Microsoft
MicrosoftMichael-CM I'm not suggesting everybody needs to go Cloud-only/Cloud-native. As JamesC95 says, you can use the integration between Windows Package Manager and Intune on your on-prem fleet by using Cloud Attach and co-management. This is just one of the issues enterprises will face with their on-prem only environments, as the last couple years has shown. Many customers tell us that their employees refuse to connect to VPN unless absolutely necessary, and therefore are not receiving updates, apps, policy changes, etc...all of which lead to security issues and an uptick in help desk calls.
Configuring cloud-attach, using Windows Update for Business, allowing your helpdesk to perform a remote wipe in the case of a lost or stolen device...these are all just small steps to modernizing, and will help with everything from employee satisfaction and productivity to improved security and compliance.
I'm not suggesting that this is an easy or quick path, but it's an important path to start planning.