Windows news you can use: November 2025

In case you haven’t yet had time to catch up on all the announcements from Microsoft Ignite, I’m happy to offer a recap of what was revealed in the world of Windows and Windows 365 plus a few security and Microsoft Intune highlights. Have questions on any of what you read below? Join us this week for Windows Tech Community Live. We’ll be live streaming panel-based discussions today—then answering your questions on the session pages through Friday. That means there is plenty of time to get the answers you need to keep your deployment and device management projects moving. Let’s jump in!

New in Windows update and device management

• [AUTOPATCH] [TOOLS] – Announced at Microsoft Ignite, Windows Autopatch update readiness brings improved clarity, reporting, automation, and control to Windows update management. Capabilities include automated checks, device update journey maps, actionable alerts, guided remediation, advanced cloud-based policies for managing monthly updates with control, and reporting.

• [RECOVERY] [AUTOPATCH] – With quick machine recovery, you can automatically detect, diagnose, and remediate boot critical issues from WinRE. No need for hands-on, in-person intervention. This capability can be enabled by IT policy for devices running Windows 11, version 24H2 or 25H2. A preview of quick machine recovery management in Windows Autopatch is also available. Start controlling the deployment of quick machine recovery updates, including approvals, schedules, alerts, and reporting. 

• [RESTORE] – A preview of point-in-time restore is being rolled out to Windows Insiders in the Beta and Dev Channels. With this feature, you can remotely restore a PC to a previous state from restore points stored on the device. When a device or group of devices has been suddenly impacted, point-in-time restore provides a fast way to return to productivity without waiting for a targeted fix.

• [AUTOPATCH] [GCC] – Windows Autopatch is available to US government organizations as part of Microsoft 365 Government. It has been added to the Azure FedRAMP High Provisional Authorization to Operate (P-ATO). Work is underway to expand the service to also meet the requirements of US Government Community Cloud High (GCC High) and Department of Defense (DoD) environments.

• [WINDOWS 365] [LINK] – Key updates for Windows 365 Link are coming in the first quarter of 2026. You’ll get support for pairing Bluetooth® devices during the out-of-box experience, support for tenant branding, and the ability to restore a device to its factory default state using a bare metal recovery image.

• [ROLLBACK] – Known Issue Rollback is a robust mitigation technology that can quickly return an impacted device back to productive use if an issue arises during a Windows update. A new article provides insight into how Known Issue Rollback works, scenarios it supports, and answers to frequently asked questions.

New in Windows security

• [SECURE BOOT] – Tools and prescriptive guidance are now available to help you proactively update your Secure Boot certificates before they expire in June of 2026. Have questions about this Secure Boot milestone? Save the date and join our Secure Boot Ask Microsoft Anything (AMA) event on December 10.

• [FOUNDATIONS] – Read the November 2025 Secure Future Initiative Progress Report to explore recent advancements in Windows security and resilience. You’ll also learn how Surface leads the Windows ecosystem by enabling all recommended Windows security features by default.

• [PASSWORDLESS] – With the November 2025 security update, Windows 11 includes native support for passkey managers. This means you can choose your favorite passkey manager — whether it’s Microsoft Password Manager or trusted third-party providers.

• [SYSMON] – Native Sysmon functionality is coming to Windows 11 and Windows Server 2025 next year. With this change, you’ll be able to capture granular diagnostic data without having to deploy and maintain Sysmon manually across your digital estate.

• [WINDOWS 365] [DATA PROTECTION] – Windows Cloud Keyboard Input Protection is now in public preview. This capability ensures the confidentiality and integrity of sensitive input data. How? By encrypting user keystrokes at the kernel level and decrypting them exclusively within the remote virtual environment. The public preview is available for both Windows 365 Cloud PCs and for Azure Virtual Desktop session hosts and virtual machines (VMs).

• [WINDOWS 365] [IDENTITY] – With the latest updates to Windows 365 and Azure Virtual Desktop, you now can provide access to users outside your organization. Simply invite them into your organization. No need to create and assign brand new, temporary accounts.

• [INTUNE] [ZERO TRUST] – Aligning network policies with Zero Trust and cloud-native architecture can require trade-offs. Explore common models, benefits, and implementation guidance.

New in AI

• [COPILOT] – Windows is evolving to include agent-like functions built into the operating system, new tools offered by Microsoft 365 Copilot on Windows, and capabilities powered by Copilot+ PC hardware. Explore the announcements from Microsoft Ignite. Get early access to new features through the Windows Insider Program and by setting your tenant (or selected users) up for Targeted Release in the Microsoft 365 admin center.

• [WINDOWS 365] [AI] – Windows 365 AI-enabled Cloud PCs combine Windows 365 with AI acceleration to help users boost productivity and discover information faster. All that while maintaining enterprise-level security and compliance. For early access, explore Frontier.

• [WINDOWS 365] [AI] – Are you an agent maker? Now in public preview, Windows 365 for Agents provides a comprehensive set of APIs that you can use to manage and utilize compute resources.

• [INTUNE] [AI] – Microsoft Intune is evolving to include assistive chat-based and agentic experiences. They will help you make smarter decisions, achieve better compliance, and reduce risk through intelligence and automation. Intune is also introducing admin tasks, a centralized view for high-priority items, so you can act quickly on what matters most. 

New in productivity and collaboration

Install the November 2025 security update for Windows 11, versions 25H2 and 24H2 to get these and other capabilities.

• [START MENU] – When you launch the Start menu, you can switch and choose between two new views. Category view groups apps by type and highlights frequently used ones. Grid view lists apps alphabetically with more horizontal space for easier scanning. Select Show all for a scrollable list of all your apps. The Start menu is also more responsive, enabling larger displays to show more pinned apps, recommendations, and categories by default.

• [BATTERY] – New battery icons in the system tray utilize color indicators to show charging status and batter levels. These icons also now appear in the lower-right corner of the lock screen to make it easier to check your device’s charging status and battery level at a glance.

New in Windows Server

For the latest features and improvements for Windows Server, see the Windows Server 2025 release notes and Windows Server, version 23H2 release notes.

• [START MENU] [WS2025] – A Boolean option has been added to the Configure Start Pins policy to allow admins to apply Start menu pins that appear on first use. Users can then make any changes to their Start pinned layout and have those changes preserved. 

• [SECURITY] [WS2025] – Explore API support for NIST post-quantum cryptography algorithms ML-KEM and ML-DSA in accordance with FIPS 203 and FIPS 204 standards.

• [MANAGEMENT] – Windows Admin Center Virtualization Mode (vMode) has been released in Public Preview. Windows Admin Center vMode helps you easily manage on-premises Windows Server Hyper-V virtualization at scale – across multiple hosts and clusters – while bridging your environment with Azure Arc.

Lifecycle milestones

Check out our lifecycle documentation for the latest updates on Deprecated features in the Windows client and Features removed or no longer developed starting with Windows Server 2025.

• [WINDOWS 10] – Have you taken steps to ensure that the Windows 10 devices in your organization are activated with an ESU license? If not yet, check out our step-by-step guide. Additional steps are needed to enable ESUs for local devices accessing Windows 365.

• [WINDOWS 11 23H2] – Windows 11, version 23H2 (Home and Pro editions) reached end of servicing on November 11, 2025. Enterprise and Education editions will continue to receive updates through November 10, 2026 per the Modern Lifecycle Policy.

• [SERVER] – Officially deprecated in Windows Server 2022, the Windows Internet Name Service (WINS) will be removed from all Windows Server releases after Windows Server 2025. Standard support will continue through the lifecycle of Windows Server 2025, which is supported until November of 2034.

• [CONFIGMGR] – Starting with version 2609, Microsoft Configuration Manager will transition to an annual release cadence. 

Additional resources

Looking for the latest news and previews for Windows, Copilot, Copilot+ PCs, the Windows and Windows Server Insider Programs, and more? Check out these resources:

• Windows Roadmap for new Copilot+ PCs and Windows features – filter by platform, version, status, and channel or search by feature name

• Microsoft 365 Copilot release notes for latest features and improvements

• Windows Insider Blog for what’s available in the Canary, Dev, Beta, or Release Preview Channels

• Windows Server Insider for feature preview opportunities

• Understanding update history for Windows Insider preview features, fixes, and changes to learn about the types of updates for Windows Insiders

What else can we include in this monthly summary to make it more useful? Drop us a note below with your feedback.

Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X and on LinkedIn. Looking for support? Visit Windows on Microsoft Q&A.