Welcome to the world of managed installations. If you already have the sccm side set up correctly, just build a new AIP and sccm package when the updates come out then push it down to the clients. I disable all local updates in the customization wizard since they could saturate the network connection when an update is available and prefer to manage updates locally using SCCM. I have not run into the problem you describe since we don't use the local update client.
↧