Hi,
If you haven't seen it already, I recommend reading this post in the Microsoft Tech Community: Endpoint Protection Updates for Configuration Manager. It gives a good explanation of what the update source options actually do.
It is recommended to use ADR for that, so I wonder - Does ADR if set to check per 4h, forces MECM to connect to Microsoft to check for these updates (if priority is set to: MECM>WSUS>WU>MMPC) and approve>download them?
Yes, you can. However, remember that while frequent ADRs can help with timeliness, you should also consider the impact on network bandwidth and MECM server resources when configuring update schedules in a large-scale environment.
Can we force all MDE updates to check via MECM to verify if new updates are available, and then download them from MMPC/WU? or can we actually redirect this to use MMPC/WU if we unmark the priority of sources to not use MECM/WSUS?
No, there is no such method.
here is your source in MS, not from some local DP.
We can check "prefer cloud based source over on-promises source" option in the boundary group property to set the clients use the update source in MS, not from some local DP.