With so much going on this month, let's get you caught up on how Windows 11 management and security improved. We'll jump into what you need to know as an IT admin or decision maker to get ahead of your competition. In line with our Microsoft Secure Future Initiative,[1] the latest features, capabilities, services, and tools prioritize security above all else. And remember, keeping your Windows environment updated helps you keep it protected.
New in Windows security
- [INTUNE] Automatically check for Windows device health with device enrollment attestation in Microsoft Intune (now in preview). Help ensure that device enrollment certificates are bound to the enrolled device and can't be copied to any other device.
- [PASSKEYS] Take your next steps toward passwordless authentication with Public preview: Expanding passkey support in Microsoft Entra ID. A passkey is a strong, phishing-resistant authentication method that your organization can use to sign in to any internet resource that supports the W3C WebAuthN standard. Start here to enable passkeys in Microsoft Authenticator for Microsoft Entra ID (preview).
- [DNS] With Zero Trust DNS (ZTDNS) in private preview, you'll soon be able to natively restrict Windows devices to connect only to approved network destinations by domain name. It will block the local network peer-to-peer sharing of Windows updates, so consider using Microsoft Connected Cache (in preview) or Windows Server Update Services (WSUS) to reduce Windows Update traffic volume. You can easily activate, deactivate, and manage ZTDNS through mobile device management (MDM). See Deployment Considerations for Windows ZTDNS Client to learn how to prepare for this new level of security across related functions of printing, file sharing, teleconferencing, and more.
- [DEVELOPER] If you develop apps and services for Windows, catch up on the latest from Microsoft Build with The Latest in Windows Security for Developers and Unleash Windows App Security & Reputation with Trusted Signing. Additionally, make sure your skills are up to date with our Windows security for developers skilling snack.
Looking for a recap of the latest and upcoming Windows 11 security features? Check out New Windows 11 features strengthen security to address evolving cyberthreat landscape.
New in device management
- [WINDOWS 11] Try the updated Windows 11 setup guide. Access it from the Microsoft 365 admin center or from our online Windows setup guides repository.
- [INTUNE] This month, you can use Microsoft Intune to allow people at your organization to check for and install the latest Windows 11 feature updates as optional updates. See how in More flexible Windows feature updates.
- [AUTOPILOT] Set Windows Autopilot device preparation policies to simplify device enrollment and deployment. In the Microsoft Intune admin center, go to Devices > Enrollment > Device preparation policies. Learn how to add devices to groups, assign policies and scripts, improve reporting, and more in Windows deployment with the next generation of Windows Autopilot.
- [AZURE WORKBOOKS] Troubleshoot your Windows Update for Business reports with a new DeviceDiagnosticDataNotReceived alert to identify any devices that might appear missing upon enrollment. Start in portal.azure.com and navigate to Monitor > Workbooks > Insights. Open the Windows Update for Business workbook > Overview > Total devices > View details > Missing devices. Find further guidance in Missing devices in Windows Update for Business reports.
- [AUTOPATCH] Starting May 27, check out new features available in Windows Autopatch. Set your service level objectives to keep at least 95% of your devices up to date. If needed, import Microsoft Intune update rings for Windows 10 and later updates into Windows Autopatch. Finally, notice more timely and accurate reporting with the faster refresh time of just 30 minutes and service synchronization every 1 hour.
- [AUTOPATCH] Get a list of all Windows Autopatch policy conflicts along with affected devices and follow recommended actions. From Microsoft Intune admin center, go to Devices > Policy health (preview).
- [AUTOPATCH] Try the new post-update reliability report. Go to the Microsoft Intune admin center and navigate to Reports > Windows Autopatch > Windows quality updates. Select the Reports tab and then the Reliability report.
- [INTUNE] Check out a new Windows update distribution report for devices managed (or co-managed) by Microsoft Intune. Access this feature from the Intune admin center. Navigate to Reports > Windows Updates > Reports tab > Windows Update Distribution Report.
- [BYOD] If you allow people at your organization to manage their own PCs, tell them about these enhancements, which require authentication of their Microsoft account. Authenticated users within your organization can now manage their Windows 11 Pro PCs from a new location: Settings > Accounts > Linked devices. Additionally, there's a new account manager available from the Start menu. Employees can easily manage their account settings and explore account benefits right there. Furthermore, two new actions are available from Windows account settings: add a recovery email address and back up sound preferences. Authenticated users can also take advantage of the Windows Backup app. Keep an eye out for these features as they gradually roll out, starting with the May 2024 non-security preview update.
New in Copilot
- [COPILOT IN WINDOWS] Get ready to manage Copilot as a standalone application. As this change rolls out, you'll be able to manage the Copilot app using the same familiar tools that you use to manage modern apps more broadly in your organization, such as Microsoft Intune. We intend to remove the current policies that manage Copilot in Windows (in preview) in the coming months. Learn about the details of this transition in Evolving Copilot in Windows for your workforce.
- [COPILOT+ PCs] Plan to refresh your organizational devices with new Copilot+ PCs. These new Windows 11 devices have the most advanced security features. Additionally, Copilot+ PCs include a new physical key that invokes Copilot along with many AI features out of the box.
- [RECALL] A new Windows 11 productivity feature, Recall, is included in Copilot+ PCs. Users can search through the snapshot history of their computing sessions, securely saved on their local drive, in two ways. These include an explorable timeline and a semantic search box. Just check that devices in your organization have 256 GB or more of total drive space and at least 50 GB free to use Recall. Learn how to Manage Recall for Windows clients to enable or disable Recall via MDM, policies, or Windows Settings > Privacy & Security > Recall & Snapshots. Then help other people at your organization configure Privacy and control over your Recall experience.
New in Windows Server
- [SERVER 2025] Download and Preview Windows Server 2025, including VSS developer and IT communities, from the Microsoft Evaluation Center. Try and validate the Desktop Experience and Server Core installation options for Datacenter and Standard editions. If you hold Visual Studio Subscriptions, access the Windows Server 2025 preview software through Subscriber Downloads. Learn more about the features coming in Windows Server 2025.
- [AZURE] If you're a Windows Server Insider, you can now preview Windows Server 2025 Datacenter: Azure Edition.
- [HOTPATCH] If you use Azure for Windows Server and have installed the April baseline, apply the May 14, 2024 hotpatch without restarting devices. Consult Release notes for Hotpatch in Azure Automanage for Windows Server 2022.
New in productivity and collaboration
- [WINDOWS 11] Get ready for the upcoming annual feature update by trying Windows 11, version 24H2 in the Release Preview Channel of the Windows Insider Program. If you're on this channel, download this feature update from Settings > Windows Update. You can also let some of the people at your organization validate this update using Windows Update for Business and Windows Server Update Services.
- [FILE EXPLORER] To manage your files faster, just drag and drop them onto any of the breadcrumbs of the File Explorer address bar. Try it out in the May 2024 non-security preview update before it rolls out for your users with the June 2024 security update[2]. And if you're on the Windows Insider Program's Beta Channel, duplicate any tab by right clicking on it and check out new file compression and decompression options.
- [SHARING] If you're a Windows Insider in the Canary Channel or have installed the May 2024 non-security preview update, check out two new capabilities for sharing in Windows. Use it to quickly share files, URLs, and email yourself across devices and apps within your Microsoft account. Just ensure that you're signed in to your organization's Microsoft Entra ID[2]. To share URLs and cloud files as QR codes, select the share button in the Microsoft Edge toolbar and choose "Windows share options." For Windows Insiders in the Beta Channel, you can now copy files from the Windows Share window.
Remember, you're not just keeping your organization protected; you're shaping its future. Catch you at the next "Windows news you can use" installment—stay curious!
Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X/Twitter. Looking for support? Visit Windows on Microsoft Q&A.
[1] Learn more about the Microsoft Secure Future Initiative.
[2] This feature might not be available to all users because it will roll out gradually.