Reducing Disruption from Windows Updates uring Active Hours - Intune

Use Delivery Optimization together with scheduling and bandwidth controls to reduce disruption.

Recommended approach with Intune-managed devices:

1. Enable and configure Delivery Optimization
   • Create a Delivery Optimization policy in Intune:
     • Devices → Windows → Configuration profiles → Create profile → Platform: Windows 10 and later → Profile type templates → Delivery optimization.
     • Configure settings as per organizational needs and assign to all applicable Windows devices.
   • Delivery Optimization lets devices download update content from peers on the local network and other alternate sources, not just from internet-based servers. This reduces external bandwidth usage and can improve download efficiency, especially in environments with many similar devices.
   • For basic configuration, use recommendations such as:
     • DownloadMode = 1 or 2 to enable peer-to-peer.
     • MinFileSizeToCache = 1 MB for peer groups with more than 100 devices.
     • MaxCacheAge ≈ 7 days to avoid stale content.
     • Use DelayBackgroundDownloadFromHttp / DelayForegroundDownloadFromHttp so clients search for peers first before pulling from the internet.
2. Throttle update bandwidth during teaching hours
   • Use Delivery Optimization bandwidth controls to limit impact on low-spec devices and shared links:
     • Configure Maximum Download Bandwidth or Maximum Background Download Bandwidth to cap usage.
     • Use “Set Business Hours to Limit Background Download Bandwidth” so downloads are throttled during school hours and less restricted off-hours.
   • This reduces CPU and network contention while students and staff are working, but still allows updates to complete.
3. Limit reboots and visible disruption during active hours
   • Configure Active Hours so update-related restarts happen outside teaching time:
     • Use Group Policy/MDM setting “Turn off auto-restart for updates during active hours” and set Start/End to cover school hours (for example, 07:00–18:00).
   • This prevents automatic restarts while users are working, while still allowing maintenance windows overnight or early morning.
4. Consider update timing and control on special-use/low-spec devices
   • For devices where disruption is especially problematic (exam machines, kiosk-like devices):
     • Limit updates to specific maintenance windows using Active Hours and bandwidth throttling.
     • If absolutely necessary, disable automatic updates via policy and handle updates manually or via a tightly controlled process, understanding the security trade-offs.

Impact on the network

• Properly configured Delivery Optimization generally reduces internet bandwidth consumption by sharing content between peers, which is beneficial in schools with many similar devices.
• To avoid overloading internal links, combine peer-to-peer with bandwidth limits and business hours settings, and monitor results using Delivery Optimization reports and client activity monitors.

References:

• Optimize Windows update delivery
• OS Updates
• Essential Eight patch operating systems
• Delivery Optimization and Microsoft 365 Apps
• Configure Delivery Optimization (DO) for Windows
• Lab 3: Configure policy settings on IoT Devices
• What is Delivery Optimization?
• Delivery Optimization settings in Microsoft Intune