Windows 11, version 24H2: What’s new for IT pros
Published Oct 01 2024 07:00 AM 127K Views
Microsoft

Windows 11, version 24H2, also known as the Windows 11 2024 Update, is now available through Windows Server Update Services (WSUS) and Windows Update for Business. You can also download it from the Microsoft 365 admin center[1], Software Download Service (via Installation Assistant, the media creation tool, or ISO), and Visual Studio Subscriptions.

Today marks the start of 36 months of support for Enterprise and Education editions of Windows 11, version 24H2[2]. We recommend that you begin a targeted deployment in your organization now to validate that your apps, devices, and infrastructure work as expected with the new release. To help you plan, this post outlines some of the features and enhancements that help you power exceptional experiences while helping secure your corporate data, apps, and people on any device.

New in this update

Windows 11, version 24H2 includes all the features and capabilities delivered as part of continuous innovation to Windows 11, now enabled by default. These include:

  • Windows Local Administrator Password Solution (LAPS) policy improvements and new automatic account management feature
  • Personal Data Encryption (PDE) so that known Windows folders (Documents, Desktop, and Pictures) are protected using user authenticated encryption
  • App Control for Business (formerly Windows Defender Application Control) to better protect your digital property from malicious code
  • Windows protected print mode, eliminating the need to rely on third-party software installers for Morpia certified printers
  • Local Security Authority (LSA) protection to help protect against the theft of secrets and credentials used for logon
  • Support for Wi-Fi 7
  • Bluetooth® LE audio support for assistive devices
  • New controls to help manage which apps have access to the list of Wi-Fi networks around you
  • Rust in the Windows kernel
  • SHA-3 support

With Windows 11, version 24H2, we've also introduced numerous Server Message Block (SMB) protocol changes. These include firewall rule changes, support for blocking NTLM, dialect management, alternative network port connections, SMB over QUIC (an alternative to TCP and RDMA), and changes to SMB signing and encryption.

This scoped release also features enhancements designed to improve your overall experience with Windows 11, such as:

  • A scrollable list (vs. single pane) of Quick Settings in the system tray that can be arranged in the way that makes sense for how you work best
  • Text labels to the cut, copy, rename, share, and delete actions available at the top of the File Explorer context menu
  • Support for creating 7-zip and TAR archives
  • Energy saver, an easy way to extend battery life and reduce energy use that can be configured to run automatically or toggled on and off manually via Quick Settings
  • Extended adaptive brightness control[3] on laptops and 2-in-1s even when they are plugged in

  • Expanded availability of Voice Clarity, which cancels echo, suppresses background noise, and reduces reverberation in real-time

We've also added new capabilities to control audio presets, ambient sounds, and more for Bluetooth® LE Audio. We made it so that people can adjust audio presets for their hearing aids from Settings or Quick Settings.

For more information on what else is new—including a list of features no longer under temporary enterprise control and features exclusive to Copilot+ PCs—check out What's new in Windows 11, version 24H2.

You can also take a closer look with this special episode of Microsoft Mechanics:

Updated deployment and management tools

Many of the deployment, security, and management tools you rely on have been updated or refreshed and are also available today! This includes:

  • Windows 11, version 24H2 Security Baseline – Download Microsoft-recommended configuration settings and explanations of their security impact.
  • Administrative Templates (.admx) for Windows 11, version 24H2 – The most popular request! While natively accessible via the C:\Windows\PolicyDefinitions\ folder in Windows, you can download the ADMX separately and use them to populate policy settings.
  • Group Policy settings reference spreadsheet for Windows 11, version 24H2 – Download a spreadsheet of policy settings for computer and user configurations that are included in the ADMX files for Windows 11, version 24H2.
  • Remote Server Administration Tools (RSAT) for Windows 11 – Manage Windows Server roles and features from a Windows 11 device. To add RSAT, which are included as Features on Demand (FODs) in Windows 11, navigate to Settings > Apps > Optional features > Add an optional feature. Select View features and search for "RSAT.”
  • Windows 11 Enterprise Evaluation – Interested in trying Windows 11 Enterprise or Windows 11 Enterprise LTSC on behalf of your organization? Download a free 90-day evaluation.
  • Windows 11, version 24H2 update history – Quickly access release notes for monthly security updates, optional non-security releases, and out-of-band updates.
  • Windows release health – Find information about known issues, resolutions, and safeguards to help you plan your updates. Bookmark the Windows message center for updated-related news and announcements. If you are a Windows admin, you can access more details and subscribe to notifications in the Microsoft 365 admin center.

We are working to quickly update the Windows 11 Deployment Lab Kit, which provides an automatically provisioned lab environment and lab guides to help you plan, test, and validate your deployment. Follow us on LinkedIn or @MSWindowsITPro to be informed when the updated kit is available.

The Long-Term Servicing Channel (LTSC)

For organizations with special-purpose devices and environments, such as manufacturing or healthcare systems, we have also released two versions of Windows 11 to the Long-Term Servicing Channel: Windows 11 Enterprise LTSC 2024 and Windows 11 IoT Enterprise LTSC 2024. The LTSC is intended for fixed-function, special-purpose devices that require a longer support lifecycle. Windows 11 Enterprise LTSC 2024 is available as a per user or per device model, depending on the Volume Licensing program through which it is acquired. Windows 11 IoT Enterprise LTSC 2024 is available through original equipment manufacturers (OEMs) or directly from Microsoft through Volume Licensing.

Make updating Windows easier

If you'd like to spend less time managing updates, now is a great time to look at Windows Autopatch. Included with Windows Enterprise E3 (or higher), Windows Autopatch makes it easier to manage feature and monthly security updates for Windows, as well as updates for Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams. To help you take a closer look at this cloud service, watch our recent episode of Tackling Tech.

For additional help, tips, and best practices, join Windows Office Hours every third Thursday on the Windows Tech Community! We assemble experts from the Windows, Intune, and Windows 365 product teams, as well as adoption specialists and Fast Track to answer your questions in chat. Join us Thursday, October 17 and bookmark https://aka.ms/Windows/OfficeHours for upcoming dates.

Frequently asked questions

Is there an enablement package for this release?
No. Windows 11, version 24H2 requires a full OS swap so it cannot be deployed using servicing technology. In addition, devices must be running Windows 11, version 23H2 or 22H2 with the May 2024 non-security preview update installed in order to update to version 24H2.

Can I upgrade our organization's devices from Windows 10 directly to this new update?
Yes. You can upgrade devices directly from Windows 10 to Windows 11, version 24H2[4] using the target version capability in Windows Update for Business, the Windows Update for Business deployment service, and feature update deployments in Windows Autopatch. In fact, we strongly encourage you to begin your upgrade immediately, as Windows 10 will reach end of support on October 14, 2025. For end user readiness, take advantage of our Windows 11 Onboarding Kit, which provides ready-to-customize materials you can use to help prepare your users and ensure that they get the most out of Windows 11. If you need a little more time to get from Windows 10 to Windows 11, or procure new devices, you can also explore the Windows 10 Extended Security Updates (ESU) program.

How can I test new features in Windows 11 prior to their release?
Join the Windows Insider Program. Access preview builds of Windows 11 so you can try out the new features, provide feedback directly to Microsoft, and, if desired, deploy early builds across your organization to test your apps, hardware, and processes. Want to work directly with the Windows engineering teams to develop solutions that better meet your needs? Join the Microsoft Management Customer Connection Program.

What if my applications are not compatible with Windows 11, version 24H2?
Windows 11 is the most compatible Windows operating system ever. If you do encounter an application compatibility issue, however, our App Assure team is here to help.

Is there a Windows Server release with this release of Windows 11?
Windows Server 2025 is currently in preview. To learn more, see What's new in Windows Server 2025 (preview).

Are there new features for Copilot+ PCs?
Copilot+ PCs run on Windows 11, version 24H2, enabling us to unlock productivity, accessibility, and sustainability capabilities that are exclusive to Copilot+ devices. We introduced Copilot+ PCs with features like Live Translation and Paint Cocreator and announced new features today[5] that will begin rolling out to Windows Insiders in phases, to select devices and markets, beginning in November. Our goal is to ensure that IT admins have the controls they need to confidently deploy Copilot+ PCs and the exclusive AI features that run on them. With this latest update, we have provided additional controls across Copilot+ PC features and have even more coming to ensure these AI experiences can be deployed by IT in organizations. To hear more about what is coming for Copilot+ PCs, and how you as the IT admin will be in control, tune in to Microsoft Ignite this November.

What changes have you made to the security posture of Recall on Copilot+ PCs?
Recall is an entirely new way to instantly find something you've previously seen on your PC. Based on your feedback, we have worked to make Recall[6] even more secure by default, ensuring that you feel confident that your data is safe and secure. Additionally, Recall will be off by default for all commercial[7] devices. You will need to allow Recall via policy before users will be able to opt-in. Once enabled, devices will use Windows Hello to confirm a person's identity (and presence) and then securely unlock the Recall experience. For more details, see the recent Update on Recall security and privacy architecture. We will share more about controls for Recall and other Copilot+ PC news at Microsoft Ignite.

Additional resources


Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro and on LinkedIn. Looking for support? Visit Windows on Microsoft Q&A.


[1] Downloads in the Microsoft 365 admin center and similar channels may be delayed.

[2] Home and Pro editions of Windows 11, version 24H2 receive 24 months of support. For more details, see the Windows lifecycle FAQ.

[3] Content Adaptive Brightness Control (CABC) is not available on all laptop or 2-in-1 devices as it must be enabled by the manufacturer of the device in order to function.

[4] If we identify an issue that might cause a feature update to fail or roll back, a safeguard hold may be applied to prevent affected devices from installing the update and safeguard them from a poor experience.

[5] Availability may differ based on the various silicon platforms.

[6] Starting in October, Windows Insiders will begin to see Recall on Snapdragon-powered Copilot+ PCs. Those who purchase Intel- or AMD- powered Copilot+ PCs will initially see Recall in the Windows Insider Program starting in November. Timing and details on the broad availability of Recall will be shared at a later date. Security continues to be our top priority and when Recall is available for Windows Insiders, we will publish a blog with more details.

[7] Commercial devices are defined as devices running an Enterprise or Education SKU, devices running a premium SKU that are managed by an IT administrator (whether via Microsoft Intune or other endpoint management solution), devices that have a volume license key, or devices that are joined to a domain.

35 Comments
Co-Authors
Version history
Last update:
‎Sep 30 2024 10:37 PM
Updated by: