Cross-Platform Updates & Delivery Optimization
Managing updates isn't just Windows. Learn to handle Android updates via config profiles and FOTA, plus configure Delivery Optimization to save bandwidth across your network.
Android update management
Android updates are like different postal services β it depends on who made the device and how itβs managed.
Unlike Windows (where Microsoft controls updates directly), Android updates come through the device manufacturer (Samsung, Google, etc.). Intune can influence WHEN updates install and which updates are allowed, but it works differently depending on the management level and the OEM.
Android update options
| Method | What It Controls | Supported Devices |
|---|---|---|
| System update configuration profile | When updates install (immediate, scheduled, postpone 30 days) | All Android Enterprise managed devices |
| Freeze periods | Block updates during critical business periods | Android Enterprise (API level 28+) |
| Samsung FOTA (Knox E-FOTA) | Specific firmware versions, force or block updates | Samsung devices with Knox |
| Managed Google Play auto-update | App updates from Play Store | All Android Enterprise devices |
System update behaviour settings
| Setting | Behaviour |
|---|---|
| Automatic | Device downloads and installs updates when available |
| Windowed | Updates only install during a defined time window (e.g., 2 AM - 5 AM) |
| Postpone | Delay system updates for up to 30 days |
| Default | Device follows its default OEM update behaviour |
Samsung FOTA with Intune
Samsungβs Enterprise Firmware Over The Air (E-FOTA) provides deeper control:
- Pin devices to a specific firmware version β prevent uncontrolled updates
- Force a specific update β push a tested firmware version to all Samsung devices
- Schedule updates β install during maintenance windows
- Requires Samsung Knox Mobile Enrollment and Knox E-FOTA licence
Exam tip: Android updates vary by OEM
The exam recognises that Android update management is more limited than Windows:
- Standard Android Enterprise β you can schedule install windows and postpone up to 30 days
- Samsung Knox β deeper control with firmware pinning and forced updates
- Personal work profile devices β you generally canβt control system updates (user manages the device)
If a question asks about forcing a specific Android firmware version β Samsung FOTA is the answer.
Delivery Optimization
What is it?
Think of Delivery Optimization like a neighbourhood lending library.
Instead of every house (device) driving to the bookshop (Microsoftβs servers) to buy the same book (update), the first house buys the book and shares it with the neighbours. Delivery Optimization lets devices share update content with each other over the local network β dramatically reducing internet bandwidth usage.
Download modes
| Mode | Behaviour | Best For |
|---|---|---|
| HTTP only (0) | No peering β download only from Microsoft | Testing, or when peering isnβt desired |
| LAN (1) | Share with devices on the same local network | Most organisations (default) |
| Group (2) | Share within a defined group (AD site, domain, Entra group) | Multi-site organisations |
| Internet (3) | Share with any device running DO, including internet peers | Large distributed organisations |
| Simple (99) | HTTP only, no peering, no cloud service | Environments with strict network policies |
| Bypass (100) | Use BITS instead of DO | Fallback for troubleshooting |
Configuration via Intune
Where: Intune admin center β Devices β Configuration β Settings catalog β Search βDelivery Optimizationβ
| Setting | Purpose | Samβs Choice |
|---|---|---|
| Download mode | How devices share content | Group (2) β share within each office location |
| Max cache size | Percentage of disk for cached content | 20% |
| Max cache age | How long to keep cached content | 7 days |
| Bandwidth limits | Maximum upload/download bandwidth for DO | 50% foreground, 30% background |
Sam configures Group mode so devices in the Wellington office share with each other, and devices in the Auckland office share separately β preventing cross-site WAN traffic.
Monitoring updates
Where to monitor
| Dashboard | What It Shows |
|---|---|
| Intune admin center β Reports β Windows updates | Update ring compliance, feature update status, quality update status |
| Intune admin center β Devices β Monitor | Per-device update status, pending updates, failed updates |
| Microsoft Defender portal β Device inventory | Security update status per device |
| Endpoint Analytics | Update impact on device performance (boot times, crashes) |
Key reports
| Report | Purpose |
|---|---|
| Windows update compliance | Which devices are current vs behind on updates |
| Feature update status | Progress of a targeted feature update rollout |
| Quality update status | Which devices have the latest security patches |
| Update failures | Devices where updates failed with error codes |
| Delivery Optimization | Bandwidth savings from peer-to-peer sharing |
Deep dive: update monitoring workflow
Samβs weekly update monitoring routine:
- Monday: Check quality update report β any devices missing last weekβs patches?
- Tuesday: Review update failures β investigate and remediate failed devices
- Wednesday: Check Delivery Optimization report β verify bandwidth savings
- Friday: Review feature update rollout progress (if active)
For Ring 0 (IT preview), Sam monitors daily for the first 3 days after updates release. If issues appear, he pauses the update ring for Ring 1 and Ring 2 before they receive the update.
π¬ Video walkthrough
Flashcards
Knowledge Check
Riko has 20 Samsung tablets at Pixel & Co that must stay on a specific Android firmware version because the design app hasn't been tested on newer firmware. How should Riko control this?
Sam notices that every time a Windows update is released, his office's internet bandwidth is overwhelmed because all 300 Wellington office devices download the update simultaneously from Microsoft. What should Sam configure?
π Congratulations! Youβve completed all 27 modules of the MD-102 study guide. Review any modules you found challenging, then head to the practice questions to test your knowledge.