Hi,
I would like to know or at least get some confirmation. We are setting up a Cloud Management Gateway so that we can deploy software updates as well as manage the devices if needed that are internet-based. Now my question is this, do clients have to always be connected to VPN to receive policy or the monthly updates or once they receive policy the first time initially making them aware of the CMG then they will just be able to install the deployed updates from SCCM because they will receive policy from the CMG MP/SUP and they will just download from the internet?
Would we still also need to set following below option in the update deployment for them as well?

Appreciate any info
Thanks
Leon