Windows: AI-powered, cloud-enabled, and secure

At Microsoft Ignite 2024, Windows is showcasing new innovations powered by AI, delivered from the cloud, and focused on bolstering security and resiliency. We are reinventing what IT can achieve as part of a unified Microsoft end-user computing solution, which is more intelligent, secure, and efficient to manage—unlocking greater productivity for everyone.

Below, we highlight the Microsoft Ignite announcements that reinforce our commitment to getting you and your organization future-ready. Windows is focused on bringing innovations that create new opportunities for people, organizations, and partners alike.

Work flexibly and securely from the cloud

Today we announced Windows 365 Link, the first Cloud PC device, purpose-built to connect securely to Windows 365 in seconds, providing a responsive, high-fidelity Windows desktop experience in the Microsoft Cloud. Windows 365 Link is simple to manage using Microsoft Intune alongside other PCs, with minimal applicable configuration policies given its small Windows-based OS footprint. Security baseline policies are enabled by default and security features cannot be turned off, helping to ensure corporate data remains protected within the Microsoft Cloud. Windows 365 Link is compact, fanless, and lightweight, making it convenient to ship direct to users. It is also an ENERGY STAR® certified device, which means it has lower energy consumption than most desktops with external monitors and peripherals connecting to Windows 365. Windows 365 Link is available now in preview and will become generally available for purchase at $349 starting April 2025 in select markets.

Windows 365 Frontline can now be provisioned in shared mode. Now in preview, shared mode offers a new way to access Windows 365 Cloud PCs. Designed for brief, ad-hoc tasks, shared mode provides a secure, non-personalized desktop environment that can be shared non-concurrently among a group of users. User data is deleted upon logoff.

Windows in mixed reality brings the full capabilities of Windows 11 to mixed reality headsets, starting with Meta Quest 3 and Quest 3S. Access to your local Windows PC or Windows 365 Cloud PC from a Quest headset is seamless and it takes only seconds to connect to a private, high-quality, multiple-monitor workstation. This will be available in public preview in December.

We announced new features for Azure Virtual Desktop to streamline management and improve flexibility. App attach now supports integration with partner delivery solutions allowing admins to manage both on-premises and cloud applications from a single console. App attach also supports App-V packages for easier migration to the new MSIX format.

Azure Virtual Desktop for Azure Stack HCI has been rebranded as Azure Virtual Desktop for Azure Local. No feature or pricing updates are planned in conjunction with this name change. Enhanced Host Pool Management (preview) offers tools for deploying and managing session hosts, including features like scalable deployment, updating, and ephemeral disks.

Windows 365 and Azure Virtual Desktop bring a range of advanced features to enhance security, authentication and management for Windows in the Cloud.

• Faster reauthentication, now in public preview, lets IT admins enforce re-authentication based on sign-in frequency policies.
• FIDO and passkeys on MacOS provide a secure and passwordless way to sign in on MacOS, in addition to what has been available on Windows. These features collectively improve security, flexibility and control for both managed and unmanaged environments.
• Mobile application management (MAM) for iOS and Android (preview) enhances device redirection and strengthens security on unmanaged or externally managed devices.
• Windows App MAM support for iOS and Windows App MAM support for Android (preview) allow organizations to define device security criteria and customize access, supporting bring your own device (BYOD) scenarios.

Microsoft Purview Customer Lockbox provides data protection for Windows 365 by bringing users into the approval workflow process to help ensure only authorized requests allow access to content. This is generally available.

Port 3389 is disabled by default for all newly provisioned and re-provisioned Windows 365 Cloud PCs. This is now generally available. For more details, see Network requirements for Windows 365 Enterprise.

“Now with Windows 365, we have one integrated solution that leads to security, that leads to cost efficiency, that leads to much better employee productivity and employee experience.” – Vineet Gupta, Head of Employee Experience, HP

Security and resiliency – our top priority

Windows continues to focus on strengthening security and system integrity. We are announcing important updates to ensure we continue with the highest standards in Windows 11.

As part of our continued commitment, we are introducing the Windows Resiliency Initiative covering four areas of work:

• Strengthen reliability based on learnings from the outages we saw in July
• Enabling more apps and users to run without admin privileges
• Stronger controls for what apps and drivers are allowed to run
• Improved identity protection to prevent phishing attacks

Empowering IT administrators with great tools during critical times is a top priority. Our first step is born out of the learnings from the July 2024 outage with the announcement of Quick Machine Recovery. This feature will enable IT administrators to execute targeted fixes from Windows Update on PCs, even when machines are unable to boot, without needing physical access to the PC. This remote recovery will unblock users from broad issues much faster than has been possible in the past. This feature will be available to the Windows Insider Program community in early 2025.

Strengthening Windows security through partner collaboration

We are also evolving our partnership with the endpoint security partners you rely on to keep your employees safe. For over 20 years, we have collaborated deeply with these partners as part of the Microsoft Virus Initiative (MVI). These partners have extensive integration with the Windows platform and play a significant role in safeguarding the digital portfolios of organizations around the world.

This summer we brought together a group of industry leaders and partners to discuss new ways we can work together to ensure that Windows 11 remains the most secure and resilient operating system. As an outcome of that summit, MVI partners are required to take specific actions to improve security and reliability. In addition to increased testing and strengthened incident response processes, these partners must follow safe deployment practices for updates to your Windows endpoints. The practices include controlled gradual rollouts, and the monitoring and recovery procedures such as those recently shared by the U.S. Cybersecurity and Infrastructure Administration (CISA).

The close Microsoft collaboration with MVI partners also includes working on new Windows platform capabilities to enable running antivirus processing outside kernel mode. This will enable antivirus products on Windows to provide a high level of security while minimizing reliability risks, as crashes outside kernel mode will only affect the anti-virus application, and not all of Windows. A private preview of these new Windows security platform capabilities will be made available to partners in July 2025.

Our focus on Windows security goes beyond close collaboration with MVI partners. Our Windows Secure by Design strategy is a comprehensive approach to ensuring that Windows 11 is the most secure operating system we have ever built, from the moment you power on your PC. In fact, with Windows 11, we've achieved a remarkable 3x reported reduction in firmware attacks and 2.9x fewer instances of credential theft compared to Windows 10.¹

Enhancements that raise the security bar

We continue to raise the security bar with hardware security baseline requirements, security at every endpoint, and security features turned on by default.

• Hardware security baseline: Organizations expect that every Windows 11 PC is safe and secure. Windows 11 uses the latest hardware security features, such as TPM 2.0 and Secure Boot, to provide a robust defense against sophisticated attacks. Hardware security baselines now provides organizations with a consistent foundation and the confidence they expect in their operating system.
• User-centric security enhancements: Guided by the Microsoft Secure Future Initiative, we are making three big changes to deliver the highest level of Windows security. Smart App Control and App Control for Business policies to provide peace of mind that only verified apps can run on your device, helping fend off attacks like malicious attachments or even social engineered malware. Windows Hello authentication has been extended to passkeys, so you no longer must choose between a simple sign-in and a safe one.
• Administrator protection: We have introduced a new feature in preview where employes have standard user permissions by default but can still make Windows system changes, including app installation, when necessary. With Administrator protection enabled, if a system change requires administrator rights, the employee is prompted to authorize the change using Windows Hello. Upon approving the change, Windows creates a temporary isolated admin token that is destroyed once the process is complete. Administrator Protection helps to ensure that only employees remain in control, not malware.

Additionally, Windows 11 Enterprise now includes Personal Data Encryption for known folders, adding a second layer of protection that encrypts individual files in the Documents, Desktop, and Picture folders—ensuring that they can only be accessed by the user when logged in with Windows Hello, even when the device is on or in standby.

Windows Server 2025 offers new features, services, and an easy upgrade path. The new Windows Backup for Organizations with Entra ID Accounts supports settings backup and restoration for Windows 10/Windows 11 devices that are Hybrid or Entra ID joined, streamlining setup for reimaged or new Windows 11 devices.

To learn more about the latest security enhancements, read David Weston's post on Windows Security and Resiliency: Protecting Your Business. And, for detailed insights into these features and our Windows security priorities, check out the updated Windows 11 Security Book. It provides a comprehensive view of our commitment to the Microsoft Secure Future Initiative and our aligned Windows security goals.

“Windows 365 and Windows 11 provided us with the capability, the operational resilience, the security that we needed to be able to provide a secure platform on which to build our products and services off.” – Sandra Lee, Group Chief Information Security Officer at the London Stock Exchange Group

Advance your goals with Copilot: New features for Copilot+ PCs

Windows makes computing more intelligent, intuitive and flexible, so you can do your best work and focus on what matters. With an AI assistant for work, supercharge your productivity and creativity, to work smarter, not harder. Copilot helps you advance your goals, putting AI to work for you.

With an integrated neural processing unit (NPU), Copilot+ PCs provide unique AI experiences and rich contextual insights across applications, with near real-time processing capabilities and support for the next generation of AI applications. When you add Microsoft 365 and a suite of innovative tools—including a large language model, graph, and productivity features—employees can improve workflows, communicate effectively, and collaborate more efficiently.

With the introduction of Copilot+ PCs, Windows has been rearchitected, in collaboration with AMD, Intel, Qualcomm, and original equipment manufacturer (OEM) partners, to optimize every layer of the stack for AI experiences. Copilot+ PCs are the fastest, most intelligent, and the most secure PCs we've ever built. Together, Windows 11 on Copilot+ PCs with Microsoft 365 deliver experiences that enrich and empower people and organizations in valuable new ways.

Our current innovations focus on three key aspects of the end-user experience: simplifying workflows, helping people find information faster, and improving communication tools so everyone can be seen, heard, and understood. Together, Windows 11 and Microsoft 365 offer an experience with fewer clicks, less friction, richer context, and greater capabilities for everyone.

Recall (preview): disabled by default

Earlier this year, we introduced a preview of Recall for Copilot+ PCs, designed to help you quickly locate previously viewed content on your PC. We heard your feedback on needing a secure, controllable experience for using Recall in your organizations. Recall will be disabled by default and IT can enable this feature through new policies before it will be made available to individuals for opting in. Recall will ship with meaningful security enhancements, including additional layers of data encryption and Windows Hello protection making it one of the most secure experiences we have ever built. Our goal is to ensure that your employee and organizational data is protected from the beginning, and we look forward to hearing your feedback on this new experience.

AI assistance at your fingertips

Another recently announced feature for Copilot+ PCs is Click to Do (preview), a powerful productivity tool that assists with tasks across applications, including summarizing any on-screen content—even during a Teams call. Click to Do will release first to our Windows Insider community on Copilot+ PCs before rolling out more broadly. It is designed to connect people to quick AI-powered actions based on the context of what's on screen, making it faster and easier to get things done, in secure and private workflows.

Finding files and information faster

A seamless workflow relies on quickly finding what you need. People often struggle to locate files or information on their PC and across applications. Copilot+ PCs, with powerful NPUs, will reduce this frustration using Improved Windows Search, which uses federated semantic search to interpret user intent even when it doesn't match the exact file name. This feature will be released first to our Windows Insider community on Copilot+ PCs, starting early next year, before rolling out more broadly. Those using Microsoft 365 Copilot can search both local and cloud files, boosting efficiency. These capabilities will expand to the Windows search box and Settings in the future.

Achieve efficiency with unified endpoint management

We continue to make progress on simplifying Windows endpoint management, enhancing security, productivity, and efficiency for organizations moving to Windows 11. As the end of support for Windows 10 approaches, there has never been a better time to upgrade to Windows 11, a more secure and resilient computing environment that empowers you to protect your data, optimize productivity, and remain competitive in the rapidly evolving digital landscape. And with features like Windows Backup for Organizations with Microsoft Entra ID Accounts coming in public preview in the first half of 2025, the transition to Windows 11 is easier than ever before. To learn more about the tools and resources at your disposal, see Plan for Windows 11.

And, as more of our customers make the move to the cloud, we continue to support them with Cloud PCs, cloud services, and cloud management tools. Today at Ignite we announced several new features to help IT management ensure they can minimize the impact to the already stretched resources within their teams.

Unifying update management with Windows Autopatch

The Windows Update for Business deployment service has now been woven into Windows Autopatch, providing a more cohesive and streamlined update experience. With this change, organizations can use Windows Autopatch to simplify keeping their Windows devices up to date. This automation helps to ensure the seamless deployment of updates for the Windows operating system, Microsoft 365 Apps for enterprise, Microsoft Teams, and Microsoft Edge. We've seen that organizations utilizing Windows Autopatch have reported up to a 95% reduction in the time required to deploy feature updates.²

The unified dashboard for Windows Autopatch in the Microsoft Intune admin center allows for easy management of update policies, groups, status, and reports, enabling IT professionals to maintain the level of control needed for their organization. This approach aims to reduce complexity, enhance compliance and security, and improve resource allocation. This dashboard ensures timely updates, minimizes disruptions, and frees IT resources for strategic initiatives, without requiring additional licensing.

Hotpatching comes to Windows 11 Enterprise

Hotpatch for Windows is an innovative feature in preview, aimed at boosting both productivity and security. With hotpatching, updates are downloaded in the background and become effective immediately upon installation, eliminating the need for a device restart. This enables people to work without interruptions, while keeping systems protected with the latest security updates. When combined with Windows Autopatch, hotpatching streamlines the update process and significantly shortens the time needed for applying updates. Hotpatching will also be available on Windows 365 Cloud PCs.

Secure printing with Universal Print

For those managing print solutions, Universal Print (preview) now includes pull print functionality, allowing users to securely release print jobs at any compatible printer, minimizing waste and improving document confidentiality. This modern approach to print management aligns with Zero Trust principles and ensures secure, convenient access across distributed workforces.

Building accessible technology for today and tomorrow

Microsoft is committed to fostering a more inclusive digital world by embedding accessibility features directly into products like Windows, Teams, and Microsoft 365. Windows drive for innovation shows up clearly in making technology—and the opportunities it unlocks—fully inclusive. As IT leaders, you can ensure everyone in your organization can do their best work by empowering them through Windows Accessibility features and products like Microsoft 365 Copilot. Dave Dame, a senior Microsoft Engineering leader on Accessibility, offers an insightful and compelling look at the true value of accessible technology.

Evolving to meet customer needs

By integrating AI, strengthening cloud capabilities, and streamlining management, Windows supports organizations in staying resilient and productive amid continuous change. Innovation and security are at the forefront as we create seamless and secure experiences for every customer and organization. With the new capabilities in Windows 11, Copilot+ PCs, and Windows 365, we continue to unlock everyone's full potential. And this is just the beginning. We're committed to continuous innovation and improvement through enhanced security, better performance, transformative AI experiences, and more. We are building a future where Windows empowers every user and organization to achieve more.

¹ Windows 11 Survey Report. Techaisle, September 2024. Commissioned by Microsoft. Windows 11 results are in comparison with Windows 10 devices.

² On some devices, Copilot+ PC experiences require free updates available starting later this year and continuing into 2025. Timing varies by device and region. See https://aka.ms/copilotpluspcs.