Intune finally has a Delivery Optimization device config profile. Before you go turning on any configurations, you need to know what you should set. First, pick the right download mode. We’ve already discussed this on the blog, but here’s a refresher in case you don’t like clicking.
Not configured: not being managed.
HTTP only, no peering: can get content from peers, just can’t serve it.
HTTP blended with peering behind same NAT: peering within the same org via GroupIDs. If no GroupID is set, then by default devices will peer within AD Site/Domain.
HTTP blended with peering across private group: like above, but can peer across the NAT. You’ll need to set the GUIDs yourself. This is what we recommend, and it will be discussed below.
HTTP blended with internet peering: a seeding/peering free for all.
Simple download mode with no peering: no peering, no seeding, no connecting to the DO cloud service.
Bypass mode: no peering, no seeding, no DO – in an on-prem network you’d want to rely on BranchCache to get the job done – it’s not on by default so you’ll need to enable it. Why do we recommend HTTP blended with peering across private groups? Because you can create your own custom peering groups. These custom groups are independent of AD Sites and domains. It’s more flexible and allows the admin who knows the organization to decide the best way to construct groups.
As stated above, we are interested in HTTP blended with peering across private group.
Next, we need to create several custom settings. Every CSP we set will be starting with ./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/ and, for further reading fun, there’s a whole page on documented DO CSPs that you can set. Using this, we can build out the settings profile that we want. In the screenshot below, I’ve run the MMAT tool on a domain joined PC with DO policies targeted to it to ensure what I want to control in AAD is supported. Lucky us, it is.
Now I can start building out my settings template. You could create and apply the settings all in one template, but I recommend setting the Group ID per Azure AD Device Group because the GUIDs need to be unique. Otherwise if all devices are using the same GUID, they will all be sharing, and that could be really bad 
If you work in an environment that doesn't allow PowerShell, you need to go to a site like https://guidgen.com to generate the GUID for the Group ID. If you work in an environment that allows PowerShell, then you can use PowerShell to get your GUID using new-guid. GUIDs for DO have to be unique and in proper GUID format.
Here’s the settings worth applying at bare minimum:
Download mode: That was already taken care of in the first step, no need to set it with a custom OMA-URI. If the profile is configured and applied, you’re good to go. To check, go into the Delivery Optimization setting in the Windows 10 Settings app. It should be greyed out as it would be if set by legacy group policy.
Group ID:
Name – DO Group ID
OMA-URI: ./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/DOGroupID
Data Type: XML
Value: paste in your GUID – must be enclosed in curly braces {or you’ll get an error}
To validate this, you can go to the Overview, per setting status if you’re applying multiple settings, or device status of the profile in Intune, or check on the client. The DO settings when MDM managed are stored here in the registry: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\DeliveryOptimization
Setting the max cache age is good when you have a lot of disk space to sacrifice to the cache. Just know DO is going to empty the cache when it reaches its maximum threshold which is 10GB or 20% by default depending on which setting you have enabled. Any setting dealing with size, percent, or time will require the data type to be ‘Integer’.
Name: Max cache age
OMA-URI: ./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/DOMaxCacheAge
Data Type: Integer
Value: (this value is in seconds, default is 3 days)
A setting we shouldn’t forget about is minimum RAM usage. While the default value of 4GB isn’t going to be a big deal on most modern devices which have 8GB-16GB RAM out of the box, if you’re testing in a VM, or pieced-together hardware such as a loaner laptop, etc. You’ll want to lower the number so that those devices or VMs can play too.
Name: Set DO MinRAMAllowedToPeer
OMA-URI: ./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/DOMinRAMAllowedToPeer
Data Type: Integer
Value: 1
By Rita
By Phil
By Andreas
By Andreas
Doris The Bot..