Blog Post

Microsoft 365 Blog
12 MIN READ

Understanding Office 365 ProPlus Updates for IT Pros (CDN vs SCCM)

DaveGuenthner's avatar
DaveGuenthner
Icon for Microsoft rankMicrosoft
Aug 08, 2019
In supporting customers in the field, we receive many questions about Microsoft 365 Apps for enterprise (formerly known as Office 365 ProPlus) update process. The objective of this blog is to provide...
Updated Feb 10, 2023
Version 75.0
Deployment
Microsoft 365 Apps
office 365
Olaf_Thyssen's avatar
Olaf_Thyssen
Brass Contributor
May 12, 2020

KanakarisA , we're totally using CDN and DO for Office 365 management and have taken away the burden from SCCM.

The "solution" consists of three elements in our environment: 

 

1) GPO for Office Updates
The SCCM client used Local Group Policy for its client settings so I'm using old fashioned GPOs to make sure that my settings are the boss.
Of course disabling the COM and clearing the Update Path which could point to internal URL or UNC is the main purpose.
Even that COM is disabled you still get the figures in \Software Library\Overview\Office 365 Client Management through hardware inventory.


Below are my settings

 

 

2) GPO for Delivery Optimization

I like the GPO over the SCCM client settings as I have much more control over different pieces.

 

 

3) Using SCCM Distribution Points as DOINC

More than 60 distribution points across the globe have the Connected Cache (aka DOINC) enabled

(100GB is in use as we are using Windows Updates for Business (WUfB) for patching and this uses DO and DOINC)

 

But make sure you enable DOINC in your boundary groups, otherwise the client will connect directly to Windows Updates

 

Final Note

Don't blame me that it is ... let's say ... a traditional approach with GPOs, but above combination suites well in our traditional WAN with limited breakouts or bad lines in some parts of the world. It is just to give some ideas


Recent COVID problematic proven the setup as users working from home have split tunnel in VPN client going directly to CDN / Windows Updates while internal clients using the cache on SCCM servers. With the combined bandwidth of all Internet accesses at home the 1809 to 1909 feature update went faster and smoother than any OS update in the past. Every user could easily download the approx. 3GB update without bothering our WAN.

 

I'm sure that similar things can be achieved with Office 365 policies (O365 portal) and Intune URIs and policies (preview).
With the Co-Management you always need to think at which end to create the settings and whose settings will win on the client at the end of the day.

I feel this is the most challenging part.

 

My next configuration change is related to Cloud Management Gateway to have clients installing their software from the cloud distribution point (split tunnel) and not contacting internal servers through VPN. With that move we might go back to SCCM based operating system patching as with WUfB you don't have much control over "bad" patches.