Any way to handle windows patching on devices on another domain?

Eccup Reservoir 26 Reputation points

Dear Microsoft Q&A Community,

I'm currently facing a challenge in managing Windows updates for end-user devices running Windows 10/11. These devices are part of a different domain, which we don't have direct connectivity with. Our preference is to utilize native Microsoft solutions rather than third-party tools for this task.

From my initial research, it seems like Azure Arc could be a potential solution. It allows devices to be onboarded irrespective of their domain status. However, I'm concerned about its suitability, given that these end-user devices aren't always online.

Could anyone share insights or recommendations on how best to approach this scenario using Microsoft tools? Any advice or alternative solutions would be greatly appreciated.

Thank you in advance for your help!

Azure Arc
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
237 questions
Windows Autopilot
Windows Autopilot
A collection of Microsoft technologies used to set up and pre-configure new devices and to reset, repurpose, and recover devices.
360 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
3,706 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Crystal-MSFT 36,756 Reputation points Microsoft Vendor

    @Eccup Reservoir, Thanks for posting in Q&A. From Intune side, we can manage windows update via Update rings for Windows 10 and later, Feature updates policy, Quality updates policy and Driver updates policy. Here are a link with more details:

    For windows update ring policy, Intune only define an update strategy. You still need to use your existing update solution such as Windows Update or WSUS to obtain the actual updates. I Noice the devices not always online. If the device is accessible in their domain, you can consider using WSUS as windows solution I think,getting%20applied%20on%20the%20client%3F%20...%20See%20More.

    Tio understand more about WSUS, you can contact WSUS support to get more help.

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Eccup Reservoir 26 Reputation points

    This doesn't address my scenario I'm afraid - I don't think a device on a different domain and different network can connect with our WSUS server?

    Also - doesn't help with 3rd party software patching (which can be done with InTune)