SCCM SUP "prefere cloud based sources over on-premises sources"

Patrick Mor 51 Reputation points
2022-05-01T10:23:19.15+00:00

I have a question about SUP and "prefere cloud based sources over on-premises sources" setting.

Scenario 1

Configuration: I have CMG configured and working fine, SUP enable for CMG traffic.

If I enable "prefere cloud based sources over on-premises sources" on a Boundary Group that have all IP Address range for my VPN clients, my clients will get Update from my local SUP, CMG or form Microsoft Updates via Internet?

Scenario 2

Configuration: I have CMG configured but it is falling, not working well, SUP enable for CMG traffic.

If I enable "prefere cloud based sources over on-premises sources" on a Boundary Group that have all IP Address range for my VPN clients, my clients will get Update from my local SUP, CMG or form Microsoft Updates via Internet?

Microsoft Configuration Manager
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Anoop C Nair MVP Enterprise Mobility 21 Reputation points MVP
    2022-05-04T03:31:27.237+00:00

    Additional comment on this topic is that:-

    To reduce the performance effect of this change, existing SCCM clients don’t automatically switch to a cloud-based software update point.

    Also, you need to make sure that SCCM clients are also in the 2203 version 5.00.9078.1006 or later.

    1 person found this answer helpful.
    0 comments No comments

  2. Simon Ren-MSFT 36,706 Reputation points Microsoft Vendor
    2022-05-02T07:06:00.117+00:00

    Hi,

    Thanks for posting in Microsoft MECM Q&A forum.

    ==>Scenario 1
    The VPN clients will prefer a cloud management gateway (CMG) for both update policy and content. Starting in MECM version 2203, this setting also applies for software update scanning.

    ==>Scenario 2
    If the VPN clients can retrive a fallback SUP to get update policy, they will get update from Microsoft Updates via Internet. If there is no fallback SUP, the VPN clients won't install update.

    We can also monitor the CAS.log and ContentTransferManger.log to trace the download process. For more information about CMG and update, please refer to:
    Prefer cloud based sources over on-premises sources
    Managing remote machines with cloud management gateway in Microsoft Endpoint Configuration Manager
    Managing Patch Tuesday with Configuration Manager in a remote work world

    198127-cmg.png

    Hope it helps. Thanks for your time.

    Best regards,
    Simon


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.