In this post I will walk through on how to setup and configure Delivery Optimization using Intune. Delivery optimization once configured, allows devices to get the content from peers hence saving the bandwidth.
- What is Delivery Optimization
- Types of content supported by Delivery Optimization
- How to configure Delivery Optimization
- Configure Delivery Optimization using Intune
- PowerShell commands related to Delivery Optimization
- Verify Delivery Optimization settings on device
- Usage of Update Compliance with Delivery Optimization
What is Delivery Optimization
Delivery Optimization is an inbuilt feature in Windows 10 & Windows 11 devices which allows them to download the contents from peers rather than going to internet. Delivery optimization can be compared with BranchCache, peer cache (SCCM technology) and works in same way.
Once Delivery optimization is configured, devices will start downloading the content from internet and store the content in cache specifically meant for delivery optimization activity, hence later any device tries to download the same content (within same network) it will first try to find the content locally from other peers and if available will download from it, hence saving the bandwidth.
Delivery Optimization can be very useful for Windows Update for Business deferral policies as the patch size are pretty big and this will help organizations to avoid downloading the same patch again and again in the same network with high utilization of internet.
Delivery optimization can be used either using Peer to Peer technology or Microsoft Connected Cache which requires a Cache server to store the files.
Types of content supported by Delivery Optimization
Delivery optimization supports variety of content to download using Peer to Peer feature, here is the list for Windows 10 / 11 client devices:
- Windows Update including feature updates, quality updates, language packs, drivers
- Windows 10 Store files
- Windows 10 Store for Business files
- Windows Defender definition updates
- Intune Win32 apps
- Microsoft 365 Apps and updates
- Edge Browser Updates
- Configuration Manager Eupdates
- Dynamic updates
- MDM Agent
Windows Server support for DO
Windows Server just supports 2 kinds of downloads:
- Windows Update
- Edge Browser Updates
Windows Server 2019 or higher is supported to use Delivery Optimization.
How to configure Delivery Optimization
Delivery Optimization can be configured in multiple ways:
- Intune: Through Intune, we can create configuration profile for Delivery Optimization, this is what we will focus upon in this blog
- Group Policy: In organizations with Active Directory, we can use GPO to configure Delivery Optimization.
- SCCM: Delivery Optimization can be turned on using Configuration manager also. This can be enabled using Client settings > Delivery Optimization setting.
Configure Delivery Optimization using Intune
Login to MEM Admin center and navigate to Devices > Configuration profiles and click on Create profile.
Under Create a profile blade, select:
Platform: Windows 10 and later
Profile type: Templates
Template name: Delivery Optimization
And click Create
Under Basics provide name “Delivery Optimization” and click Next
Under Configuration settings you have multiple options to select.
Download mode gives you following options, select 3rd option ie. “HTTP blended with peering across private group (2)”, the meaning of various options are as follows:
- Not configured: Devices configured with their own settings will be applied.
- HTTP only, no peering (0): Updates will get from internet. Peer-to-peer technology for delivery optimization will not be used.
- HTTP blended with peering behind same NAT (1): Devices will get the updates from internet and from peers on the network if they are behind the same Network Address Translation IP addresses. This also gives options to restrict peer selection to subnet mask which won’t allow device to download the content from another peers if they are on different subnet. Peer’s within same subnet will be reachable to download content.
- HTTP blended with peering across private group (2): Devices will get the updates from internet and from peers. We can not only select “Restrict Peer Selection” to Subnet mask, but also can select Group ID source to use:
- AD site
- Authenticated domain SID
- DHCP user option
- DNS Suffix
This option is one of the favourite ones to be used. For example, we can limit the peers within same AD site, hence devices won’t be downloading the content outside of its own AD site. AD Site can be used with Subnet or without subnet depending upon your needs, you need to consider about the fact that 1 AD Site can consists of multiple subnets, are you good to allow whole AD Site with all subnets under it ? it can be good option if those subnets are having fast connectivity such as 1 AD site consisting of a building with multiple floors having different subnet. Here it makes sense to go with AD Site only and not to use Subnet mask as connectivity within the same building using Layer 3 switches would be pretty fast.
- HTTP blended with internet peering (3): Devices will get updates from internet and from other computers on the network.
- Simple download mode with no peering (99): Devices will download updates from internet. It won’t contact Delivery Optimization cloud services.
- Bypass mode (100): Delivery Optimization will not be used, instead BITS (Background Intelligent Transfer Service) will be used.
Restrict Peer Selection – select “Not configured”
You have option to select “Subnet mask” in case you wanted to get the devices downloading the content within same subnet.
Bandwidth optimization type: Select Percentage with business hours, we have following options:
- Not configured
- Percentage with business hours
Specify Maximum foreground download bandwidth & Maximum background download bandwidth which consists of:
- Business hours start: 9 AM
- Business hours end: 5 PM
- During business hours (in %): 40
- Outside business hours (in %): 80
Delay background HTTP download (in seconds) as 60
Delay foreground HTTP download (in seconds) as 60
Delaying HTTP download allows few seconds to find the peers and prioritize it accordingly. Once this time is reached, device will download content from HTTP source.
Minimum RAM required for peer caching (in GB):4
Minimum disk size required for peer cashing (in GB): 32 (This is a recommended value, change as per your need)
Minimum content file size for peer caching (in MB): 10
Minimum file size to be cached, if it is smaller than the number specified, it won’t save. Recommended value is 10, you can specify between 0 to 1000
Minimum battery level required to upload (in %): 40
Recommended is 40, you can specify between 0 to 100
Modify cache drive: %SystemDrive%
Maximum cache age (in days): 30
(recommended value is 7, range is between 0 and 3650)
PowerShell commands related to Delivery Optimization
Following are the very handy PowerShell commands related to Delivery Optimization:
Using these commands you can see and verify the results whether Delivery Optimization is working or not.
Get-DeliveryOptimizationStatus | ft
This command shows you list of downloads along with filesize. You can also see whether it got downloaded from Peers or from Http (Internet). Which files are in cache, it will show you.
If you just run “Get-DeliveryOptimizationStatus”, it will show you detail of each update along with SourceURL used.
This command will give you summary of how many files downloaded / uploaded. Cache size, available disk size and average download size of the files.
Verify Delivery Optimization settings on device
Registry location related Delivery Optimization profile applied via Intune will be saved under Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\DeliveryOptimization
Navigate to Start menu > settings > Accounts > Access work or school and click on info (under domain).
Under Areas managed by, you can see DeliveryOptimization policy applied.
You may also check Advanced Diagnostic Report by creating one (scroll down further on same page), this will give you complete insight of all policies applied via Intune.
Usage of Update Compliance with Delivery Optimization
You can use Update Compliance solution app (WaaSUpdateInsights) which can be downloaded from Azure Marketplace. Once integrated, you can get detailed insight of your organization to see how much bandwidth you are saving using Delivery Optimization Status.
The solutions requires Log analytics workspace to save the solution which contains multiple tables along with data which can further be explored by creating beautiful reports using KQL query.