Hi We have environment that boundary group attached VPN dp server and Split tunnel enabled. Updates are distributed to VPN DP.While deploying security or cumulative update to client, on the deployment download settings do we need to use (2 drop down) do not download the update from neighbor and current and default site boundary and below options to check download from MS site ?? So that client can get patch from internet? If yes I have one more question We have already distributed patches to VPN dp associate with VPN boundary , if still download from vpn server??
What about desktop connected local intranet if we use same download settings (do not download)
I believe you are referring to scenario where many workers are at home, whether they connect to your company server or directly connect to Windows Update website , their personal home bandwidth is being used and download from your server, it place load to your server too. Therefore, it is recommended that they download it directly from Microsoft Windows Update website and enable deliver optimization so if they have multiple Windows 10 devices and if even one of them gets update , it distribute update internally and don't use internet. However, for devices on the company, you may consider they follow the normal procedure and download updates from local servers.
However, it is good idea to test both scenarios with some PCs as sample and set them to download from Microsoft website and other from your local company website using VPN and monitor their usage and performance and update experience and then decide for the reset.
You may also set two main update groups , one for remote devices and one for local devices and servers and set policies accordingly. However, you need to test out multiple scenario but from my experience getting update from Windows Update website is more suitable for remote devices.