![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 39%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM0%3C/text%3E%3C/svg%3E)
4,608 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 92%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXM%3C/text%3E%3C/svg%3E)
Hi,
Yes, it is possible to manage systems, including Windows updates and software updates, using SCCM for clients that are not part of an Active Directory domain. This setup is often referred to as managing workgroup clients.
Here are some key points on how this works:
Client Installation: You cannot use the client push installation method for workgroup computers. Instead, you need to manually install the SCCM client on these devices
Communication: Workgroup clients cannot locate management points from Active Directory Domain Services. Instead, they use DNS, WINS, or another management point
Internet-Based Management: SCCM provides options to manage clients over the internet without requiring a VPN connection. This can be done using a Cloud Management Gateway or Internet-based client management
For more detailed information, you can refer to the following resources:
Managing Workgroup (Non-Domain) Clients With Configuration Manager