There are a variety of scenarios including but not limited to, installations of Office using Content Delivery Network (CDN), lean 2nd installs (removing the Office source files from the install packages), right-sized first install (only include most used language packs), and default behavior where Office stays up to date using CDN. Microsoft recommends optimizing these network operations because a device can get portions of the content from other devices on its local network instead of having to download the update completely from Microsoft CDN. The goal of this article is to provide solutions for challenges collected from customers in the field.
All of these above concerns can be addressed with this proposed solution. You can use Delivery Optimization (DO) to reduce bandwidth consumption by sharing the work of downloading Office content among multiple Windows 10 devices in your deployment. DO can accomplish this because it is a self-organizing distributed cache that allows clients to download content from alternate sources (such as other peers on the network). Delivery Optimization is a cloud-managed solution. Access to the Delivery Optimization cloud services is a requirement. This means that to use the peer-to-peer functionality of DO, devices must have access to the DO cloud service end points.
Optionally, customers who use Microsoft Endpoint Configuration Manager can take advantage of a feature called Configuration Manager Connected Cache which delivers a powerful combination of DO plus Connected Cache leading to high hit rates for content searches. If the cache doesn’t contain necessary files, Configuration Manager Site Server will download content to Distribution Point to populate cache, based on the client needs. In this way, customers have far more flexibility in terms of supporting different architectures and languages as manual downloads are no longer required as they've been replaced by a dynamic workflow as well as making use of existing capital investments.
Prerequisites for solution
For communication between clients and the Delivery Optimization cloud service:
Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service will register and open this port on the device, but you might need to set this port to accept inbound traffic through your firewall yourself. If you don't allow inbound traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download by using HTTP or HTTPS traffic over port 80 (such as for default Windows Update data).
If you set up Delivery Optimization to create peer groups that include devices across NATs (or any form of internal subnet that uses gateways or firewalls between subnets), it will use Teredo. For this to work, you must allow inbound TCP/IP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up.
Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80.
Recommended (if existing Configuration Manager customer, use Microsoft Connected Cache combined with Delivery Optimization)
1. Operationally, stop any future software updates for Microsoft 365 Apps for enterprise using Configuration Manager
Group Policy or Configuration Manager Client Settings require setting "Management of Microsoft 365 Apps for enterprise" (formerly known as Office 365 Client Management) to Disabled in order to restore default functionality where software update workflow for Office updates uses CDN not Configuration Manager. When available, Connected Cache feature will be enabled but software updates workflow for Office using Configuration Manager will no longer be used.
2. Configure Group Policy for Microsoft Office 2016 (Machine)/Updates
|Enable Automatic Updates||Enabled|
|Hide option to enable or disable updates||Enabled|
|Management of Microsoft 365 Apps for enterprise||Disabled|
|Update Deadline||3 (Deadline count starts once content download has completed on client)|
3. Configure Group Policy for Delivery Optimization
|Allow uploads while the device is on battery while under set Battery level (Percentage)||Enabled (60)|
|Delay background download from http (in secs)||Enabled *Higher time will increase likelihood of finding peer but slow background update. Example (240)|
|Delay foreground download from http (in secs)||Enabled (60)|
|Download Mode||Enabled (Group 2)|
|Enable Peer Caching while the device connects via VPN||Disabled|
|Minimum Peer Caching Content File Size (in MB)||Enabled (1)|
|Select a method to restrict Peer Selection||Enabled (subnet)|
|Set Business Hours to Limit Background Download Bandwidth||Enabled|
4. (optionally) Configure Connected Cache for Microsoft Endpoint Configuration Manager
Navigate using Configuration Manger Console to \Administration\Overview\Distribution Points and select properties of Distribution Point. Enable Connected Cache by checking box and designate LUN to host cached content.
Navigate using Configuration Manger Console to panel \Administration\Overview\Hierarchy Configuration\Boundary Groups. Select each on-premises boundary group and enable selection highlighted below. (toggle on other selections based on your environment preferences)
Finally, using Configuration Manger Console Navigate to \Administration\Overview\Client Settings, enable options below.
How to verify DO and Connected Cache are working?
1. Deploy Office to validation machine where per Update history for Microsoft 365 Apps (listed by date) build is N-2.
For example, at the time of this writing, today is “Patch Tuesday” so August 2020 Monthly Enterprise Channel is Version 2006 (Build 13001.20520). The reference machine should have June 2020 Version 2004 (Build 12730.20430) installed. This should result in Office moving to N-1 or N (depending on CDN throttle).
2. Allow up for 24 hours for scheduled task Office Automatic Updates 2.0 to detect and perform Office update.
For accelerated lab testing consider moving system clock forward by one day prior to running scheduled task.
3. [Client] Use PowerShell on Windows client to verify Office content used DO and Conncted Cache.
PS C:\Windows\system32> Get-DeliveryOptimizationStatus
4. [Server] Check the Configuration Manager Connected Cache disk for build.
Delivery Optimization and Microsoft Connected Cache provide a powerful and low cost of ownership method for Office installations and updates using peer to peer sharing technologies.
Are there some additional references for Delivery Optimization and its capabilities?
Are there some additional references for Configuration Manager and Connected Cache?
Where can I obtain more information about VPN and remote configuration options?
Can we use a third-party Configuration Manager alternate content provider with this solution?
No, alternate content providers typically depend on Configuration Manager software update workflow which won’t be used in scenario above.
For the UpdateDeadline GPO, how does that impact the end user experience?
Please see section “User Experience when updating from CDN” from blog posting Understanding Office 365 ProPlus Updates for IT Pros (CDN vs SCCM)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.