We have a large pool of remote workers who only periodically come into the office and usually only connect to the VPN briefly (under an hour) every few days. So Protect Cloud Sync works perfectly for Windows Patches and builtin 3rd party patches. However we were curious about custom patches/software. My understanding is that custom patches/software can't be deployed through Cloud Sync (which makes complete sense as the patches don't exist outside of our environment). That is no problem, however I want to make sure that the patches do get deployed when the laptop connects to the VPN or comes into the office. I was wondering if anyone had any advice/best practices for deploying custom patches/software to guarantee they are deployed to remote staff?
My best guess would be to add an additional scan and deploy task (for custom software only) to the agent policy that is scheduled frequently (ex. every hour) and hope that it runs while they are connected to the VPN or come into the office. Just wondering if this is the best option or if there was potentially a more elegant way to solve the issue.
The scan every hour method wouldn't work because there is a retry limit for patch deployments. When reached (10 times) the deployment for that specific patch will no longer process until the retry count is reset. You could try creating a HTTPS base Distribution Server accessible from outside your network. The agent would be configured to use this Distribution Server to download the required files and patches instead of the internet. I haven't tried this myself, but it should work in theory.