Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr into tocideas

windows/deployment/update/plan-determine-app-readiness.md

@@ -0,0 +1,76 @@
+---
+title: Determine application readiness
+ms.reviewer: 
+manager: laurawi
+description: How to test your apps to know which need attention prior to deploying an update
+keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
+ms.prod: w10
+ms.mktglfcycl: manage
+audience: itpro
+author: jaimeo
+ms.localizationpriority: medium
+ms.audience: itpro
+author: jaimeo
+ms.topic: article
+ms.collection: M365-modern-desktop
+---
+
+# Determine application readiness
+
+Before you deploy a Windows 10 update, you should know which apps will continue to work without problems, which need their own updates, and which just won't work and must be replaced. If you haven't already, it's worth [classifying your apps]<link to plan-define-readiness> with respect to their criticality in your organization.
+
+## Validation methods
+
+You can choose from a variety of methods to validate apps. Exactly which ones to use will depend on the specifics of your environment.
+
+
+|Validation method  |Description  |
+|---------|---------|
+|Full regression     | A full quality assurance probing. Staff who know the application very well and can validate its core functionality should do this.        |
+|Smoke testing     | The application goes through formal validation. That is, a user validates the application following a detailed plan, ideally with limited, or no knowledge of the application they’re validating.        |
+|Automated testing     |  Software performs tests automatically. The software will let you know whether the tests have passed or failed, and will provide detailed reporting for you automatically.    |
+|Test in pilot     | You pre-select users to be in the pilot deployment group and carry out the same tasks they do on a day-to-day basis to validate the application. Normally you use this method in addition to one of the other validation types.        |
+|Reactive response     | Applications are validated in late pilot, and no specific users are selected. These are normally applications aren't installed on many devices and aren’t handled by enterprise application distribution.        |
+
+Combining the various validation methods with the app classifications you've previously established might look like this:
+
+
+|Validation method  |Critical apps  |Important apps  |Not important apps  |
+|---------|---------|---------|---------|
+|Full regression     | x        |         |         |
+|Smoke testing     |         | x        |         |
+|Automated testing     |  x       |   x      |  x       |
+|Test in pilot     |  x       |  x       |  x       |
+
+
+## Identify users
+
+Since your organization no doubt has a wide variety of users, each with different background and regular tasks, you'll have to choose which users are best suited for validation testing. Some factors to consider include:
+
+- **Location**: If users are in different physical locations, can you support them and get validation feedback from the region they're in?
+- **Application knowledge**: Do the users have appropriate knowledge of how the app is supposed to work?
+- **Technical ability**: Do the users have enough technical competence to provide useful feedback from various test scenarios?
+
+You could seek volunteers who enjoy working with new features and include them in the pilot deployment. You might want to avoid using core users like department heads or project managers. Current application owners, operations personnel, and developers can help you identify the most appropriate pilot users.
+
+## Identify and set up devices for validation
+
+In addition to users, it's important to carefully choose devices to participate in app validation as well. For example, ideally, your selection will include devices representing all of the hardware models in your environment.
+
+There is more than one way to choose devices for app validation:
+
+- **Existing pilot devices**: You might already have a list of devices that you regularly use for testing updates as part of release cycles.
+- **Manual selection**: Some internal groups like operations will have expertise to help choose devices manually based on specifications, usage, or records of past support problems.
+- **Data-driven analysis**: With appropriate tools, you can use diagnostic data from devices to inform your choices.
+
+
+## Desktop Analytics
+
+Desktop Analytics can make all of the tasks discussed in this article significantly easier:
+
+- Creating and maintaining an application and device inventory
+- Assign owners to applications for testing
+- Automatically apply your app classifications (critical, important, not important)
+- Automatically identify application compatibility risks and provide recommendations for reducing those risks
+
+For more information, see [What is Desktop Analytics?](https://docs.microsoft.com/mem/configmgr/desktop-analytics/overview)

windows/deployment/update/waas-delivery-optimization-reference.md

@@ -119,7 +119,7 @@ Download mode dictates which download sources clients are allowed to use when do
 
 By default, peer sharing on clients using the group download mode is limited to the same domain in Windows 10, version 1511, and the same domain and Active Directory Domain Services site in Windows 10, version 1607. By using the Group ID setting, you can optionally create a custom group that contains devices that should participate in Delivery Optimization but do not fall within those domain or Active Directory Domain Services site boundaries, including devices in another domain. Using Group ID, you can further restrict the default group (for example, you could create a sub-group representing an office building), or extend the group beyond the domain, allowing devices in multiple domains in your organization to be peers. This setting requires the custom group to be specified as a GUID on each device that participates in the custom group.
 
-[//]: # (Configuration Manager Boundary Group option; GroupID Source policy)
+[//]: # (Configuration Manager boundary group option; GroupID Source policy)
 
 >[!NOTE]
 >To generate a GUID using Powershell, use [```[guid]::NewGuid()```](https://blogs.technet.microsoft.com/heyscriptingguy/2013/07/25/powertip-create-a-new-guid-by-using-powershell/)

windows/deployment/update/waas-delivery-optimization-setup.md

@@ -35,6 +35,9 @@ Delivery Optimization offers a great many settings to fine-tune its behavior (se
 >[!NOTE]
 >These scenarios (and the recommended settings for each) are not mutually exclusive. It's possible that your deployment might involve more than one of these scenarios, in which case you can employ the related settings in any combination as needed. In all cases, however, "download mode" is the most important one to set.
 
+> [!NOTE]
+> Microsoft Intune includes a profile to make it easier to set Delivery Optimization policies. For details, see [Delivery Optimization settings for Intune](https://docs.microsoft.com/mem/intune/configuration/delivery-optimization-settings).
+
 Quick-reference table:
 
 | Use case | Policy | Recommended value | Reason |
@@ -66,6 +69,9 @@ To do this in Group Policy go to **Configuration\Policies\Administrative Templat
 
 To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set **DODownloadMode** to **2**.
 
+> [!NOTE]
+> For more about using Delivery Optimization with Configuration Manager boundary groups, see [Delivery Optmization](https://docs.microsoft.com/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#delivery-optimization).
+
 
 ### Large number of mobile devices
 
@@ -139,7 +145,9 @@ Using the `-Verbose` option returns additional information:
 - Bytes from CDN (the number of bytes received over HTTP)
 - Average number of peer connections per download 
 
-Starting in Window 10, version 1903, `get-DeliveryOptimizationPerfSnap` has a new option `-CacheSummary` which provides a summary of the cache status.
+Starting in Windows 10, version 2004, `Get-DeliveryOptimizationPerfSnap` has a new option `-PeerInfo` which returns a real-time list of the connected peers.
+
+Starting in Windows 10, version 1903, `get-DeliveryOptimizationPerfSnap` has a new option `-CacheSummary` which provides a summary of the cache status.
 
 Starting in Windows 10, version 1803, `Get-DeliveryOptimizationPerfSnapThisMonth` returns data similar to that from `Get-DeliveryOptimizationPerfSnap` but limited to the current calendar month.
 
@@ -166,6 +174,30 @@ You can now "pin" files to keep them persistent in the cache. You can only do th
 
 #### Work with Delivery Optimization logs
 
+**Starting in Windows 10, version 2004:**
+
+`Get-DeliveryOptimizationLogAnalysis [ETL Logfile path] [-ListConnections]`
+
+With no options, this cmdlet returns these data:
+
+- total number of files
+- number of foreground files
+- minimum file size for it to be cached
+- number of eligible files
+- number of files with peers
+- number of peering files [how different from the above?]
+- overall efficiency
+- efficiency in the peered files
+
+Using the `-ListConnections` option returns these detauls about peers:
+
+- destination IP address
+- peer type
+- status code
+- bytes sent
+- bytes received
+- file ID
+
 **Starting in Windows 10, version 1803:**
 
 `Get-DeliveryOptimizationLog [-Path <etl file path, supports wildcards>] [-Flush]`

windows/deployment/update/waas-delivery-optimization.md

@@ -32,6 +32,15 @@ Delivery Optimization is a cloud-managed solution. Access to the Delivery Optimi
 >[!NOTE]
 >WSUS can also use [BranchCache](waas-branchcache.md) for content sharing and caching. If Delivery Optimization is enabled on devices that use BranchCache, Delivery Optimization will be used instead. 
 
+## New in Windows 10, version 2004
+
+- Enterprise network throttling: new settings have been added in Group Policy and MDM to control foreground and background throttling as absolute values (Maximum Background Download Bandwidth in (in KB/s)). These settings are also available in the Windows user interface:
+
+![absolute bandwidth settings in delivery optimization interface](images/DO-absolute-bandwidth.png)
+
+- Activity Monitor now identifies the cache server used for as the source for Microsoft Connected Cache. For more information about using Microsoft Connected Cache with Configuration Manager, see [Microsoft Connected Cache](https://docs.microsoft.com/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#microsoft-connected-cache).
+
+
 ## Requirements
 
 The following table lists the minimum Windows 10 version that supports Delivery Optimization:
@@ -54,8 +63,16 @@ The following table lists the minimum Windows 10 version that supports Delivery
 | Windows Defender definition updates | 1511 |
 | Office Click-to-Run updates | 1709 |
 | Win32 apps for Intune | 1709 |
+| Office installations and updates | 2004 |
+| Xbox game pass games | 2004 |
+| MSIX apps (HTTP downloads only) | 2004 |
 | Configuration Manager Express Updates | 1709 + Configuration Manager version 1711 |
 
+> [!NOTE]
+> Starting with Configuration Manager version 1910, you can use Delivery Optimization for the distribution of all Windows update content for clients running Windows 10 version 1709 or newer, not just express installation files. For more, see [Delivery Optimization starting in version 1910](https://docs.microsoft.com/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#bkmk_DO-1910).
+
+
+
 <!-- ### Network requirements
 
 {can you share with me what the network requirements are?}-->
@@ -124,6 +141,30 @@ For the payloads (optional):
 
 **How does Delivery Optimization deal with congestion on the router from peer-to-peer activity on the LAN?**: Starting in Windows 10, version 1903, Delivery Optimization uses LEDBAT to relieve such congestion. For more details see this post on the [Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-Transport-converges-on-two-Congestion-Providers-Cubic/ba-p/339819).
 
+**How does Delivery Optimization handle VPNs?**
+Delivery Optimization attempts to identify VPNs by checking the network adapter type and details and will treat the connection as a VPN if the adapter description contains certain keywords, such as "VPN" or "secure."
+
+If the connection is identified as a VPN, Delivery Optimization will not use any peer-to-peer activity. However, you can allow peer-to-peer activity over a VPN by using the {WE SHOULD NAME OR POINT TO THIS POLICY} policy.
+
+If you have defined a boundary group in Configuration Manager and have for VPN IP ranges, you can set the DownloadMode policy to 0 for that boundary group to ensure that there will be no peer-to-peer activity over the VPN.
+
+With split tunnelling, it's best to exclude the boundary group for the VPN devices to exclude it from using peer-to-peer. (In this case, those devices won't get the policy and will default to using LAN.) If you're using split tunnelling, you should allow direct access for these endpoints:
+
+Delivery Optimization service endpoint:
+- `https://*.prod.do.dsp.mp.microsoft.com`
+
+Delivery Optimization metadata:
+- `http://emdl.ws.microsoft.com`
+- `http://*.dl.delivery.mp.microsoft.com`
+
+Windows Update and Microsoft Store backend services and Windows Update and Microsoft Store payloads
+
+- `http://*.windowsupdate.com`
+- `https://*.delivery.mp.microsoft.com`
+- `https://*.update.microsoft.com`
+- `https://tsfe.trafficshaping.dsp.mp.microsoft.com`
+
+For more information about this if you're using Configuration Manager, see this post on the [Configuration Manager blog](https://techcommunity.microsoft.com/t5/configuration-manager-blog/managing-patch-tuesday-with-configuration-manager-in-a-remote/ba-p/1269444).
 
 ## Troubleshooting