Allow WSUS servers to download updates only on HTTPS
Currently, the WSUS servers connect to the URLs (both HTTP and HTTPS) to download the updates, as mentioned in this link: https://docs.microsoft.com/en-us/sccm/sum/plan-design/plan-for-software-updates#BKMK_ConfigureFirewalls
This means allowing HTTP traffic to come down to internal servers (by creating exceptions in the proxy settings), causing serious audit failures and security concerns.
Also, a lot of proxy solutions also have a capability to block the content from whitelisted HTTP URLs if the file size is too large, thinking that it might be malicious content. This again causes problems when Windows 10 Feature and Express Updates are downloaded!
Hence, it would be great to publish all the updates on both HTTP and HTTPS URLs and in ConfigMgr, have a feature to allow SUP and WSUS external connections and content download over HTTPS only, improving security and audit compliance.