A little background, I'm not a systems administrator but overheard ours discussing this very issue and wanted to do some looking into it myself.
We run an internal network with numerous VMs (and some physical hosts) which have no internet access. The VMs are constantly created, modified, removed, and more added. However, the VMs are required to be patched and up-to-date. We have a local WSUS machine that pulls WU and distributes them to the computers on the domain.
My question is: Is it possible to redirect windows updates to our internal WSUS with a DNS entry? More generally, this is for non-GPO and non-domain devices (so manually modifying registry entries is a no-go).
If this is not possible, would you please give a brief overview of why this idea will not work?