MicrosoftEsteban Patrigeon This is incorrect. O365 Updates are not supported over CMG\Cloud Distribution points as per the limitations listed here and from our own internal testing as well:
https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/use-a-cloud-based-distribution-point#limitations
DaveGuenthner Thank you! We are planning to setup some On Prem DPs which we will add to our boundary group for our VPN clients. These new DPs will have no other content except the O365 updates on them. We will ensure the CMG is not targeted for the O365 update content. The BG would be setup to prefer cloud distribution points. When the clients do not find the content on the CMG they will move on looking for the content on the next set of DPs as per the content lookup request based on the boundary group. This is the only way we found we would be able to continue to support our clients without significant VPN tunnel re-design.
