Close Menu
    Facebook X (Twitter) Instagram
    Sunday, May 18
    X (Twitter) LinkedIn
    All about Endpoint Management
    • Home
    All about Endpoint Management
    Home»CMG»How to find software update deployments enabled with download content from Microsoft update for clients from VPN CMG internet connected

    How to find software update deployments enabled with download content from Microsoft update for clients from VPN CMG internet connected

    Eswar KonetiBy Eswar KonetiMarch 20, 7:53 pm3 Mins Read CMG 6,764 Views
    Share
    Facebook Twitter LinkedIn Reddit

     

    Due to the COVID-19 outbreak and the situation is constantly changing around the world, the organization's started moving the workforce either from remote or work from home.

    Considering the number of users working remotely, it is very important to make sure that the devices are protected in all possible ways starting from windows security patching, antivirus, and other security tools available on the device.

    For windows security patching (manage the devices remotely) using SCCM/configuration manager, you have different options in configuration manager such as cloud management gateway, co-management. If your organization has installed a VPN on the endpoint, you can use split tunneling.

    Please read more information about managing the remote devices using configuration manager https://techcommunity.microsoft.com/t5/configuration-manager-blog/managing-remote-machines-with-cloud-management-gateway-in/ba-p/1233895 and https://miketerrill.net/2020/03/18/forcing-configuration-manager-vpn-clients-to-get-patches-from-microsoft-update/

    Both the above posts cover almost everything that you need to patch the remote devices including VPN connected devices.

    Like other organizations, we have also enabled the split-tunneling and using CMG to download the Microsoft updates from internet and not from corporate/on-premise network.

    For the remote devices to get the windows updates from Microsoft using configuration manager, it is important to set the correct options in the software update deployment group.

    Following are the settings to enable for the VPN or internet based clients to download the updates directly from Microsoft updates.

    image

    If you don't configure the above setting in the software deployment deployment group, your VPN/CMG connected clients will fail to download the patches from windows update and always look for DP.

    For the newly created software update deployment group, you can enable the checkbox since you go through the process of deployment but if you want to monitor OR enable the checkbox for existing/already created software update group deployment, you need report and Powershell script to enable the checkbox .

    If you have fewer SUG deployments (10 or so), you can right-click the deployment and change the properties but this is not going to be an easy task if you have hundreds of SUG deployments and make sure they are enabled.

    The following SCCM report would help to identify the list of all software update deployments that are enabled and not enabled with above option for your reference and also the Powershell script will enable the checkbox for all software update deployments.

    I have also provided the powershell cmdlet to enable or disable the checkbox for the software update deployments you wish to.

    Preview of the SSRS report:

    This report comes with prompt to select option 'Download content from Microsoft updates'.

    In my research , If the DP Locality falls in the range of 262144, 262208,393280,393216 then it is considered as download from MSFT.

    If you  notice anything wrong with column 'download from MSFT',  please report in the comments section.

    image

    Following are the settings available in the SSRS report.

    Deployment settings with type of deployment and Wake-on-LAN.

    image

    User experience with user notifications, deadline behavior, device restart behavior, and software updates deployment re-evaluation behavior upon restart

    image

    Download settings with download content from Microsoft updates.

    image

    If you want other fields that are not listed in the report, you can get it from SQL View v_CIAssignment.

    To enable the check box to download the content from Microsoft updates, use the following the powershell cmdlet.

    Set-CMSoftwareUpdateDeployment

    Download the SSRS report and upload to your reporting services, change the datasource.

    Download Now!
     
    953 Downloads

    Happy managing the VPN/internet connected devices.

    configmgr corona impact find deployments enabled with download content from microsoft manage VPN clients for patching Powershell Reporting SCCM software update deployment properties Software updates SSRS
    Share. Twitter LinkedIn Email Facebook Reddit

    Related Posts

    Optimize Your Intune Workflow with a Powerful Browser Extension

    March 22, 10:39 am

    Troubleshooting Windows Hello for Business PIN Reset Issues – Something went wrong

    March 06, 9:48 pm

    Migrate Microsoft 365 Updates from SCCM/MECM to Intune for Co-Managed Devices

    February 11, 9:50 pm

    3 Comments

    1. Scott Fairchild on March 26, 2021 11:30 AM

      Check your Reddit post related to this report.

      Reply
      • Eswar Koneti on March 27, 2021 2:51 AM

        Hi Scott,
        Is there something i can assist you with on this?
        I could not find any request in reddit.

        Thanks,
        Eswar

        Reply
        • Scott Fairchild on March 28, 2021 12:05 PM

          Your SQL query has a bug in it. I provided a fix in the comment section where you posted this on Reddit in r/SCCM.

          I can't post the fix here because your site flags the comment as spam. It also flags the link to Reddit as spam.

          Reply

    Leave a ReplyCancel reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Sign Up

    Get email notifications for new posts.

    Author

    I’m Eswar Koneti ,a tech enthusiast, security advocate, and your guide to Microsoft Intune and Modern Device Management. My goal? To turn complex tech into actionable insights for a streamlined management experience. Let’s navigate this journey together!

    Support

    Awards

    Archives

    © Copyright 2009-2024 Eswar Koneti, All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.