Microsoft Technical Takeoff: Windows and Microsoft Intune
Oct 24 2022 07:00 AM - Oct 27 2022 12:00 PM (PDT)
What’s new for IT pros in Windows 11, version 22H2
Published Sep 20 2022 10:00 AM 148K Views
Microsoft

Today, I'm going to walk you through a few of the new features and capabilities for IT pros in Windows 11, version 22H2—and outline the resources available to help you update or upgrade the devices across your organization.

First, I'm happy to share that Windows 11, version 22H2, also known as the Windows 11 2022 Update, is now available through Windows Server Update Services (WSUS) and Windows Update for Business. It can also be downloaded from familiar channels, including the Volume Licensing Service Center*, Visual Studio Subscriptions, the Software Download Center (via the Windows 11 Installation Assistant or the media creation tool). It is also available for Windows 365 and Azure Virtual Desktop.

We recommend that you begin targeted deployments now, as part of your regular Windows Update motion, to validate that your apps, devices, and infrastructure work as expected with the new release. If you're looking for details on our overall rollout strategy, see How to get the Windows 11 2022 Update. We also have a short video that outlines how and when version 22H2 will be offered to end users via Windows Update.

Harjit_Dhaliwal_3-1663654514736.png

A quick tour of new features and enhancements

This is the first major update for Windows 11, with enhancements and features designed to keep your organization safe in an ever-changing threat landscape without compromising the Windows experiences that help your end users create, collaborate, and stay productive.

Security by default

With Windows 11, version 22H2 we are enabling additional features and expanding the number of devices for which security is enabled by default. Devices with Intel 8th generation chipsets and higher will have virtualization-based security (VBS) and hypervisor-protected code integrity (HVCI) enabled by default. For devices running Windows 11 Enterprise, we are also enabling Windows Defender Credential Guard, using virtualization-based security to greatly increase protection from vulnerabilities in the operating system and prevent the use of malicious exploits that attempt to defeat protections.

Enhanced phishing protection

Beginning with version 22H2, Windows 11 and enhanced phishing protection in Microsoft Defender SmartScreen are helping you keep passwords safer. How? By automatically detecting when a user types a password into any app or website, determining in real-time if that app or site has a secure connection to a trusted site, and warning the user in the moment if they need to change their password to reduce potential compromise to organizational resources. It also automatically reports unsafe password usage to IT admins through the Microsoft Defender for Endpoint portal so the incident can be tracked. Enhanced phishing protection also identifies and protects against password reuse on any app or site and typing or storing passwords in Notepad, Wordpad, or Microsoft 365 apps. For a closer look at this feature works—and how to configure it—see Protect your passwords with enhanced phishing protection.

Smaller, faster updates

Every byte counts. That's why, with Windows 11, version 22H2, we've made significant improvements to our strong Windows update fundamentals to improve performance for both feature updates and monthly cumulative updates. We have significantly reduced the download size for feature updates by redesigning how we handle the "in-box apps' that ship with Windows 11. We estimate that these and other changes, like the restructuring of Unified Update Platform (UUP) files reduce overall download size by ~450 MB. We've also streamlined cumulative updates by making them smaller to download, faster to install, and consuming less disk space. For facts, figures, and background on these and other update improvements, read Faster. Smaller. Windows 11, version 22H2 update fundamentals.

Harjit_Dhaliwal_3-1663654514736.png

Deploying Windows 11, version 22H2

As an organization, you control when and how you roll out Windows 11, version 22H2 to the devices you manage. Windows 11 endpoints managed by Windows Update for Business will not be automatically updated to version 22H2 unless you explicitly configure a Target Version via the TargetReleaseVersion setting using a Windows CSP, a feature update profile in Microsoft Intune, or the Select target Feature Update version setting in Group Policy.

You can plan for, and deploy, Windows 11, version 22H2 using the same, familiar processes, policies, and management solutions you used with the original release of Windows 11 (version 21H2) or Windows 10, including Microsoft Endpoint Manager.

An updated IT toolbox

To support the release of Windows 11, version 22H2, we have released, or will soon release, updated versions of popular deployment, security, and management tools, such as:

Tool

Usage

Windows 11, version 22H2 Security Baseline

This group of Microsoft-recommended configuration settings and explanations of their security impact was developed based on feedback from Microsoft security engineering teams, product groups, partners, and customers. It is available as part of the Security Compliance Toolkit.

Windows 11 Enterprise Evaluation

IT pros interested in trying Windows 11 Enterprise on behalf of their organization can download this free 90-day evaluation of Windows 11, version 22H2.

Administrative Templates (.admx) for Windows 11, version 22H2

While natively accessible via the C:\Windows\PolicyDefinitions\ folder in Windows, administrative template files can be downloaded separately and used to populate policy settings in the user interface of Group Policy tools, allowing you to manage registry-based policy settings.

Group Policy settings reference spreadsheet for Windows 11, version 22H2

This spreadsheet lists the policy settings for computer and user configurations included in the ADMX files delivered for Windows 11, version 22H2. You can configure these policy settings when you edit Group Policy Objects.

Remote Server Administration Tools (RSAT) for Windows 11

Included as a set of "Features on Demand" in Windows 11, RSAT lets you manage Windows Server roles and features from a Windows 11 device including BitLocker Drive Encryption, Active Directory Domain Services, and network controllers. To add RSAT, navigate to Settings > Apps > Optional features > Add an optional feature. Select View features and search for "RSAT'.

Windows Assessment and Deployment Kit (Windows ADK) for Windows 11, version 22H2

The Windows Assessment and Deployment Kit (Windows ADK) and Windows PE add-on provide tools to customize Windows images for large-scale deployment, and to test the quality and performance of your system, its added components, and the applications running on it. Updates to the ADK for Windows 11, version 22H2 include:

  • The Windows Performance Recorder (WPR) can now enable event providers in the system session. We have also added a compress trace option for the stop command in WPR and WPRUI.
  • Windows Performance Analyzer (WPA) now supports plugins built on the Software Development Kit for the Microsoft Performance Toolkit. In addition to table and graph improvements (quick filter supporter, customizable colors), WPA features a new, modern UI with dark mode, font scaling, improved search, high DPI support, and accessibility improvements.

Note: As Windows 11 is not available in a 32-bit architecture, 32-bit versions of Windows PE are no longer included in the Windows PE add-ons starting with Windows 11, version 22H2.

If you are deploying Windows 11 with Configuration Manager, the Windows ADK is a required external dependency. The Windows ADK for Windows 11, version 22H2 can be used with Configuration Manager, version 2111 and later. For more information, see Support for the Windows ADK in Configuration Manager.

New and updated Windows release information experiences

We are also updating the key resources you rely on to effectively manage and deploy updates in your organization, including:

  • Windows release health hub – The quickest way to stay up to date on update-related news, announcements, and best practices; important lifecycle reminders, and the status of known issues and safeguard holds. Windows 11 Enterprise customers can access greater detail from the Health menu in the Microsoft 365 admin center (see "Windows release health") and receive important notifications and updates in the Message center.
  • Windows 11 release information – A list of current Windows 11 versions by servicing options, along with release dates, build numbers, end of service dates, and release history.
  • Windows 11, version 22H2 update history (available with the first servicing release) – A list of all updates (monthly and out-of-band) released for Windows 11, version 22H2 sorted in reverse chronological order. Available with the first servicing release.

Note: Windows 11 specifications and systems requirements have not changed with Windows 11, version 22H2.

Harjit_Dhaliwal_3-1663654514736.png

Moving from Windows 10 to Windows 11, version 22H2

If you need help identifying which devices in your estate are eligible for the Windows 11 upgrade, you have options:

  • In Microsoft Endpoint Manager, you can get a summary view of the compatibility risks associated with an upgrade or update to a chosen version of Windows with the Windows Feature Update Compatibility Risks Report, then dive in to a device-level view with the Windows Feature Update Device Readiness Report. As insights in both reports are specific to the target version of Windows you select when generating the report, confirm that your selected OS is Windows 11 version 22H2.
  • In Endpoint analytics, you can get a device-by-device view of Windows 11 hardware readiness based on the minimum system requirements, as well as a summary view of which specific hardware requirements are the top blockers in your organization.
  • If you have configured your devices for Update Compliance, you can see the percentage of devices that are capable of running Windows 11 using the Windows 11 Readiness Status chart and get insight into which requirements aren't met for those that report as not capable.

Harjit_Dhaliwal_3-1663654514736.png

Monitoring the status of your rollout

If you use Endpoint Manager and Windows Update for Business to manage the installation of Windows 11, version 22H2, you can then use the Windows Feature Update Report and Feature Update Failures Report to get an overall view of the update status of your devices on a per-policy basis and get details on alerts (errors, warnings, information, and recommendations) to help troubleshoot compliance issues.

If you use Update Compliance, you can monitor the status of your rollout using the Feature Update Status report. For an easy-to-use format, you can utilize Update Compliance with Azure Workbooks (currently in preview) to get a visual representation of your compliance data.

Harjit_Dhaliwal_3-1663654514736.png

Servicing lifecycle

New versions of Windows 11 are released once per year via the General Availability Channel and serviced with monthly quality updates. Today, September 20, 2022, marks the start of 36 months of servicing support for Enterprise and Education editions of Windows 11, version 22H2 (Home, Pro, Pro Education, and Pro for Workstations receive 24 months of support). For more information, see the Windows lifecycle FAQ.

For organizations with Windows Enterprise E3 or E5, you can utilize Windows Autopatch to automatically deliver updates to registered devices, freeing up your and your IT team to focus on other tasks. Want to know more about how the service manages progressive deployment? Check out a brand-new episode of Microsoft Mechanics, all about Autopatch!

Reminder: All editions of Windows 10, version 21H1 will reach the end of servicing on December 13, 2022. As devices running version 21H1 will no longer receive security updates after December 13, 2022, we recommend that you update to Windows 11 to remain supported.

Harjit_Dhaliwal_3-1663654514736.png

Ready to learn more?

Join us at Microsoft Ignite, October 12-13, then get ready for more deep dives, demos, and live Q&A with our engineering teams at the Microsoft Technical Takeoff for Windows and Intune, October 24th-27th, here on the Tech Community. RSVP today to secure your spot and receive event reminders!

takeoff-inline.png

You can read more about what's new in Windows 11, version 22H2 for IT pros—and find guidance, tutorials, and troubleshooting guides—in our Windows docs. And here is a recap of all of today's Windows 11, version 22H2 related news and announcements:

Harjit_Dhaliwal_3-1663654514736.png

Need help?

We hold Windows Office Hours every month on the Tech Community! Our next session is September 22, 2022. Add it to your calendar and bring your questions!


Continue the conversation. Find best practices. Visit the Windows Tech Community.
Stay informed. For the latest updates on new releases, tools, and resources, stay tuned to this blog and follow us @MSWindowsITPro on Twitter.

4 Comments
Co-Authors
Version history
Last update:
‎Sep 28 2022 06:56 AM
Updated by: