This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 32%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hello,
I have several customer with the need to update remote computers.
Remote computers can be :
1)Computer never connected to office but only with they internet service provider and WITHOUT the VPN.
2)Computer never connected to office but only with they internet service provider and WITH the VPN.
I would like to know what are the solution to manage these computer without intune but only with SCCM.
I think :
for 1) it's only IBCM or CMG
for 2) it's IBCM or CMG or VPN limit ?
I don't understand really why there is a VPN limit type. It's not working if I just add IP range of my VPN network to manage these client ?
Thanks for your help
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 66%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENH%3C/text%3E%3C/svg%3E)
Yes, you should check out this blog post which explains it in detail https://techcommunity.microsoft.com/t5/configuration-manager-blog/managing-remote-machines-with-cloud-management-gateway-in/ba-p/1233895
Thanks for your answer.
I saw this link yep.
It explains how vpn boudary work with CMG.
It's not possible to download update from microsoft update without the need for IBCM or CMG ?
I saw in reddit a tip : Install DP and don't distribute updates content on it. Add it to boundary group where all VPN limit are member of and on the update deployment check the box : "download update from microsoft update is content is not present on boundary group, neighboor,..." . It should work no ?
Last solution is maybe windows update for business ?
I would like to know what are my options without the need of cloud (CMG / cloud dp) and IBCM.
Thanks :)
For clients that are not on the VPN, they will need the CMG to get the update policies. Internet clients by default will download from Microsoft updater rather than a DP. VPN clients act like they are on the local intranet.
If I understand correctly :
If computer can't connect to local network : IBCM or CMG
If computer can connect to local network : integrate vpn network on SCCM boundary and manage it. I can distribute content on the DP if I want my VPN computer download source from this DP through the VPN connection or I can not distribute update content on it and check the option for the computer to go on microsoft update if DP doesn't have the update source right ?