Today, I'm going to walk you through a few of the new features and capabilities for IT pros in Windows 11, version 22H2—and outline the resources available to help you update or upgrade the devices across your organization.
First, I'm happy to share that Windows 11, version 22H2, also known as the Windows 11 2022 Update, is now available through Windows Server Update Services (WSUS) and Windows Update for Business. It can also be downloaded from familiar channels, including the Volume Licensing Service Center*, Visual Studio Subscriptions, the Software Download Center (via the Windows 11 Installation Assistant or the media creation tool). It is also available for Windows 365 and Azure Virtual Desktop.
We recommend that you begin targeted deployments now, as part of your regular Windows Update motion, to validate that your apps, devices, and infrastructure work as expected with the new release. If you're looking for details on our overall rollout strategy, see How to get the Windows 11 2022 Update. We also have a short video that outlines how and when version 22H2 will be offered to end users via Windows Update.
This is the first major update for Windows 11, with enhancements and features designed to keep your organization safe in an ever-changing threat landscape without compromising the Windows experiences that help your end users create, collaborate, and stay productive.
With Windows 11, version 22H2 we are enabling additional features and expanding the number of devices for which security is enabled by default. Devices with Intel 8th generation chipsets and higher will have virtualization-based security (VBS) and hypervisor-protected code integrity (HVCI) enabled by default. For devices running Windows 11 Enterprise, we are also enabling Windows Defender Credential Guard, using virtualization-based security to greatly increase protection from vulnerabilities in the operating system and prevent the use of malicious exploits that attempt to defeat protections.
Beginning with version 22H2, Windows 11 and enhanced phishing protection in Microsoft Defender SmartScreen are helping you keep passwords safer. How? By automatically detecting when a user types a password into any app or website, determining in real-time if that app or site has a secure connection to a trusted site, and warning the user in the moment if they need to change their password to reduce potential compromise to organizational resources. It also automatically reports unsafe password usage to IT admins through the Microsoft Defender for Endpoint portal so the incident can be tracked. Enhanced phishing protection also identifies and protects against password reuse on any app or site and typing or storing passwords in Notepad, Wordpad, or Microsoft 365 apps. For a closer look at this feature works—and how to configure it—see Protect your passwords with enhanced phishing protection.
Every byte counts. That's why, with Windows 11, version 22H2, we've made significant improvements to our strong Windows update fundamentals to improve performance for both feature updates and monthly cumulative updates. We have significantly reduced the download size for feature updates by redesigning how we handle the "in-box apps' that ship with Windows 11. We estimate that these and other changes, like the restructuring of Unified Update Platform (UUP) files reduce overall download size by ~450 MB. We've also streamlined cumulative updates by making them smaller to download, faster to install, and consuming less disk space. For facts, figures, and background on these and other update improvements, read Faster. Smaller. Windows 11, version 22H2 update fundamentals.
As an organization, you control when and how you roll out Windows 11, version 22H2 to the devices you manage. Windows 11 endpoints managed by Windows Update for Business will not be automatically updated to version 22H2 unless you explicitly configure a Target Version via the TargetReleaseVersion setting using a Windows CSP, a feature update profile in Microsoft Intune, or the Select target Feature Update version setting in Group Policy.
You can plan for, and deploy, Windows 11, version 22H2 using the same, familiar processes, policies, and management solutions you used with the original release of Windows 11 (version 21H2) or Windows 10, including Microsoft Endpoint Manager.
To support the release of Windows 11, version 22H2, we have released, or will soon release, updated versions of popular deployment, security, and management tools, such as:
This group of Microsoft-recommended configuration settings and explanations of their security impact was developed based on feedback from Microsoft security engineering teams, product groups, partners, and customers. It is available as part of the Security Compliance Toolkit.
IT pros interested in trying Windows 11 Enterprise on behalf of their organization can download this free 90-day evaluation of Windows 11, version 22H2.
While natively accessible via the C:\Windows\PolicyDefinitions\ folder in Windows, administrative template files can be downloaded separately and used to populate policy settings in the user interface of Group Policy tools, allowing you to manage registry-based policy settings.
This spreadsheet lists the policy settings for computer and user configurations included in the ADMX files delivered for Windows 11, version 22H2. You can configure these policy settings when you edit Group Policy Objects.
Remote Server Administration Tools (RSAT) for Windows 11
Included as a set of "Features on Demand" in Windows 11, RSAT lets you manage Windows Server roles and features from a Windows 11 device including BitLocker Drive Encryption, Active Directory Domain Services, and network controllers. To add RSAT, navigate to Settings > Apps > Optional features > Add an optional feature. Select View features and search for "RSAT'.
The Windows Assessment and Deployment Kit (Windows ADK) and Windows PE add-on provide tools to customize Windows images for large-scale deployment, and to test the quality and performance of your system, its added components, and the applications running on it. Updates to the ADK for Windows 11, version 22H2 include:
Note: As Windows 11 is not available in a 32-bit architecture, 32-bit versions of Windows PE are no longer included in the Windows PE add-ons starting with Windows 11, version 22H2.
If you are deploying Windows 11 with Configuration Manager, the Windows ADK is a required external dependency. The Windows ADK for Windows 11, version 22H2 can be used with Configuration Manager, version 2111 and later. For more information, see Support for the Windows ADK in Configuration Manager.
We are also updating the key resources you rely on to effectively manage and deploy updates in your organization, including:
Note: Windows 11 specifications and systems requirements have not changed with Windows 11, version 22H2.
If you need help identifying which devices in your estate are eligible for the Windows 11 upgrade, you have options:
If you use Endpoint Manager and Windows Update for Business to manage the installation of Windows 11, version 22H2, you can then use the Windows Feature Update Report and Feature Update Failures Report to get an overall view of the update status of your devices on a per-policy basis and get details on alerts (errors, warnings, information, and recommendations) to help troubleshoot compliance issues.
If you use Update Compliance, you can monitor the status of your rollout using the Feature Update Status report. For an easy-to-use format, you can utilize Update Compliance with Azure Workbooks (currently in preview) to get a visual representation of your compliance data.
New versions of Windows 11 are released once per year via the General Availability Channel and serviced with monthly quality updates. Today, September 20, 2022, marks the start of 36 months of servicing support for Enterprise and Education editions of Windows 11, version 22H2 (Home, Pro, Pro Education, and Pro for Workstations receive 24 months of support). For more information, see the Windows lifecycle FAQ.
For organizations with Windows Enterprise E3 or E5, you can utilize Windows Autopatch to automatically deliver updates to registered devices, freeing up your and your IT team to focus on other tasks. Want to know more about how the service manages progressive deployment? Check out a brand-new episode of Microsoft Mechanics, all about Autopatch!
Reminder: All editions of Windows 10, version 21H1 will reach the end of servicing on December 13, 2022. As devices running version 21H1 will no longer receive security updates after December 13, 2022, we recommend that you update to Windows 11 to remain supported.
Join us at Microsoft Ignite, October 12-13, then get ready for more deep dives, demos, and live Q&A with our engineering teams at the Microsoft Technical Takeoff for Windows and Intune, October 24th-27th, here on the Tech Community. RSVP today to secure your spot and receive event reminders!
You can read more about what's new in Windows 11, version 22H2 for IT pros—and find guidance, tutorials, and troubleshooting guides—in our Windows docs. And here is a recap of all of today's Windows 11, version 22H2 related news and announcements:
Continue the conversation. Find best practices. Visit the Windows Tech Community.
Stay informed. For the latest updates on new releases, tools, and resources, stay tuned to this blog and follow us @MSWindowsITPro on Twitter.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.