![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 55.00000000000001%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDD%3C/text%3E%3C/svg%3E)
Hello,
We have production servers which have no internet access and would want to update SCEP definition updates from WSUS.
As we have configured GPO to the Manual installation workgroup in WSUS, to not install the updates automatically on these servers and this WSUS option will be enabled only once a month which is not viable for the Definition Updates, we would like to have them daily..
By design you could have only one GPO applied and would have to enable Configure Automatic updates in the GPO if you would like to update SCEP from WSUS.
The other option is to allow internet access on these servers so after the server scans from their WSUS, the SCEP definition updates will download from Internet (MMPC or Microsoft update)
Need to change the source download priority and enable " Allow Security intelligence updates from Microsoft Update" inside Windows Defender container in the existing GPO setting.
The last option is to download the SCEP definition updates from internet where there is an internet access, place it on a share\network drive and enable GPO setting to download the source from the UNC path.
What is (are) the options used in your environments?
Thanks,
Dom