What’s new for IT pros in Windows 11, version 23H2
Published Oct 31 2023 10:00 AM 248K Views

Windows 11, version 23H2, also known as the Windows 11 2023 Update, is now available through Windows Server Update Services (WSUS) and Windows Update for Business. Download it from the Volume Licensing Service Center [1] (VLSC), Software Download Center (via Update Assistant), or Visual Studio Subscriptions.

What’s new in this release?

When you update devices running Windows 11, version 22H2 to version 23H2, you’ll get the capabilities we have delivered as part of continuous innovation, including those announced in September, enabled by default. These include:

  • Copilot in Windows [2] (in preview), an AI-powered intelligent assistant to help you get answers and inspirations from across the web, enhance creativity and collaboration, and focus on the task at hand.
  • The ability to go passwordless on day one using Windows Hello for Business or FIDO2 security keys. Enable workers to sign in to websites or apps using face, PIN, or fingerprint.
  • The ability to remove the option for password at device unlock and for in-session authentication for Microsoft Entra Join (formerly Azure AD Join) devices.
  • Enhanced Windows Firewall capabilities, including:
    • Application Control for Business (previously known as Windows Defender Application Control) app ID tagging with Windows Firewall rules through Intune. Target Windows Firewall rules to specific applications without an absolute file path.
    • The ability to configure network list manager settings to determine when a Microsoft Entra Join device is on your on-premises domain subnets, so firewall rules can properly apply. Use the network list manager settings for Windows Firewall for location awareness.
    • The ability to configure more granular Windows Firewall logging for domain, private, and public firewall profiles, as well as the ability to specify Windows Firewall inbound and outbound rules for Internet Control Message Protocol (ICMP) types and codes.
  • Greater control over the taskbar search experience across your organization and the ability to customize Windows 11 taskbar buttons using new policies.
  • Snipping Tool enhancements, such as:
    • Audio and mic support so workers can easily record a tutorial or demonstration for colleagues and customers.
    • Text extraction and redaction so you can easily copy text from an online article, conference call, or other source. Incorporate it into documents or presentations while also protecting privacy and removing confidential or sensitive information.

There are also a few additional enhancements in this scoped release, such as:

  • The ability to ungroup icons and show labels on the taskbar for easy access to open applications and files.
  • A more seamless File Explorer with native support for RAR and other file compression formats.
  • Recommended websites in the Start menu based on each person’s browsing history. (This feature can be managed using a policy.)
  • A new volume mixer to control the volume and audio output more easily for each application.
  • The ability to set up a multi-app kiosk on Windows 11 devices with a customized Start menu showing only allowed apps for each account type.
  • Federated sign-in for Education editions of Windows 11.
  • Dev Drive, a new form of storage volume designed to improve performance for key developer workloads. Gain more control over storage volume settings and security, including trust designation, antivirus configuration, and administrative control over filters.

For more details and insights into what else is new—including a list of features no longer under temporary enterprise control—check out What's new in Windows 11, version 23H2 in our docs on Microsoft Learn.

What’s the best way to deploy this update?

Glad you asked! As mentioned by John Cable in his post, How to get the Windows 11 2023 Update, we recommend that commercial organizations begin targeted deployments to validate that their apps, devices, and infrastructure work as expected with the new release.

If your devices are already running Windows 11, version 22H2 with the latest security update installed

If you’re updating devices that are already running Windows 11, version 22H2, you can use an enablement package for a fast, easy installation process.

How does an enablement package work? Well, Windows 11, version 22H2 and version 23H2 share a common core operating system and set of system files. That means the new features in Windows 11, version 23H2 were included in the latest monthly update for version 22H2. They were just in an inactive and dormant state. The enablement package works like a small, quick-to-install switch that activates the version 23H2 features, enabling the update from Windows 11, version 22H2 to version 23H2 with a single restart, reducing downtime.

You can also use Windows Update for Business, Microsoft Intune, or your preferred endpoint management solution.

Note: Endpoints managed by Windows Update for Business will not be automatically updated to version 23H2 unless you explicitly set it up. For that, configure a Target Version via the TargetReleaseVersion setting using a Windows CSP, a feature update profile in Microsoft Intune, or the Select the target Feature Update version setting in Group Policy.

If your devices are running Windows 10

You can plan for, and deploy, Windows 11, version 23H2 using the same familiar processes, policies, and management solutions you used to originally deploy Windows 10.

Need help? Download the Windows 11 Deployment Lab Kit and get a complete lab environment. It includes an evaluation version of Windows 11 Enterprise and a collection of tools to help you test and conduct a proof of concept for Windows 11 deployment. And don’t forget end user readiness! Our Windows 11 Onboarding Kit provides ready-to-customize materials you can use to help prepare your users and ensure that they get the most out of Windows 11.

What about updated tools?

Based on your feedback, the deployment, security, and management tools you rely on have been updated or refreshed and are also available today!


How to use it

Windows 11, version 23H2 Security Baseline

Download Microsoft-recommended configuration settings and explanations of their security. It’s part of the Security Compliance Toolkit.

Administrative Templates (.admx) for Windows 11, version 23H2

The most popular request! While natively accessible via the C:\Windows\PolicyDefinitions\ folder in Windows, you can download these separately and use them to populate policy settings.

Group Policy settings reference spreadsheet for Windows 11, version 23H2

Download a spreadsheet of policy settings for computer and user configurations that are included in the ADMX files for Windows 11, version 23H2.

Remote Server Administration Tools (RSAT) for Windows 11

Included as a set of "Features on Demand" in Windows 11, RSAT lets you manage Windows Server roles and features from a Windows 11 device. These include BitLocker Drive Encryption, Active Directory Domain Services, and network controllers. To add RSAT, navigate to Settings > Apps > Optional features > Add an optional feature. Select View features and search for "RSAT.”

Windows 11 Enterprise Evaluation

Interested in trying Windows 11 Enterprise on behalf of your organization? Download a free 90-day evaluation of Windows 11 Enterprise, version 23H2.

Windows 11 Deployment Lab Kit

Review the prerequisites and download the lab environment and guides for your Windows 11 and Office 365 deployment.

What is the lifecycle for Windows 11, version 23H2?

New versions of Windows 11 are released once per year—in the second half of the calendar year—via the General Availability Channel. They are serviced with monthly updates that include security and non-security items. Today, October 31, 2023, marks the start of 36 months of servicing support for Enterprise and Education editions of Windows 11, version 23H2. Home and Pro editions of Windows 11, version 23H2 receive 24 months of support. For more information, see the Windows lifecycle FAQ.

Where can I get help with deploying Windows 11 feature updates?

Want to free your IT team from managing updates so they can focus on other projects? Windows Autopatch is included with Windows Enterprise E3 (or higher)! It can help you easily deliver both feature and quality updates for Windows, as well as updates for Microsoft Edge, Microsoft Teams, and Microsoft 365 Apps for enterprise.

Need help, tips, or best practices? Join Windows Office Hours every third Thursday on the Windows Tech Community! We assemble experts from the Windows, Intune, and Windows 365 product teams, as well as adoption specialists and Fast Track to answer your questions in chat. Submit questions during the live one-hour event or post them in advance if that time doesn’t work for you. Our next event is Thursday, November 16th from 8:00-9:00 a.m. Pacific Time. And we’ll be holding a second session in November as part of the Microsoft Technical Takeoff for Windows and Intune! Bookmark https://aka.ms/Windows/OfficeHours for upcoming dates!

Finally, don’t forget to follow (or subscribe to updates for) this blog—and follow us on LinkedIn and/or @MSWindowsITPro on X—to keep up with the latest Windows announcements and new feature releases!

Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X/Twitter. Looking for support? Visit Windows on Microsoft Q&A.

[1] It may take a few days for downloads to be fully available in the VLSC across all products, markets, and languages.

[2] The initial markets for Copilot in Windows (in preview) include North America and parts of Asia and South America. It is our intention to add additional markets over time. Copilot in Windows with Bing Chat Enterprise requires Windows 11 and the user to be licensed for Microsoft 365 Business Standard, Business Premium, Enterprise E3 or and E5, A3 or A5 for faculty, or a standalone license + Entra ID.

Version history
Last update:
‎Nov 09 2023 11:09 AM
Updated by: