We have a multi-site DirectAccess topology in our environment with Windows 8.1/10 client OS's.  We are wondering how we can deploy Windows Updates to these clients without them using our WAN to get to a DP.  DirectAccess boundries have been configured, so from a CM standpoint they might as well be onsite.  Is there a policy or setting we can use to force these clients to go to Windows Update and not download from a DP?

Since the boundaries are configure for them to point to the local DP they will always come looking to that DP.

What you could do is make sure the update are not available on the DP or any fall back point. Using the setting in the picture the device should go to windows update. Note this is not a sexy way of controlling them.

Disclaimer i never tested it before. Normally we go with internet base management and they automatically go to windows updates. Also keep in mind that making the windows update not available this will impact people in the office. So you would need to make sure that you have configure seperate DP to avoid impacting them.

• Edited by Frederick Dicaire 15 hours 28 minutes ago
• Proposed as answer by Jason SandysMVP 11 hours 11 minutes ago
• Marked as answer by Ryan Arnold 11 hours 11 minutes ago

Sounds like I will need a new DP specifically for DA client boundries with no Windows Update content.