The WSUS is not enough

<p>Some organizations run Windows clients in an &ldquo;air gapped&rdquo; environment, where there is either no Internet connection at all, or a heavily restricted one that goes through a proxy server. This is usually done for security reasons or to restrict the user (e. g. in schools).</p> <p>For updating Windows, this used to be no problem, as you can run Windows Server Update Services on your network, which reliably delivers updates for Windows and some other Microsoft products (like Edge Chromium and WebView2) to the clients.</p> <p>However, WSUS has one blind spot: Windows today comes with a number of &ldquo;inbox apps&rdquo; that are also available on the Microsoft Store, for example the camera app, the calculator, the store client itself and even a number of system components like language packs. As these are part of a default Windows installation, you would expect they are updated by Windows Update and thus also by WSUS. Surprisingly and unfortunately, this is&nbsp;<strong>not</strong>&nbsp;the case. They are serviced&nbsp;<strong>only</strong>&nbsp;through the Microsoft Store update mechanism, which is for no good reason completely separate from Windows Update and cannot be managed by WSUS.</p> <p><a href="https://medium.com/@damiel_gc/the-wsus-is-not-enough-9ea0161603f5"><strong>Click Here</strong></a></p>