While the new policy (dubbed "Disable Dual Scan") is enabled, any deferral policies configured for that client will apply only to ad hoc scans against Windows Update, which are triggered by clicking "Check online for updates from Microsoft Update": Windows updates from Configuration Manager, supplemental updates from WU - a modified "on-premises" scenario.
If you have external clients that use this WSUS server you need to type the FQDN (the internet public address) in this box. Select your internal CA by clicking the Select button, give the certificate a friendly name and click Finish. Now click Add, on the Type drop down box select https, and your WSUS certificate on the SSL Certificate drop down box.The previous post mentioned a summer release of a policy on 1607 that would address the issue, and we are pleased to announce that this policy has arrived.The package containing this policy is available today from KB4034658, which is the August cumulative update released to the WSUS channel on 8/8/2017.The next step – configure Windows clients to use a deployed WSUS server.In this article we will consider how to configure clients of the WSUS server using Active Directory GPO (Group Policies).
This kind of client association to the WSUS groups is called client side targeting.