We are using Symantec Patch Management (8.1) and want to block clients from the ability to update directly from Microsoft. In Microsoft domain Group Policy we have disabled "Configure Automatic updates" and in "Specify intranet Microsoft update service location" we have entered a bogus name so that any attempt to update will dead-end. I'm not sure this is the best method but would like to know what Group Policy settings to configure so that we use the ITMS system exclusively.
What has prompted this is that in our steps to migrate to Windows 10 we discovered that a computer system network device somehow knew there was an update available and tried to run but errored out, presumeably because we had entered the bogus update location. We have now enabled "do not include drivers with Windows Updates" but we don't want it to even attempt to go out to Microsoft to look.
Recognizing that Microsoft keeps changing the way it operates and that this is probably a MS issue, is there a recommended set of Group Policy configurations that will help us with utilizing Symantec exclusively?
Thanks for any help.