🎯 Purpose
✅ Optimise Windows update delivery across all devices by configuring Delivery Optimisation (DO) to reduce WAN usage, improve update reliability, and support rapid patching cycles.
➡️ This policy supports Essential Eight – Patch Operating Systems by ensuring updates can be delivered efficiently and consistently at scale.
👥 Who is affected
✅ Devices: All Windows 10 and Windows 11 devices
🚫 Exclusions: None
➡️ Delivery Optimisation settings apply globally across the environment.
☁️ What access is protected
✅ Services: Windows Update, Microsoft update content
✅ Platform: Windows 10 and Windows 11
➡️ Update content is delivered in a controlled and bandwidth‑efficient manner.
🔐 How update delivery is optimised
✅ Peer‑to‑peer sharing is limited to the local network only
✅ Peer caching over VPN is disabled
✅ A short delay is applied before falling back to HTTP downloads
✅ Devices must meet minimum battery, disk, and memory thresholds before uploading content
✅ Cached update content is automatically aged out
➡️ This ensures reliable update delivery without negatively impacting device performance or network stability.
ℹ️ Note
Delivery Optimisation does not enforce patch compliance on its own.
It works alongside Update Rings and Feature Update policies to support timely patching and rapid remediation.
⚙️ What this policy does NOT enforce
🚫 Patch installation deadlines
🚫 OS version compliance
🚫 Update approval or deferral logic
🚫 Security baselines or device compliance
➡️ These controls are handled by separate patching and compliance policies.
🟢 Policy status
✅ Enabled
✅ Applied to all Windows devices
✅ Actively optimising update delivery
📘 Essential Eight Alignment
✅ Supports Essential Eight – Patch Operating Systems
✅ Improves update speed and reliability during rapid patch cycles
ℹ️ Delivery Optimisation is a supporting control, not a primary enforcement mechanism
📘 Practical Interpretation (Executive‑Friendly)
This configuration policy ensures that:
✅ Windows updates are delivered efficiently across the organisation
✅ Network bandwidth is conserved during large patch deployments
✅ Devices receive updates quickly without performance degradation
This provides a scalable and reliable update delivery foundation that supports Essential Eight patching requirements and enables timely security remediation across the fleet.