Blog Post

Windows IT Pro Blog
6 MIN READ

Windows news you can use: May 2024

ThomasTrombley's avatar
May 30, 2024

With so much going on this month, let's get you caught up on how Windows 11 management and security improved. We'll jump into what you need to know as an IT admin or decision maker to get ahead of your competition. In line with our Microsoft Secure Future Initiative,[1] the latest features, capabilities, services, and tools prioritize security above all else. And remember, keeping your Windows environment updated helps you keep it protected.

New in Windows security

Looking for a recap of the latest and upcoming Windows 11 security features? Check out New Windows 11 features strengthen security to address evolving cyberthreat landscape.

New in device management

  • [WINDOWS 11] Try the updated Windows 11 setup guide. Access it from the Microsoft 365 admin center or from our online Windows setup guides repository.
  • [INTUNE] This month, you can use Microsoft Intune to allow people at your organization to check for and install the latest Windows 11 feature updates as optional updates. See how in More flexible Windows feature updates.
  • [AUTOPILOT] Set Windows Autopilot device preparation policies to simplify device enrollment and deployment. In the Microsoft Intune admin center, go to Devices > Enrollment > Device preparation policies. Learn how to add devices to groups, assign policies and scripts, improve reporting, and more in Windows deployment with the next generation of Windows Autopilot.
  • [AZURE WORKBOOKS] Troubleshoot your Windows Update for Business reports with a new DeviceDiagnosticDataNotReceived alert to identify any devices that might appear missing upon enrollment. Start in portal.azure.com and navigate to Monitor > Workbooks > Insights. Open the Windows Update for Business workbook > Overview > Total devices > View details > Missing devices. Find further guidance in Missing devices in Windows Update for Business reports.
  • [AUTOPATCH] Starting May 27, check out new features available in Windows Autopatch. Set your service level objectives to keep at least 95% of your devices up to date. If needed, import Microsoft Intune update rings for Windows 10 and later updates into Windows Autopatch. Finally, notice more timely and accurate reporting with the faster refresh time of just 30 minutes and service synchronization every 1 hour.
  • [AUTOPATCH] Get a list of all Windows Autopatch policy conflicts along with affected devices and follow recommended actions. From Microsoft Intune admin center, go to Devices > Policy health (preview).
  • [AUTOPATCH] Try the new post-update reliability report. Go to the Microsoft Intune admin center and navigate to Reports > Windows Autopatch > Windows quality updates. Select the Reports tab and then the Reliability report.
  • [INTUNE] Check out a new Windows update distribution report for devices managed (or co-managed) by Microsoft Intune. Access this feature from the Intune admin center. Navigate to Reports > Windows Updates > Reports tab > Windows Update Distribution Report.
  • [BYOD] If you allow people at your organization to manage their own PCs, tell them about these enhancements, which require authentication of their Microsoft account. Authenticated users within your organization can now manage their Windows 11 Pro PCs from a new location: Settings > Accounts > Linked devices. Additionally, there's a new account manager available from the Start menu. Employees can easily manage their account settings and explore account benefits right there. Furthermore, two new actions are available from Windows account settings: add a recovery email address and back up sound preferences. Authenticated users can also take advantage of the Windows Backup app. Keep an eye out for these features as they gradually roll out, starting with the May 2024 non-security preview update.

New in Copilot

  • [COPILOT IN WINDOWS] Get ready to manage Copilot as a standalone application. As this change rolls out, you'll be able to manage the Copilot app using the same familiar tools that you use to manage modern apps more broadly in your organization, such as Microsoft Intune. We intend to remove the current policies that manage Copilot in Windows (in preview) in the coming months. Learn about the details of this transition in Evolving Copilot in Windows for your workforce.
  • [COPILOT+ PCs] Plan to refresh your organizational devices with new Copilot+ PCs. These new Windows 11 devices have the most advanced security features. Additionally, Copilot+ PCs include a new physical key that invokes Copilot along with many AI features out of the box.
  • [RECALL] A new Windows 11 productivity feature, Recall, is included in Copilot+ PCs. Users can search through the snapshot history of their computing sessions, securely saved on their local drive, in two ways. These include an explorable timeline and a semantic search box. Just check that devices in your organization have 256 GB or more of total drive space and at least 50 GB free to use Recall. Learn how to Manage Recall for Windows clients to enable or disable Recall via MDM, policies, or Windows Settings > Privacy & Security > Recall & Snapshots. Then help other people at your organization configure Privacy and control over your Recall experience.

New in Windows Server

New in productivity and collaboration

  • [WINDOWS 11] Get ready for the upcoming annual feature update by trying Windows 11, version 24H2 in the Release Preview Channel of the Windows Insider Program. If you're on this channel, download this feature update from Settings > Windows Update. You can also let some of the people at your organization validate this update using Windows Update for Business and Windows Server Update Services.
  • [FILE EXPLORER] To manage your files faster, just drag and drop them onto any of the breadcrumbs of the File Explorer address bar. Try it out in the May 2024 non-security preview update before it rolls out for your users with the June 2024 security update[2]. And if you're on the Windows Insider Program's Beta Channel, duplicate any tab by right clicking on it and check out new file compression and decompression options.
  • [SHARING] If you're a Windows Insider in the Canary Channel or have installed the May 2024 non-security preview update, check out two new capabilities for sharing in Windows. Use it to quickly share files, URLs, and email yourself across devices and apps within your Microsoft account. Just ensure that you're signed in to your organization's Microsoft Entra ID[2]. To share URLs and cloud files as QR codes, select the share button in the Microsoft Edge toolbar and choose "Windows share options." For Windows Insiders in the Beta Channel, you can now copy files from the Windows Share window.

Remember, you're not just keeping your organization protected; you're shaping its future. Catch you at the next "Windows news you can use" installment—stay curious!


Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X/Twitter. Looking for support? Visit Windows on Microsoft Q&A.


[1] Learn more about the Microsoft Secure Future Initiative.

[2] This feature might not be available to all users because it will roll out gradually.

Updated May 30, 2024
Version 1.0
  • Second wroot.

    Without ajtek WAM, Microsoft WSUS is far from being useful for Windows Server and Clients.

     

    Firstly, there is a lot of friction with the Windows OS update catagories to choose from for Windows Clients and Server. 

     

    Secondly, as wroot mentioned, since Windows 10 1803/1809, that translates to fall 2019, with the introduction of enablement packages, the OS version identifier in the WSUS column is not correct, since. So WSUS admins, without WAM, will not be able to identify any Windows Server or Windows 10/11 Client releases correctly.

    For the sake of patching drivers and firmware you really do not want to use WSUS for different reasons, foremost Management and Performance of the Database. 

     

    Thirdly, WSUS ideally is contradicting the Autopilot / Intune native first strategy and requires hybrid join, which lately Microsoft Flagge, thankfully, as not recommended in docs.

     

    Lastly, the underlying tech of WSUS is utterly outdated, not maintained much since Windows Server 2012 R2. WSUS Internal DB uses SQL 2012 Express. No change in Windows Server 2025 preview. Limiting it to one CPU core and small amount of RAM and DB size. 

    WSUS Installation requires a bunch of dated tools to run and doing the reporting.

    You find these in docs and ajtek blog. 

     

     

    I would be cautious to introduce zero trust DNS for this and other reasons. 

    Connected Cache doesn't appear to be a great option compared to native Delivery Optimization (DO). The docs might not be complete. MCC still uses DO, yet the listing of supported update types is shorter, as per documentation.

    DO is also used for Drivers and Firmware, that easily exceed Windows Update packages today due to improvements.

    It's used by winget, too if I remember correctly. Same for Microsoft Store Apps, Edge Updates. It is now mandantory for the new Microsoft Teams Client Updates. No longer part of M365 C2R, but being an MSIX file.

     

    That said, ThomasTrombley, this article and new format is a blast! Please continue on this!

     

    I appreciate much that it is targeting Windows Client and Windows Server alike and as such could become a single point of news for lastest developments, improvements and changes. 

     

    Ideas:

    - within each section seperate public preview and GA features.

    - eventually include private preview features, if there is a public sign-up with NDA. 

    - adding timelines would be amazing so in this and future issues of the blog, one can have a great overview of what's released and what's coming.

    For released features, the timeline could link to a previous blog post, so one can catch up easily. 

    - adding news, at least links, brought by MVP community driven newsletters.

    Examplary, usually issued every Friday by Andrew Taylor. He's passionately aggregating news around Intune from the community, which links to practical use of latest development for Admins, and MVP / community solutions filling gaps, Microsoft has not closed yet. 

     

  • wroot's avatar
    wroot
    Silver Contributor

    You suggest to use WSUS, yet MS hasn't updated it in ages. It cannot show proper version of Windows 10/11 since Windows 10 1909..