That is a possibility, perhps instead of NAT'ing the connections if you had a local DNS entry for update.microsoft.com though I suspect SSL woupd be fine. However I believe SSL is optional, so that might not be a problem at all?
--James. (This email was sent from a mobile device)
