question

DavidMoon-1992 avatar image
0 Votes"
DavidMoon-1992 asked Amandayou-MSFT commented

SCCM - Software Update deployment, download from Microsoft instead of DP

Hello

OK, here is the scenario.

I have a Software Update Group setup in SCCM. All the patches are downloaded and deployed. The Update package is distributed to all the DP's.

Now i have a user at home on VPN connection, which has split tunnelling.

The updates are all huge.... like Win10 CU updates and O365 Updates. Runs in Gig's in size.
To prevent the user from fetching the updates through the VPN pipe, i would like the user to fetch the updates from Microsoft using their own internet connection through split tunnel.

So to achieve this, setting the download options like this from the deployment, is this the way to go?
Or simply deploy the update without downloading from SCCM?

140700-sccm-download.png

The other thing also is, if the pc does go to Microsoft to get the updates, how to ensure that it does this using the home internet connection, rather than coming back through the VPN pipe to use the companies internet connection.

Thanks
DM


mem-cm-general
sccm-download.png (97.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PhilipWebb-9763 avatar image
0 Votes"
PhilipWebb-9763 answered

My approach to this was to switch ALL clients to get the get the content directly from Microsoft rather than the DP, but whether this is suitable for you will depend on what your Internet connection bandwidth for your on-prem clients is like and how many of them are still working on-prem.

140848-image.png



In answer to this "if the pc does go to Microsoft to get the updates, how to ensure that it does this using the home internet connection, rather than coming back through the VPN pipe to use the companies internet connection." that's down to how your VPN is configured. You already described it has being split tunnel, so presumably by that you mean it only routes traffic for your internal IP ranges and the internet traffic for VPN client machines goes via their local connection. In which case you don't need to do anything different. Downloading update content from Microsoft is an Internet traffic thing, so will come via whatever route that machines Internet traffic comes.


image.png (55.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Amandayou-MSFT avatar image
0 Votes"
Amandayou-MSFT answered Amandayou-MSFT commented

Hi @DavidMoon-1992,

Agree with PhilipWebb, we could set the option of No deployment package.

If we set as our picture provided, the content could not be downloaded from DP, the client could not download and install any update.



If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Haven't heard from you for some time, is PhilipWebb's answer helpful to you? If it is helpful, please accept answer. It will make someone who has the similar issue easily find the answer.

If you have any other issues, please don't hesitate to let us know.

Thanks and have a nice day.

0 Votes 0 ·