Handling remote computer when using WSUS for on-prem computers

Copper Contributor

We use group policy to point our on-prem computers to our on-prem WSUS servers. Our remote users are hybrid AD joined and enrolled in Microsoft Endpoint Manager (FKA Intune). Do you have any recommendations on keeping them updated? Is there a "This is how you should be doing it"?



4 Replies
Are you just asking for basic guidance of how to manage grouping, deployments, etc. for rolling out quality updates / feature updates to devices in your organization? Or are you looking for getting windows updates from WU and everything else via WSUS? Or what specific guidance can we provide?
I guess I'm wondering where to start. Should the often remote PCs have their own group policy settings? Should we set things up for them in Intune? Is there anything specific I should watch out for so that they don't conflict with one another? I'm more concerned that they receive updates than that we control them.

I think having devices check and use WSUS while on-prem, and WU when they're not would be ideal. Just not sure they best way to make that happen or if there is a better alternative.
Of course! Why don't you start here: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/optimize-on-premises-monthly-update-deliv...

I wrote that blog a while back to help customers who were now dealing with mostly remote devices.
If I'm reading the intent correctly, we leave our 'always on-prem' devices as they are now, and then follow the steps in the article for our 'sometimes or never on-prem' devices.
We wouldn't want to ditch WSUS completely, as it helps with bandwidth.