Second that, Use SCCM for approval and then have the end-points pull the actual updates from MS.
Kind Regards, James Troy From: AusNOG <ausnog-boun...@lists.ausnog.net> On Behalf Of Bradley Amm Sent: Monday, 23 March 2020 11:59 PM To: Brad Peczka <b...@bradpeczka.com>; Ryan Fielding <ryan.field...@gmail.com>; Gr ccie <grc...@gmail.com> Cc: ausnog@lists.ausnog.net Subject: Re: [AusNOG] Windows machines patching over VPN Or Direct Access Another way is a Cloud Distribution Cloud and Gateway in SCCM ________________________________ From: AusNOG <ausnog-boun...@lists.ausnog.net<mailto:ausnog-boun...@lists.ausnog.net>> on behalf of Brad Peczka <b...@bradpeczka.com<mailto:b...@bradpeczka.com>> Sent: Monday, March 23, 2020 8:54 pm To: Ryan Fielding; Gr ccie Cc: ausnog@lists.ausnog.net<mailto:ausnog@lists.ausnog.net> Subject: Re: [AusNOG] Windows machines patching over VPN This is the right approach. Leverage Intune for off-net management and control, or an always-on VPN if you prefer, and you're golden. From: AusNOG <ausnog-boun...@lists.ausnog.net<mailto:ausnog-boun...@lists.ausnog.net>> On Behalf Of Ryan Fielding Sent: Monday, 23 March 2020 8:35 PM To: Gr ccie <grc...@gmail.com<mailto:grc...@gmail.com>> Cc: ausnog@lists.ausnog.net<mailto:ausnog@lists.ausnog.net> Subject: Re: [AusNOG] Windows machines patching over VPN Windows Update For Business - patching direct from MS over internet. https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wufb<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fdeployment%2Fupdate%2Fwaas-manage-updates-wufb&data=02%7C01%7Cjames.troy%40acu.edu.au%7C01d1d3ee10034c41376b08d7cf29f707%7C429af009f196448fae7958c212a0f2ce%7C0%7C0%7C637205651472267152&sdata=Avi1WkuWCqCLQGuw9aasbJFzQRBkkjg9ImoETC70rVk%3D&reserved=0> On Mon, Mar 23, 2020 at 1:15 PM Gr ccie <grc...@gmail.com<mailto:grc...@gmail.com>> wrote: Hi All, Now that we have most of people working remotely. Any patching the laptops has to be done over the VPNs. Apart from usual bottlenecks - internet, fw, vpn device - what approach should you take? Client based throttling appears quicker than implementing policies at network level? Anyone experience dealing with this willing to share the experience how they did it, throughputs, time taken, any gotchas? Thanks _______________________________________________ AusNOG mailing list AusNOG@lists.ausnog.net<mailto:AusNOG@lists.ausnog.net> http://lists.ausnog.net/mailman/listinfo/ausnog<https://aus01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.ausnog.net%2Fmailman%2Flistinfo%2Fausnog&data=02%7C01%7Cjames.troy%40acu.edu.au%7C01d1d3ee10034c41376b08d7cf29f707%7C429af009f196448fae7958c212a0f2ce%7C0%7C0%7C637205651472277144&sdata=lStHFu9xlD0mn4mvzVY%2FOFodekr9aa4%2BUp5MCVvMOe4%3D&reserved=0>
_______________________________________________ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog