Use Group Policy to force Windows 10 clients to pull updates from SCCM, but allow Microsoft Store

THE PROBLEM: My company is shifting control of our Windows Updates from WSUS to SCCM. At Techmentor this year, I got the vibe that MS is looking to deprecate WSUS long-term, and that the best options for companies to deploy updates going forward are either to use Windows Update for Business (WUfB), or SCCM. Wanting the extra control and reporting that SCCM offers, that is the route we chose. However, finding reliable and up-to-date info on how best to utilize the available controls is a frustrating task at the time of writing this article (Sept 2017) – especially because MS has been changing around their own verbiage (Rings? Channels? Branches?) and releasing new Group Policy admx templates so frequently.

THE CHALLENGE: Configure Windows 10 clients in the following manner:

• Pull Windows 10 updates from SCCM
• DO NOT pull updates from Windows Update internet servers
• ALLOW access to Microsoft Store

THE SOLUTION: The following Group Policy settings:

• To force clients to check in with SCCM:
  • Computer Configuration/Administrative Templates/Windows Components/Windows Update/Configure Automatic Updates = ENABLED
    
  • Computer Configuration/Administrative Templates/Windows Components/Windows Update/Specify intranet Microsoft update service location = ENABLED
    • Set the intranet update service for detecting updates: enter the correct server address and port
    • Set the intranet statistics server: enter the correct server address and port
• To prevent clients from pulling updates from Windows Update internet servers:
  • Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings/Turn off access to all Windows Update features = ENABLED
• You must also make sure the following is set to NOT CONFIGURED or DISABLED:
  • Computer Configuration/Administrative Templates/Windows Components/Windows Update/Do not connect to any Windows Update Internet locations