windows update for remote computers

matteu31 467 Reputation points


I have several customer with the need to update remote computers.
Remote computers can be :

1)Computer never connected to office but only with they internet service provider and WITHOUT the VPN.

2)Computer never connected to office but only with they internet service provider and WITH the VPN.

I would like to know what are the solution to manage these computer without intune but only with SCCM.

I think :
for 1) it's only IBCM or CMG
for 2) it's IBCM or CMG or VPN limit ?
I don't understand really why there is a VPN limit type. It's not working if I just add IP range of my VPN network to manage these client ?

Thanks for your help

Microsoft Configuration Manager Updates
Microsoft Configuration Manager Updates
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
960 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Nick Hogarth 3,436 Reputation points
    0 comments No comments

  2. matteu31 467 Reputation points

    Thanks for your answer.

    I saw this link yep.

    It explains how vpn boudary work with CMG.

    It's not possible to download update from microsoft update without the need for IBCM or CMG ?
    I saw in reddit a tip : Install DP and don't distribute updates content on it. Add it to boundary group where all VPN limit are member of and on the update deployment check the box : "download update from microsoft update is content is not present on boundary group, neighboor,..." . It should work no ?

    Last solution is maybe windows update for business ?

    I would like to know what are my options without the need of cloud (CMG / cloud dp) and IBCM.

    Thanks :)

    0 comments No comments

  3. Nick Hogarth 3,436 Reputation points

    For clients that are not on the VPN, they will need the CMG to get the update policies. Internet clients by default will download from Microsoft updater rather than a DP. VPN clients act like they are on the local intranet.

    0 comments No comments

  4. matteu31 467 Reputation points

    If I understand correctly :

    If computer can't connect to local network : IBCM or CMG

    If computer can connect to local network : integrate vpn network on SCCM boundary and manage it. I can distribute content on the DP if I want my VPN computer download source from this DP through the VPN connection or I can not distribute update content on it and check the option for the computer to go on microsoft update if DP doesn't have the update source right ?

    0 comments No comments