Getting started with Microsoft Connected Cache

This new year starts with an introduction to Microsoft Connected Cache and is sort of a follow-up on this post of about 4 years ago. That time it was about the addition of Connected Cache for Win32 apps in Configuration Manager. Now, 4 years later, Connected Cache is available as a standalone product and can be used to serve content for Windows feature and quality updates, Microsoft 365 Apps and updates, Intune apps, Store apps, and Windows Defender definition updates. Basically, Connected Cache is a software-only caching solution for delivering Microsoft content within the environment. It can be managed via the Azure portal and it can be deployed to Windows and Linux hosts. No matter if those hosts are physical or virtual. Connected Cache basically enables organizations to protect the WAN link on any location that needs it. In other words, better control of the download behavior of Windows clients. Those Windows clients can be configured to use a specific Connected Cache host via Delivery Optimization, by using Microsoft Intune. This post will start with a brief introduction about Connected Cache, followed with the steps for setting it up. This post will end with the configuration of Delivery Optimization and the experience with Connected Cache.

Note: Keep in mind that using a Microsoft Connected Cache node requires at least Windows Enterprise E3/A3.

Introducing Microsoft Connected Cache

When looking at getting started with Connected Cache it’s good to start with a brief introduction to Connected Cache. Conceptually it’s pretty straightforward, as it’s mainly a caching solution that prevents all Windows clients to directly reach out to the Content Delivery Network (CDN) to get the required content for Windows feature and quality updates, Microsoft 365 Apps and updates, Intune apps, Store apps, and Windows Defender definition updates. Instead the Windows clients will reach out to their (local) cache host to download the required content. That means less load on the WAN link. Technically it’s a little less straightforward, as Connected Cache requires many services to work together. The following components all play a part in the complete solution of Connected Cache.

• Azure services: The Azure portal is used for creating and configuring Connected Cache nodes, and Azure IoT Edge container management service is used for deploying the Connected Cache container to the host. 
• Connected Cache host: The Connected Cache host is the Windows or Linux host that is used for caching content, that is requested by Windows clients, and delivering the requested content to those Windows clients.
• Microsoft Intune services: The Microsoft Intune services are used for configuring Delivery Optimization (DO) on Windows clients to use the Connected Cache host.
• Delivery Optimization services: The Delivery Optimization (DO) services are used by Windows clients to download required Microsoft content from alternate sources, in addition to the traditional internet-based servers.
• Content Delivery Network: The Content Delivery Network (CDN) contains the Microsoft content and is used for filling the cache of the Connected Cache host and can be used by Windows clients as fallback location for content. 

Setting up Microsoft Connected Cache

After being familiar with the the components that are in play with Connected Cache, it’s time to look at setting it up. Setting up Connected Cache contains creating an Azure resource, and creating and configuring the Connected Cache node. Once completed, the last step is to actually deploy the Connected Cache software to a Windows host.

Step 1: Creating the Connected Cache Azure resource

The first step is creating the required Connected Cache Azure resource. That Azure resource will eventually contain the Connected Cache node(s). The following four steps walk through the actions for creating that Azure resource.

1. Open the Microsoft Azure portal and navigate to All services > Connected Caches for Enterprise & Education
2. On the Connected Caches for Enterprise & Education page, click Create Connected Caches for Enterprise & Education
3. On the Basics page, select the Subscription, Resource Group and Location that should be used for the Connected Cache resource, specify a unique name for the Connected Cache resource, and click Review + Create

4. On the Review + Create page, verify the configuration and click Create

Step 2: Creating the Connected Cache node

The second step is creating the Connected Cache node within the created Azure resource. That node will eventually contain the required settings for deploying the Connected Cache node. The following three steps walk through the actions for creating that Connected Cache node for a Windows host.

1. Open the Microsoft Azure portal and navigate to All services > Connected Caches for Enterprise & Education
2. Select the just created Connected Cache resource, navigate to Cache Node Management > Cache Nodes and click Create Cache Node
3. On the Create Cache Node page, as shown below in Figure 2, specify a unique name for the Connected Cache node, select the Windows as the platform and click Create

Step 3: Configuring the Connected Cache node

The third step is to go through the configuration of the created Connected Cache node. That configuration contains the details of the Connected Cache node that determines its size, connectivity, provisioning, and update behavior. The following five steps walk through the actions for further configuring the Connected Cache node for a Windows host.

1. Open the Microsoft Azure portal and navigate to All services > Connected Caches for Enterprise & Education
2. Select the just created Connected Cache resource, navigate to Cache Node Management > Cache Nodes and select the just created Connected Cache node
3. On the Configuration page, as shown below in Figure 3, specify the following information and click Save

• Operating System: This information is already specified based on the selected platform during the creation
• Cache drive folder: This information is fixed when installing on a Windows host
• Cache drive size: Specify the cache drive size that can be used by the Connected Cache node
• Enable proxy: (Optional) Select this box when the connection to the Internet is through an unauthenticated proxy server
• Proxy host name or IP address: (Optional) Specify the proxy host name or IP address when using a proxy server
• Port: (Optional) Specify the port number when using a proxy server

Note: The installation of Connected Cache will already used 8GB of the available cache drive size.

4. On the Provisioning page, as shown below in Figure 4, choose the account used as the Connected Cache runtime account and click Save

Note: The choice is between Group Managed Service Account (gMSA) and local user account. That account must be available during installation of the Connected Cache host and must have Log on as a batch job on the Windows host.

5. On the Updates page, as shown below in Figure 5, choose the update (speed) ring that should be used for the Connected Cache node and click Save

Note: The choice is between the fast and slow update ring, in which the fast update ring keeps nodes updated immediately and the slow update ring waits a maximum of 5 weeks to keep nodes updated.

Step 4: Deploying Connected Cache caching software to Windows host

The fourth and last step is to actually deploy the Connected Cache caching software to a Windows host. That deployment embraces multiple activities, from preparing the Windows host to actually running the provisioning script. When deploying the Connected Cache software, using a local user account on a Windows host, make sure to go through the following 4 steps.

1. Prepare the Windows host for the provisioning of the Connected Cache node

• Install Windows Subsystem for Linux on the Windows host
• Create the local user account on the Windows host and store the password
• Permit the local user account to Log on as a batch job on the Windows host

2. Download the provisioning package from the Connected Cache node configuration and extract the files
3. Copy the Cache Node Provisioning Command from the Connected Cache node provisioning configuration
4. Run the cache node provisioning command on the Windows host

• Open a PowerShell windows as an administrator
• Change the directory to the location of the extracted provisioning package
• Set the ExecutionPolicy to Unrestricted or ByPass to allow the provisioning script to rung
• Set the $User variable to the created local user account in the format of ‘Computer\User‘
• Set the $myLocalAccountCredential variable to a PSCredential object based on the username and password (in a secure string) of the created local user account
• Run the copied cache node provisioning command with the different variables

Note: Forgetting the Log on as a batch job on the Windows host will result in error 2147943785 during the deployment.

Configuring Delivery Optimization on Windows clients

After setting up the Connected Cache node, it’s time to make sure that Windows clients will actually use that Connected Cache node for their Microsoft content. That can be achieved by using Microsoft Intune to configure Delivery Optimization on the Windows clients. More specifically, by configuring the DOCacheHost or DOCacheHostSource policies. Luckily, those settings are already available within the Settings Catalog and that makes the configuration pretty straightforward. The following 8 steps can be used to at least configure the DOCacheHost to specify the Connected Cache host, by using Settings Catalog.

1. Open the Microsoft Intune admin center portal and navigate to Devices > Windows > Configuration profiles
2. On the Windows | Configuration profiles blade, click Create > New Policy
3. On the Create a profile blade, select Windows 10 and later > Settings catalog and click Create
4. On the Basics page, provide at least a unique name to distinguish it from similar profiles and click Next
5. On the Configuration settings page, as shown below in Figure 5, perform the following actions and click Next

• Click Add settings, navigate to Delivery Optimization and select the following setting in Settings picker
  • DO Cache Host 
• Specify the fully qualified domain name (FQDN) or IP address of the Connected Cache node to make sure that Windows clients know where to locate their Microsoft content

6. On the Scope tags page, configure the required scope tags and click Next
7. On the Assignments page, configure the assignment for the required user or devices and click Next
8. On the Review + create page, verify the configuration and click Create

Note: To improve the chances of pulling content from the Connected Cache node, configure the delay before falling back to other the HTTP source, by using DelayCacheServerFallbackBackground and DelayCacheServerFallbackForeground. 

Experiencing Microsoft Connected Cache

When the Connected Cache node is configured and deployed, and the Windows clients are configured, it’s time to have a brief look at the experience with that new set up. There are multiple methods to see if the setup is working. In other words, to see if the Windows clients are actually using the Connected Cache node. The easiest method is by looking at the key metrics of the Connected Cache node. Those metrics are available within the overview of the Connected Cache resource, as shown below in Figure 7. That provides a clear overview of the outbound traffic of the Connected Cache resource, including the content type. In this specific case it clearly shows that it’s being used for content of Intune and Windows Updates.

Besides that, it’s also possible to look at Connected Cache from a Windows client perspective. That also can be done in multiple different ways. The easiest and the most efficient ways for getting a brief overview are using the Activity monitor for Delivery Optimization and using the Delivery Optimization Troubleshooter. The former is a page in the Settings app and the latter is a PowerShell script provided by Microsoft via the PowerShell Gallery. Below in Figure 8 is a brief overview of both options. Simply use DeliveryOptimizationTroubleshooter.ps1 -MCC to get a brief overview of the Windows client configuration and the usage information and advice, as shown below on the left. Or simply navigate to Windows Update > Advanced options > Delivery Optimization > Activity monitor for download statistics. That includes the usage of the Connected Cache node, as shown below on the right. In this case it’s an active Windows client that started to use the Connected Cache node.

More information

For more information about the introduction of Microsoft Connected Cache, refer to the following docs.

• Microsoft Connected Cache overview | Microsoft Learn
• Microsoft Connected Cache for Enterprise and Education Overview | Microsoft Learn
• Create and configure Microsoft Connected Cache nodes | Microsoft Learn
• Deploy Microsoft Connected Cache software to a Windows host machine | Microsoft Learn