Handling remote computer when using WSUS for on-prem computers

%3CLINGO-SUB%20id%3D%22lingo-sub-2459000%22%20slang%3D%22en-US%22%3EHandling%20remote%20computer%20when%20using%20WSUS%20for%20on-prem%20computers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2459000%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20use%20group%20policy%20to%20point%20our%20on-prem%20computers%20to%20our%20on-prem%20WSUS%20servers.%20Our%20remote%20users%20are%20hybrid%20AD%20joined%20and%20enrolled%20in%20Microsoft%20Endpoint%20Manager%20(FKA%20Intune).%20Do%20you%20have%20any%20recommendations%20on%20keeping%20them%20updated%3F%20Is%20there%20a%20%22This%20is%20how%20you%20should%20be%20doing%20it%22%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2459091%22%20slang%3D%22en-US%22%3ERe%3A%20Handling%20remote%20computer%20when%20using%20WSUS%20for%20on-prem%20computers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2459091%22%20slang%3D%22en-US%22%3EAre%20you%20just%20asking%20for%20basic%20guidance%20of%20how%20to%20manage%20grouping%2C%20deployments%2C%20etc.%20for%20rolling%20out%20quality%20updates%20%2F%20feature%20updates%20to%20devices%20in%20your%20organization%3F%20Or%20are%20you%20looking%20for%20getting%20windows%20updates%20from%20WU%20and%20everything%20else%20via%20WSUS%3F%20Or%20what%20specific%20guidance%20can%20we%20provide%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2459266%22%20slang%3D%22en-US%22%3ERe%3A%20Handling%20remote%20computer%20when%20using%20WSUS%20for%20on-prem%20computers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2459266%22%20slang%3D%22en-US%22%3EI%20guess%20I'm%20wondering%20where%20to%20start.%20Should%20the%20often%20remote%20PCs%20have%20their%20own%20group%20policy%20settings%3F%20Should%20we%20set%20things%20up%20for%20them%20in%20Intune%3F%20Is%20there%20anything%20specific%20I%20should%20watch%20out%20for%20so%20that%20they%20don't%20conflict%20with%20one%20another%3F%20I'm%20more%20concerned%20that%20they%20receive%20updates%20than%20that%20we%20control%20them.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20think%20having%20devices%20check%20and%20use%20WSUS%20while%20on-prem%2C%20and%20WU%20when%20they're%20not%20would%20be%20ideal.%20Just%20not%20sure%20they%20best%20way%20to%20make%20that%20happen%20or%20if%20there%20is%20a%20better%20alternative.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2459274%22%20slang%3D%22en-US%22%3ERe%3A%20Handling%20remote%20computer%20when%20using%20WSUS%20for%20on-prem%20computers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2459274%22%20slang%3D%22en-US%22%3EOf%20course!%20Why%20don't%20you%20start%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fwindows-it-pro-blog%2Foptimize-on-premises-monthly-update-delivery-using-the-cloud%2Fba-p%2F1483519%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fwindows-it-pro-blog%2Foptimize-on-premises-monthly-update-delivery-using-the-cloud%2Fba-p%2F1483519%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EI%20wrote%20that%20blog%20a%20while%20back%20to%20help%20customers%20who%20were%20now%20dealing%20with%20mostly%20remote%20devices.%3C%2FLINGO-BODY%3E
New Contributor

We use group policy to point our on-prem computers to our on-prem WSUS servers. Our remote users are hybrid AD joined and enrolled in Microsoft Endpoint Manager (FKA Intune). Do you have any recommendations on keeping them updated? Is there a "This is how you should be doing it"?

 

Thanks.

4 Replies
Are you just asking for basic guidance of how to manage grouping, deployments, etc. for rolling out quality updates / feature updates to devices in your organization? Or are you looking for getting windows updates from WU and everything else via WSUS? Or what specific guidance can we provide?
I guess I'm wondering where to start. Should the often remote PCs have their own group policy settings? Should we set things up for them in Intune? Is there anything specific I should watch out for so that they don't conflict with one another? I'm more concerned that they receive updates than that we control them.

I think having devices check and use WSUS while on-prem, and WU when they're not would be ideal. Just not sure they best way to make that happen or if there is a better alternative.
Of course! Why don't you start here: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/optimize-on-premises-monthly-update-deliv...

I wrote that blog a while back to help customers who were now dealing with mostly remote devices.
Thanks!
If I'm reading the intent correctly, we leave our 'always on-prem' devices as they are now, and then follow the steps in the article for our 'sometimes or never on-prem' devices.
We wouldn't want to ditch WSUS completely, as it helps with bandwidth.