CoManaged Devices
Question
For a co managed device, I would like to manage the Security patches and Office proplus patches through INTUNE. Does this remove the CMG dependency for the Clients connected over internet?
noor 
Leave an answer
Sorry, you do not have permission to answer to this question .
Answers ( 4 )
You can convert On-prem DP as Connected Cache (Caching servers) for WUfB? https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache
Yes, I think. Once you moved these workloads to Intune ..it will be managed through Microsoft Update for Business (WUfB)…
https://howtomanagedevices.com/intune/2393/windows-patch-management-using-intune/
I am also on same page, no more CMG required. It looks good when client is connected over internet. But What happens if the same client connects to on premises network and is on INTRANET, and I don’t want anything to be downloaded over the INTERNET ( reason my infra team has restricted any downloads from internet due to bandwidth limitation and network choke issues). How can deploy patch to these co-managed devices, when on premises.what you suggest?
Hi Anoop… thanks for your reply earlier. and apologies for late response from my end. This is in continuation to my earlier question on Intune Comamangement for Hybrid AD joined devices.
– A device is Hybrid AD joined + Intune Comanaged.
I will use INTUNE only for Patch management (rest all things will be managed by SCCM)
Questions – When device is out of the On-premise Network and not even connected over VPN,,, And Its just connected through INTERNET. Will this device get intune policy to install Windows update for Business? If yes, its all good.
If it wont get any policy then does it need CMG configured to get Intune policies over internet to install Patches?
Please explain.. hope my question is clear and not confusing you. Please advise.