VPN Split Tunnel - Possibility to use only a limited number static/fixed IPs
Many companies are very restrictive from a security point of view. They only allow VPN split tunnel if the direct download from the Internet can be restricted to a limited number of well known and trusted static/fixed IPs.
This is already requested for the Cloud Distribution Point: "Option to change SCCM client communication with cloud distribution point to use only one fixed IP" (https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/13636533-option-to-change-sccm-client-communication-with-cl)
But this requirement can also be applied to OS patches or OS feature packs and Office patches that are directly downloaded from Microsoft (https://technet.microsoft.com/en-us/library/bb693717.aspx) and cannot be provided from Cloud Distribution Point as of today.
In an ideal world the Cloud Distribution Point would use one static/fixed IP and could be configured to provide all updates (incl. MS updates/feature packs) and Software packages in a secure manner. It could act as a (caching) proxy to different MS download sides or provide the same functionality as a internal Distribution Point.