Good Morning!

Background: We do not have SA or MDOP, so APP-V is not an option.

We have a highly mobile workforce with 100+ ConfigMgr DP's in the field.

Our VPN is not split tunnel.

Our field offices are WAN connected to the home office data center for internet access.

So deploying ProPlus via ConfigMgr isn't an issue.

My question is on the updates: How can we configure the application to know to query SCCM to find the closest distribution point? Options include:

1. Running a local scheduled task or GPO script to query the MP for the closest DP via a HTTP Post. Then have the script parse out the server name and use a static share on the DP for content source.

2. Disable automatic updates, and push out an 'update now' script. This script would be part of an SCCM package using a deployment share. The script would be set to run from the DP, not download ahead of time. The script would ask 'where am I' and then use that path to update the local registry ( HKLM\SOFTWARE\Microsoft\Office\15.0\ClickToRun\Configuration\UpdateUrl ) then once that is updates run the setup command to update now.

3. Use an application in SCCM and push out the whole GB of content every time. The network team obviously does not like this option.

Are there better options for updating office using Conf

I would go with option #2.

Here in this thread MS made it clear that what's the best method for managing Office 365 updates. Just for your reference:

https://social.technet.microsoft.com/Forums/office/en-US/59184d1b-7d9b-4676-a504-2fea82d6300f/best-method-for-controlling-office-365-updates?forum=officeitpro

For the specific steps/strategy on how to integrate it with Configmgr, you probably need to ask in CM forum or the dedicated Office 365 forum - Office 365 Community.

A.B.

A couple of thoughts:

Assuming that your ConfigMgr hierarchy is already doing a good job of handling "what's my nearest DP?", you could create an application which copies the content to a HDD location (e.g. c:\windows\temp\O365) and then configure C2R to pull the update source from there?

Or, if you already have your AD topology sites/subnets etc setup, you could use DFS-N/DFS-R.

Or BranchCache?

Or, you could use DNS netmask ordering (if your addressing scheme suits), to use the IIS on your DP's:
http://blogs.technet.com/b/askpfeplat/archive/2013/02/18/how-netmask-ordering-feature-in-dns-affects-the-resultant-queries.aspx

I seem to recall reading that http sources are recommended over CIFS/SMB, for C2R installation/updating, and perhaps your network might be "tuned" to prefer http also?

Don -

The challenge is the thousands of mobile users who connect over tiny WAN connections without local DPs, or over VPN. We don't want them downloading the full GB of content every month. That would infuriate our users. Neither Branch Cache or even 1e Nomad Branch can help you with VPN connected systems - they are on the equivalent of a single address subnet with no peers.

And any of our ~20,000 laptops could be in an office or VPN within the same day. Anything short of a real time detection system will result in inadvertent double-wan-connection-network team call type scenarios.

I think I'm in a hard spot because most large corporations that have a well built SCCM environment also have SA, so they can use App-V. Microsoft probably isn't the most motivated to come up with a integrated solution, or else why pay for SA or MDOP ? :P

Will