You are right that third party updates are not part of Windows Update for Business (at least not at the moment, it is a common ask and we are looking into it). In a co-management environment you can continue to use SCCM to manage those. In a cloud only environment Intune can help manage these updates with the Intune Management Extension through PowerShell scripts.

So it means once a machine is switched to being Intune-managed, even if the device is physically connected my company LAN, it will not be able to use our SCCM internal distribution points, to cache the updates files, and only the Intune "Delivery optimization download mode" options found in the "Update Ring" configurations will apply, right? 

Asking this, as we want to avoid all Internet links to collapse every 6 months :-). 

If you move the Windows Update for Business workload to Intune then yes, OS updates will be delivered over the internet with Delivery Optimization and not via SCCM DPs. Other content that is managed by ConfigMgr (like apps) will continue to use DPs. Note that this is true even if you manage WUfB policies directly from SCCM and not through Intune - the capability to manage WUfB policies in SCCM was added in 1706.