Just added in my observation to this forum thread https://social.technet.microsoft.com/Forums/en-US/56d402ab-b2d7-4d91-be5f-c21dbbe1fa95/scep-definition-updates-trying-to-pull-from-the-internet-poor-behaviour
I'm currently setting up a 2012 R2 environment and presently port 8530 is not open to the SUP so no updates are occurring for SCEP. Yesterday the client updated it's def files from Windows Update. Nothing is set to fallback to WU in the anti-malware policy. So assuming here that by design SCEP will fallback to WU after x amount of failures to update. Just wanted to know if this is documented somewhere as normal behaviour. Cheers Paul
