For those of you who have started deploying windows 10 1607, you might notice a change in the behavior of the Windows Update agent for PCs that are configured to pull updates from wsus. Instead of pulling the updates from WSUS, PCs may start grabbing them from peers on your network, leveraging the delivery optimization service for referrals to other PCs that have already obtained the content. This change should generally help reduce the amount of network traffic being generated for both quality (monthly) updates and feature updates, offloading that traffic from the WSUS server. It will add some additional traffic between each client PC and the Delivery Optimization service on the internet, as it has to talk to this internet-only service in order to get a list of peers.
If the Windows Update agent can't talk to the Delivery Optimization service (due to firewall or proxy configurations), or if there are no peers able to provide the content, it will then go ahead and grab the content from the WSUS server.
There is a new group Policy setting available if you want to disable this behavior, e.g. because you are already using branchcache for peer-to-peer sharing. To do this, you need to set the “Download Mode” policy under “Computer Configuration –> Administrative Templates –> Windows Components –> Delivery Optimization” to specify “Bypass” mode, which will result in the client always using BITS to transfer the content from WSUS (with BranchCache jumping in to provide the peer-to-peer capabilities through its integration with BITS):
Of course to set this policy, you need the latest admx files, which can be downloaded from https://www.microsoft.com/en-us/download/details.aspx?id=53430 and are also included in windows 10 1607 and windows server 2016. (The “Bypass” setting wasn't available in previous versions.) See https://support.microsoft.com/en-us/kb/3087759 for details on how to update the Group Policy central store with these latest ADMX files, if you are using a central store.