Microsoft Updates Country Block Issues

HealthPrime
Here to help

Microsoft Updates Country Block Issues

Facing issues Regarding country block ,if we allow only India and US ,Microsoft updates /product activations  breaks as it goes on for searching random UK Canada or any other country server ,any suggestion or solution on this issues .

 

 We want to maintain country block without breaking windows updates feature 

7 Replies 7
Bruce
Kind of a big deal

Meraki uses a database (provided by a separate party) that allows an IP address to be mapped to country, and that is updated regularly. When you block a country there is unfortunately no way to make an exception to that block list - although I would definitely ‘make a wish’, it would be great feature to have a white-list that allows for specific URLs when a country is blocked (I’ve hit similar problems myself).

 

I would also pose the question with Microsoft and see if there is a way of limiting the countries that their update services will check into to, that may be an alternate way of solving your problem.

cmr
Kind of a big deal
Kind of a big deal

@HealthPrime why do you want to only have US and India, blocking every other country will make your internet experience appalling as the whole concept of the internet is that it is de-centralised so CDNs are usually distributed around the world for best availability.

 

Country blocking is usually used in a more limited manor, i.e. to block a particular country or region.

 

The Meraki list is also not always completely up to date so you may well see unusual results.

 

For MS updates and activations you could use SCCM or WSUS and your own activation server.

HealthPrime
Here to help

Started using Manageengine Desktop Central for Endpoint management /Patch management

PhilipDAth
Kind of a big deal
Kind of a big deal

If you want it that strict you'll need to invest in a managed Windows patching solution rather than using Windows Update.

CptnCrnch
Kind of a big deal
Kind of a big deal

Sorry to say that, but whoever has proposed Geolocation blocking as a valid solution has to be taken to special places in hell.

 

In the age of Cloud and Nation threat actors, this is something that prevents you from the largest spam out there, but doesn‘t provide a serious layer of security. Instead, it takes you into situations like the ones you‘re describing here.

DarrenOC
Kind of a big deal
Kind of a big deal

@CptnCrnch  “Special places in hell” 🤣😂

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
oldroo
Getting noticed

I don't have an issue doing geoblocking (each to their own), however you have to be aware, as mentioned about the cloud and the implications to your systems.

 

In saying that you could reach out to vendors and they will provide regional based servers that you can force your systems to update from, to get around the issue of trying to update from geoblocked regions.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels