Windows Update in CO-Management

Peter Haslow 0 Reputation points
2023-03-20T11:08:10.81+00:00

I have SCCM CB 2203, working together Intune using CO-Management for some workloads, including Windows Update.

So, I have two questions on this setting:

1 - SCCM and Intune can delivery updates to same machine ate same time using this scenario? I mean, my computers as receiving the updates from Intune Update Rings, it is working very fine. But If I create a Update packages in SCCM and delivery to a Collection the same machine that receive the ring will receive the update from SCCM too?

2 - My machines in co-management still need VPN connection to receive Updates and Packages from SCCM? Or this will receive packages/updates from Intune and SCCM via Internet connection directly without VPN?

Thank you

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,996 questions
Microsoft Configuration Manager
{count} votes

1 answer

Sort by: Most helpful
  1. Crystal-MSFT 48,156 Reputation points Microsoft Vendor
    2023-03-21T01:23:03.5933333+00:00

    @Peter Haslow, Thanks for posting in Q&A.

    Agree with Rahul, when the Windows Updates Workload is moved to Intune, then device will receive the windows update for business policy which configured in Intune, not Configuration manager. So for your first question, I would say no, the windows update policy can't deliver to the same machine at the same time via both Configuration Manager and Intune . Here is a link with more details:

    https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/co-management-of-windows-updates-workloads/ba-p/922378

    In fact, Intune only define an update strategy (e.g. block driver installation, set deferral period, set maintenance time, etc.), they don’t actually provide the update infrastructure itself. you still need to use your existing update solution such as Windows Update or WSUS to obtain the actual updates. Here is a link with more details:

    https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-troubleshooting-windows-10-update-ring-policies/ba-p/714046

    For the device on the Internet, to make the package download successfully, I think you can configure the update source as Microsoft Update instead of WSUS.

    Hope it can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.