Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This section provides descriptions of and links to the Windows technical documents that are new or have been revised to reflect the functionality of the latest product version.
New Documentation
No new protocol documents are available.
Service Releases
The following documents were updated for servicing releases.
Please note: Protocol behavior changes and updates will be summarized on this page. Document update descriptions can also be found in each document's Change Tracking entries at the end of each document.
Difference documents for each release of protocol documents will no longer be published. Each document release will include the protocol document in PDF and Word format: You can use Word Compare functionality, or an equivalent tool, to create difference documents between document versions.
|
Specification |
Description |
Release date |
|---|---|---|
|
This document has been updated as follows: Clarified vector data layout and dimension definitions, added support for half‑precision floating‑point vectors, updated server implementation limits, and clarified VECTORSUPPORT negotiation by defining versioned feature data and acknowledgment formats. |
June 17, 2026 |
|
|
[MS-FASP]: Firewall and Advanced Security Protocol | Microsoft Learn |
This document has been updated as follows: Added support for IKEv2 protocol in IPSec Key Exchange Negotiation. |
June 08, 2026 |
|
[MS-ADTS]: Active Directory Technical Specification | Microsoft Learn |
This document has been updated as follows: Added SOA-Policies Container definition and SOA modify rules including disabled by default behavior. |
May 25, 2026 |
|
[MS-RDPEGFX]: Remote Desktop Protocol: Graphics Pipeline Extension | Microsoft Learn |
This document has been updated as follows: Updated server behavior for preventing selection of unsupported graphics capability sets. |
May 11, 2026 |
|
This document has been updated as follows: Added support for new encryption types for local user accounts to use Kerberos. |
April 27, 2026 |
|
|
[MS-SPNG]: Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) Extension | Microsoft Learn |
This document has been updated as follows: Added support for SPNEGO Late Fallback mechanism for handling the negotiation of authentication protocols using Kerberos V5 and GSS-API (IAKERB). |
April 27, 2026 |
|
[MS-OAPXBC]: OAuth 2.0 Protocol Extensions for Broker Clients | Microsoft Learn |
This document has been updated as follows: Added Key Receipt Context validation rules when issuing a User Authentication Certificate for Primary Refresh Token (PRT). |
April 14, 2026 |
|
[MS-TLSP]: Transport Layer Security (TLS) Profile | Microsoft Learn |
This document has been updated as follows: Added TLS 1.3 support for post-quantum hybrid ECDHE-MLKEM key exchange, introducing the X25519MLKEM768, SecP256r1MLKEM768, and SecP384r1MLKEM1024 groups. |
April 13, 2026 |
|
[MS-RDPEWA]: Remote Desktop Protocol: WebAuthn Virtual Channel Protocol | Microsoft Learn |
This document has been updated as follows: Added support for in-session auto-fill passwordless UI enhancement in browsers for passwordless authentication. |
March 30, 2026 |
|
This document has been updated as follows: Added support for UAC hardening by binding loopback Kerberos authentication to machine identity. |
March 30, 2026 |
|
|
[MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol | Microsoft Learn |
This document has been updated as follows: Added a new field “Reserved” to the Single_Host_Data structure. |
March 30, 2026 |
|
[MS-RDPBCGR]: Remote Desktop Protocol: Basic Connectivity and Graphics Remoting | Microsoft Learn |
This document has been updated as follows: Added a new RDP Negotiation failure code which will enable RDP clients to authenticate using Entra ID, eliminating fallback to less secure protocols. |
March 9, 2026 |
|
[MS-ADTS]: Active Directory Technical Specification | Microsoft Learn |
This document has been updated as follows: Added a new rootDSE attribute, CheckAndFixDNReference, to fix database corruption. |
February 23, 2026 |
|
This document has been updated as follows: Introduced a new USERAGENT feature extension in the LOGIN7 message to capture client environment details. This extension includes an opaque payload (up to 256 UCS-2 characters) that the server forwards without interpretation, enabling analytics and telemetry scenarios. |
February 23, 2026 |
|
|
[MS-DNSP]: Domain Name Service (DNS) Server Management Protocol | Microsoft Learn |
This document has been updated as follows: Extended DNS server management operations to support new functionality in R_DnssrvQuery2 and R_DnssrvOperation2. |
January 26, 2026 |
|
This document has been updated as follows: Deprecated support for version 1 of the protocol. |
January 13, 2026 |
|
|
This document has been updated as follows: Updated KRB_TGS_REQ to send PA-S4U-X509-USER by default, and PA-FOR-USER only when required. |
January 13, 2026 |
|
|
[MS-TSTS]: Terminal Services Terminal Server Runtime Interface Protocol | Microsoft Learn |
This document has been updated as follows: Added a new value (WTSSessionActivityId) to the WTS_INFO_CLASS and a new rpc function (RpcGetActivityId) to TermSrvSession. |
November 21, 2025 |
|
[MS-PEAP]: Protected Extensible Authentication Protocol (PEAP) | Microsoft Learn |
This document has been updated as follows: Updated to enable the usage of TLS 1.3. |
September 29, 2025 |
|
This document has been updated as follows: Added input size constraints to many parameters in the Netlogon Remote Protocol (MS-NRPC) to enhance security and reliability. |
September 9, 2025 |
|
|
[MS-CSRA]: Certificate Services Remote Administration Protocol | Microsoft Learn |
This document has been updated as follows: Added support to set the OnlyContainsUserCerts or OnlyContainsCACerts bit in the Issuing Distribution Point (IDP) extension of Certificate Revocation Lists (CRLs). Added support for CRL partitioning, allowing certificate revocation lists to be divided into multiple partitions. |
August 25, 2025 |
|
[MS-WCCE]: Windows Client Certificate Enrollment Protocol | Microsoft Learn |
This document has been updated as follows: Added support to set the OnlyContainsUserCerts or OnlyContainsCACerts bit in the Issuing Distribution Point (IDP) extension of Certificate Revocation Lists (CRLs). Added support for CRL partitioning, allowing certificate revocation lists to be divided into multiple partitions. |
August 25, 2025 |
|
This document has been updated as follows: Active Directory domain controllers now require authentication for NetrGetDCName and NetrGetAnyDCName RPC methods. |
August 12, 2025 |
|
|
[MS-CSRA]: Certificate Services Remote Administration Protocol | Microsoft Learn |
This document has been updated as follows: Added support to set the OnlyContainsUserCerts or OnlyContainsCACerts bit in the IDP extension of CRLs. Revised the processing rules for the Request_Binary_Linter_Certificate column value to indicate the value is cleared once the final certificate is issued. |
August 11, 2025 |
|
[MS-OCSPA]: Microsoft OCSP Administration Protocol | Microsoft Learn |
This document has been updated as follows: Added support to set the OnlyContainsUserCerts or OnlyContainsCACerts bit in the IDP extension of CRLs. |
August 11, 2025 |
|
[MS-TSTS]: Terminal Services Terminal Server Runtime Interface Protocol | Microsoft Learn |
This document has been updated as follows: Added a new notification type (WTS_NOTIFY_DESKTOP_READY = 0x1000) to the defined TNotificationId values. |
August 11, 2025 |
|
[MS-WCCE]: Windows Client Certificate Enrollment Protocol | Microsoft Learn |
This document has been updated as follows: Added support to set the OnlyContainsUserCerts or OnlyContainsCACerts bit in the IDP extension of CRLs. Revised the processing rules for the Request_Binary_Linter_Certificate column value to indicate the value is cleared once the final certificate is issued. |
August 11, 2025 |
|
[MS-CSRA]: Certificate Services Remote Administration Protocol | Microsoft Learn |
This document has been updated as follows: Added an automated pre-sign certificate linting capability for Standalone Certificate Authorities (Offline CAs). Feature aligns the workflow to match the existing automated process available in Enterprise CAs.
|
May 12, 2025 |
|
[MS-WCCE]: Windows Client Certificate Enrollment Protocol | Microsoft Learn |
This document has been updated as follows: Added an automated pre-sign certificate linting capability for Standalone Certificate Authorities (Offline CAs). Feature aligns the workflow to match the existing automated process available in Enterprise CAs.
|
May 12, 2025 |
|
[MS-ADTS]: Active Directory Technical Specification | Microsoft Learn |
This document has been updated as follows: Added a new limit, MaxPreAuthReceiveBuffer, which enforces a maximum buffer size a client can use before connection authentication. Supported after installation of [MSFT-CVE-2025-27469]. |
April 8, 2025 |
|
[MS-NCNBI]: Network Controller Northbound Interface | Microsoft Learn |
This document has been updated as follows: Added support for new protocol version v7.1. The load balancer object can be created without ipPool. Added support with new 4-byte ASN elements for the router configuration of the load balancer. |
April 7, 2025 |
|
[MS-MDE2]: Mobile Device Enrollment Protocol Version 2 | Microsoft Learn |
This document has been updated as follows: Added new ContextItems for diagnostics returned to the server. |
March 10, 2025 |
|
This document has been updated as follows: Added a new message type, CPMExternalSearchResultIn, to the existing named pipe the indexer uses. Added 2 new restriction types, RTCoerce_MinMax and RTRankMerge. |
March 10, 2025 |
|
|
[MS-TSTS]: Terminal Services Terminal Server Runtime Interface Protocol | Microsoft Learn |
This document has been updated as follows: Added a new value (WTSSessionActivityId) to the WTS_INFO_CLASS and a new RPC function (RpcGetActivityId) to TermSrvSession. |
February 10, 2025 |
|
[MS-WUSP]: Windows Update Services: Client-Server Protocol | Microsoft Learn |
This document has been updated as follows: Added support for encrypted file digest on top of plaintext binaries to enable Secure Flighting. |
January 27, 2025 |
|
[MS-WUSP]: Windows Update Services: Client-Server Protocol | Microsoft Learn |
This document has been updated as follows: Added support for encrypted file digest on top of plaintext binaries to enable Secure Flighting. |
January 13, 2025 |
Technical Document Release
The following documents were updated for the Windows 11, version 25H2 operating system and/or Windows Server 2025 operating system. These documents may also have been revised for content issues.
|
Specification |
Description |
Release date |
|---|---|---|
|
[MS-ADTS]: Active Directory Technical Specification | Microsoft Learn |
This document has been updated as follows: Introduces new processing rules for blocking implicit owner rights and modifies the default to be in an enabled state. |
November 12, 2025 |
Technical Document Release
The following technical document was revised with product updates for Microsoft SQL Server 2025 and may also have been revised for content issues.
|
Specification |
Description |
Release date |
|---|---|---|
|
This document has been updated to introduce a new TDS protocol feature extension that enables reader endpoints for load-balanced read workloads in Azure SQL. This enhancement allows clients to connect using distinct endpoint connection strings, facilitating intelligent, database-aware routing across read replicas for improved scalability and performance. |
August 29, 2025 |