force clients to download Microsoft updates from Microsoft CDN.
Jan Petersen commented
We need the same. This could also be managed by Boundary groups ?
Nick R. commented
This is exactly what my current client has need for as well:
- The company’s geographical structure is very spread-out, with small offices (1 to 5 people per office) in many different countries all over the globe. Seeing the low occupancy and the spread-out nature of these foreign offices, together with the fact that these offices rarely have IT infrastructure of their own, a private CDN for update distribution would not really be a viable option. Also, deploying a CDN in the cloud without the need for physical infrastructure is not considered an option, seeing the assumed cost factor for downloads.
- There is 1 central SCCM server, which houses both the management point role and the distribution point role (as well as all other CM roles).
- All clients are fitted with Direct-Access technology and will therefor in normal working conditions always have a connection to the office network and thus the SCCM server.
==> Remote sites with low internet connection speeds are having many difficulties with downloading the updates over the Direct-Access VPN connection. Seeing the connection is always on, the clients will never fall back to use the Microsoft update servers as download source. Having the option in the deployment to force the client to download from internet would in our eyes be a solution for the issue.