Share via


Windows message center

    Recent announcements

    MessageDate
    Windows add support for the new certificate authority handling logic in Application Control for Business
    Starting in July 2025, Microsoft is updating the logic used by Application Control for Business to handle signer rules that rely on TBS (To Be Signed) hash values for Microsoft intermediate certificate authorities (CAs). No policy updates are required if your existing rules reference the expiring CAs. The new logic is part of recent Windows updates, and it allows Application Control to automatically infer trust for the new 2023 and 2024 CAs.

    For more information about the expiring CAs and their expiration dates, see Windows support for the Application Control for Business new CA handling logic.
    2025-06-16
    10:00 PT
    Windows Office Hours: June 19, 2025
    If you are an IT admin with questions about managing and updating Windows, we want to help. Every third Thursday of the month, we host a live chat-based event on the Tech Community called Windows Office Hours. Members of the Windows, Microsoft Intune, Windows Autopilot, Windows Autopatch, and Windows 365 engineering teams will be standing by to answer your questions. We also have experts from FastTrack, the Customer Acceleration Team, and Microsoft public sector teams. 

    Want to attend the June 19 session of Office Hours? Add it to your calendar and select Attend on the event page to let us know you’re coming. There is no video or live meeting component. Simply visit the event page, log in to the Tech Community, and leave your questions in the Comments section. You can also bookmark https://aka.ms/Windows/OfficeHours for upcoming dates (and the ability to add this event to your calendar). We look forward to helping you.
    2025-06-12
    10:00 PT
    How to configure RBAC for Windows Autopatch
    IT admins, use expanded role-based access control (RBAC) to better manage access permissions to Windows Autopatch resources. Start by enforcing least privilege access with the new Windows Autopatch administrator and the Windows Autopatch reader roles. Learn how to assign the right permissions, apply Microsoft Intune scope tags as needed, and manage Windows Autopatch groups as a scoped admin. Find complete guidance in How to configure RBAC for Windows Autopatch.
    2025-06-11
    10:00 PT
    Prepare for Kerberos CBA changes: Enforcement begins with July updates
    Windows updates released on or after April 8, 2025, contain protections for a vulnerability with Kerberos authentication. These protections are deployed in phases. The next phase, Enforced by Default phase, begins July 8, 2025.

    July 8, 2025: Enforced by Default phase
    • Updates released on or after July 8, 2025, will enforce the NTAuth store check by default. The AllowNtAuthPolicyBypass registry key setting will still allow customers to move back to Audit mode if needed. However, the ability to completely disable this security update will be removed.
    October 14, 2025: Enforcement mode
    • Updates released on or after October 14, 2025, will discontinue Microsoft support for the AllowNtAuthPolicyBypass registry key. At this stage, all certificates must be issued by authorities that are a part of NTAuth store.
    To learn more about these protections, please see Guidance for applying protections related to CVE-2025-26647.
    2025-06-11
    10:00 PT
    (Updated) The June 2025 Windows security update is now available
    Note updated on June 11, 2025 (10:00 PT)

    The June 2025 security update is now available for all supported versions of Windows. We recommend that you install these updates promptly. Information about the contents of this update is available from the release notes, which are accessible from the Windows 11 and Windows 10 update history pages. For instructions on how to install this update on your home device, check the Update Windows article. To learn more about the different types of monthly quality updates, see Windows monthly updates explained. To be informed about the latest updates and releases, follow us on X @WindowsUpdate.
      
    Highlights for the Windows 11, version 24H2 update: 
    • This security update includes improvements that were a part of update KB5058499 (released May 28, 2025).
    • After installing the June 2025 Windows security update, Windows 11, version 24H2 will retain system restore points for up to 60 days.
    • This update addresses an issue that prevents users from signing in with self-signed certificates when using Windows Hello for Business with the Key Trust model.
    Short on time? Watch our Windows 11 release notes video for this month's tips.

    (Updated) Note: The June 2025 security update for devices running Windows 11, version 24H2 (KB5060842) was released and gradually rolled out June 10, 2025. However, we’ve identified a compatibility issue affecting a limited set of these devices in version 24H2, which instead will receive the Out-of-Band (OOB) update (KB5063060). The OOB update was released today, June 11, 2025. For more information, see June 11, 2025—KB5063060 (OS Build 26100.4351) Out-of-band - Microsoft Support.
    2025-06-10
    10:00 PT
    Take action: Out-of-band update to address install error 0xc0000098 in ACPI.sys while installing KB5058405
    Microsoft has identified an issue where the May 2025 Windows security update (KB5058405) might fail to install on some Windows 11, versions 22H2 and 23H2 devices, resulting in a recovery error (0xc0000098) related to the ACPI.sys file. This issue primarily affects virtual environments, including Azure Virtual Machines, Azure Virtual Desktop, and on-premises VMs hosted on Citrix or Hyper-V. Home users of Windows using Home or Pro editions are unlikely to be impacted.

    We recommend using Azure Virtual Machine repair commands as a workaround for Azure customers who have already applied the May 2025 Windows security update and are experiencing this issue. For more details on this issue, see KB5058405 might fail to install with recovery error 0xc0000098 in ACPI.sys.

    To address this issue, the out-of-band (OOB) update KB5062170 has been released today, May 31, 2025. This non-security OOB update is available exclusively via the Microsoft Update Catalog. If you have not yet deployed the May 2025 Windows security update (KB5058405) and your environment includes devices running in a virtual desktop infrastructure on Windows 11, versions 22H2 and 23H2, we recommend you apply the OOB update instead. This OOB update includes all improvements and fixes in the May 2025 Windows non-security preview update (KB5058502), in addition to this issue’s resolution.
    2025-05-31
    14:30 PT
    Get started with May 2025 improvements in Windows 11
    If you’re an IT professional or decision maker, start using the newest Windows 11 capabilities with helpful tips and actionable steps summarized in one place. Discover enhancements to Windows App, administrator protection, Copilot on Windows, as well as multiple AI and productivity features. See how to get started with these and other improvements across Microsoft Intune, Windows Autopatch, and Windows Server.
    2025-05-30
    10:00 PT
    Take action: Disable Secure Time Seeding (STS) in Windows Server 2016 and later
    Microsoft recommends disabling the Secure Time Seeding (STS) in Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025 due to reported timekeeping issues. Additionally, organizations should review and ensure proper time synchronization and monitoring on critical servers.   
     
    Microsoft recommends applying this disablement as soon as possible. This recommendation applies to all existing deployments of Windows Server 2016 and later (including domain controllers and member servers). Disabling Secure Time Seeding (STS) may prevent potential timekeeping errors that could affect time-sensitive workloads, such as Active Directory Domain Services (ADDS) domain controllers, VM hosts, and servers using time for critical functionality. 
     
    IT admins should review timekeeping requirements in their environments and then disable the STS feature by modifying registry or Group Policy settings and rebooting the affected machines. See Secure Time Seeding recommendations for Windows Server for steps on how to disable STS in Windows Server. For additional information, check Secure Time Seeding – improving time keeping in Windows and Secure Time Seeding recommendations for Windows Server.
    2025-05-30
    10:00 PT
    The May 2025 Windows non-security preview update is now available
    The May 2025 non-security preview update is now available for Windows 11, version 24H2 and Windows 10, version 22H2. Information about the contents of this update is available from the release notes, which are accessible from the Windows 11 and Windows 10 update history pages. For instructions on how to install this update on your home device, check the Update Windows article. To learn more about the different types of monthly quality updates, see Windows monthly updates explained. To be informed about the latest updates and releases, follow us on X @WindowsUpdate.

    Looking to explore upcoming features and improvements in Windows 11? Check out the Windows roadmap. It includes what’s coming to the Windows Insider Program, what’s gradually rolling out, and what’s generally available.

    Highlights for the Windows 11, version 24H2 update: 
    • Ask Copilot is a new action within Click to Do. When you highlight text or an image, Click to Do offers the Ask Copilot option. Selecting it opens Microsoft Copilot with your content in the prompt box.
    • You can open Copilot on Windows with Win + C. You can personalize your Copilot key and Win + C experience at any time with the existing “Customize Copilot key on keyboard” under Settings > Personalization > Text input.
    • Find answers to commonly asked questions about your PC and Windows 11 in the new FAQs section under Settings System About page.
    • Mouse settings are now easier to access under Settings > Accessibility > Mouse and Mouse pointer and touch, with no need to open Control Panel. 
    • Seamlessly resume working on OneDrive files from your phone (iOS and Android) on your Windows 11 PC with a single click. With this feature, you’ll get a notification asking if you want to pick up where you left off editing a OneDrive file, like a Word document, that you viewed or edited on your phone within the last 5 minutes before unlocking your PC.
    2025-05-28
    14:00 PT
    (Updated) Take Action: Out-of-band update to address issue on devices running Hyper-V on some versions of Windows
    Updated May 27, 2025: This message was updated to include additional versions of Windows affected by this issue.

    Microsoft has identified an issue where certain confidential virtual machines running on Hyper-V might intermittently stop responding or restart unexpectedly, affecting service availability and requiring manual intervention. This issue primarily affects Azure confidential VMs and is not expected to impact standard in-market Hyper-V deployments, except in rare cases involving preview or pre-production configurations.

    To address this issue, out-of-band (OOB) updates have been released, May 23, 2025 for Windows Server 2022 (KB5061906) and today, May 27, 2025 for additional versions of Windows affected by this issue. This update is available exclusively via the Microsoft Update Catalog. For more information and installation instructions, refer to the appropriate KB article for your Windows version. If your organization is not affected by this issue, you do not need to install this OOB update.

    If you have not yet deployed the May 2025 Windows security update and your IT environment includes devices running Hyper-V on the versions of Windows listed below, we recommend you apply this OOB update instead:
    2025-05-27
    14:30 PT
    Announcing Windows Backup for Organizations
    If part of your job is helping your organization transition to Windows 11, consider the limited public preview of Windows Backup for Organizations. You can back up your organization’s Windows 10 or Windows 11 settings and restore them on a Microsoft Entra joined device. This capability helps reduce migration overhead, minimize user disruption, and strengthen device resilience against incidents. Nominate your organization for this preview as you prepare for the upcoming Windows 10 end of support date on October 14, 2025. Learn more at Announcing Windows Backup for Organizations.
    2025-05-27
    14:00 PT
    The May 2025 Windows non-security preview update is now available for Windows 11, versions 23H2 and 22H2
    The May 2025 non-security preview update is now available for Windows 11, versions 23H2 and 22H2. Information about the contents of this update is available from the release notes, which are accessible from the Windows 11 update history page. For instructions on how to install this update on your home device, check the Update Windows article. To learn more about the different types of monthly quality updates, see Windows monthly updates explained. To be informed about the latest updates and releases, follow us on X @WindowsUpdate.

    Highlights for the Windows 11, versions 23H2 and 22H2 update: 
    • You can open Copilot on Windows with Win + C. You can personalize your Copilot key and Win + C experience at any time with the existing "Customize Copilot key on keyboard" under Settings > Personalization > Text input.
    • Find answers to commonly asked questions about your PC and Windows 11 in the new FAQs section under Settings System About page.
    • Admins can configure taskbar policies so users can unpin specific apps, ensuring they are not repinned during the next policy refresh.
    • When you drag a local file from File Explorer or your desktop, a tray appears at the top of your screen. Drop the file into a suggested app or select More to open the Windows share window.
    2025-05-27
    10:00 PT
    Take Action: Out-of-band update to address BitLocker recovery prompt issue on Windows 10
    Microsoft has identified a known issue affecting a small number of Windows 10 devices with Intel Trusted Execution Technology (TXT) enabled on 10th generation or later Intel vPro processors. After installing the May 13, 2025, Windows security update (KB5058379), these systems might experience unexpected termination of lsass.exe, which triggers Automatic Repair. On devices with BitLocker enabled, this results in a prompt for the BitLocker recovery key to proceed.

    To address this issue, an out-of-band (OOB) update has been released today, May 19, 2025 (KB5061768). This update is available exclusively via the Microsoft Update Catalog and is cumulative—no previous updates are required before installing it. It supersedes all prior updates. The OOB update is available only for the Windows versions affected by issue: Windows 10, version 22H2, Windows 10 Enterprise LTSC 2021, and Windows 10 IoT Enterprise LTSC 2021.

    Important: Consumer devices running Home and Pro editions of Windows 10 are unlikely to be affected, as they typically do not use Intel vPro processors.

    If you have not yet deployed the May 2025 Windows security update (KB5058379) and your IT environment includes devices with the affected processors, we recommend applying this OOB update instead: May 19, 2025—KB5061768 (OS Builds 19044.5856 and 19045.5856) Out-of-band. If your organization is not affected by this issue, you do not need to install this OOB update.
    2025-05-19
    10:00 PT
    VBScript deprecation: Detection strategies for Windows
    Start detecting Visual Basic Scripting Edition (VBScript) across your organization in preparation for the next deprecation phase. See how to use System Monitor (Sysmon), review VBScript dependencies, or scan for .vbs files and custom MSI packages. Once detected, you should proactively migrate away from VBScript. Now that VBScript is enabled by default on Windows 11, version 24H2 and later, you can also proactively disable it in preparation for the next deprecation phase. Find step-by-step instructions, tips, and considerations in VBScript deprecation: Detection strategies for Windows.
    2025-05-16
    10:00 PT
    Hotpatch for client: Frequently asked questions
    Have you prepared your organizational devices for the May 2025 hotpatch update? Hotpatching offers faster compliance for devices running Windows 11 Enterprise or Education, version 24H2. Find answers to any questions you may have in the following categories: 
    • Hotpatch update definitions 
    • Eligibility and availability of hotpatch updates 
    • Hotpatching on Arm64 devices 
    • Technical information about hotpatch updates 
    • Testing and error information 
    • Additional resources 
    2025-05-14
    10:00 PT
    The May 2025 Windows security update is now available
    The May 2025 security update is now available for all supported versions of Windows. We recommend that you install these updates promptly. For more information about the contents of this update, see the release notes, which are easily accessible from the Windows 11 and Windows 10 update history pages. For instructions on how to install this update on your home device, check the Update Windows article. To learn more about the different types of monthly quality updates, see Windows monthly updates explained. To be informed about the latest updates and releases, follow us on X @WindowsUpdate.
      
    Highlights for the Windows 11, version 24H2 update: 
    • This security update includes improvements that were a part of update KB5055627 (released April 25, 2025).
    • This update makes quality improvements to the servicing stack, which is the component that installs Windows updates.
    • This update addresses security issues for your Windows operating system. 
    Short on time? Watch our Windows 11 release notes video for this month's tips.
    2025-05-13
    10:00 PT
    Windows Office Hours: May 15, 2025
    If you are an IT admin with questions about managing and updating Windows, we want to help. Every third Thursday of the month, we host a live chat-based event on the Tech Community called Windows Office Hours. Members of the Windows, Microsoft Intune, Windows Autopilot, Windows Autopatch, and Windows 365 engineering teams will be standing by to answer your questions. We also have experts from FastTrack, the Customer Acceleration Team, and Microsoft public sector teams. 

    Want to attend the May 15 session of Office Hours? Add it to your calendar and select Attend on the event page to let us know you’re coming. There is no video or live meeting component. Simply visit the event page, log in to the Tech Community, and leave your questions in the Comments section. You can also bookmark https://aka.ms/Windows/OfficeHours for upcoming dates (and the ability to add this event to your calendar). We look forward to helping you.
    2025-05-08
    10:00 PT
    Resources to get started with hotpatch updates for Windows 11, version 24H2
    Do you have questions about hotpatch updates? The first Windows 11 hotpatch update since general availability is coming to enterprises in the second week of May 2025. Here is a list of recently published resources to help you get started and make the most of this feature.
    Note: A hotpatch calendar is now also incorporated into the Windows Server release information

    To receive the May 2025 hotpatch update, enroll your devices into hotpatching and update them with the April 2025 baseline update
    2025-05-06
    10:00 PT
    Get started with April 2025 improvements in Windows 11
    If you’re an IT professional or decision maker, start using the newest Windows 11 capabilities with helpful tips and actionable steps summarized in one place. Discover hotpatch updates for Windows client, controls and policies to manage new AI features on Copilot+ PCs, public preview of Zero Trust DNS, and more. See how to get started with these and other enhancements across Windows 365, Microsoft Intune, Windows Autopatch, and Windows Server.
    2025-04-30
    13:00 PT
    Copilot+ PCs: more AI features that empower you every day
    Windows has always been the place where computing innovation happens first. This was the case when we introduced Copilot+ PCs last May – the fastest, most intelligent, and most secure Windows PCs ever built. The innovation continues today with the general availability (GA) of exclusive AI experiences like Recall (preview), Click to Do (preview) and improved Windows search across Copilot+ PCs.*

    Copilot+ PCs have blazed a trail in personal computing, redefining what it means to be a premium PC with unparalleled features, performance and security out of the box. Now, with the availability of Recall, improved Windows search, and Click to Do, we’re adding even more AI benefits, making it easier to pick up where you left off, find what you’re looking for and do more with less time and hassle.

    At a time when many are talking about the benefits of AI, we are excited to be delivering them on Copilot+ PCs. To learn more about the exclusive Copilot+ PC features available starting today, see the blog post Copilot+ PCs are the most performant Windows PCs ever built, now with more AI features that empower you every day.

    *Note: Copilot+ PC experiences vary by device and market and may require updates continuing to roll out through 2025; Recall and Click to Do will be coming to European Economic Area later in 2025. Timing varies. See aka.ms/copilotpluspcs.
    2025-04-25
    10:00 PT
    AI innovations grounded in transparency and control
    IT management controls and policies are now available with the new AI features on Copilot+ PCs. Install the April 2025 Windows non-security update on eligible Copilot+ PCs to get access to Recall (preview), Click to Do (preview), and improved Windows search. Learn more about these new AI features and how to manage them with built-in controls and policies.  
    2025-04-25
    10:00 PT
    The April 2025 Windows non-security preview update is now available for Windows 11, version 24H2
    The April 2025 non-security preview update is now available for Windows 11, version 24H2. For instructions on how to install this update on your home device, check the Update Windows article. Information about the contents of this update is available from the release notes, which are accessible from the Windows 11 update history page. To learn more about the different types of monthly quality updates, see Windows monthly updates explained. To be informed about the latest updates and releases, follow us on X @WindowsUpdate.

    Highlights for the Windows 11, version 24H2 update: 
    • Use Recall (preview) to quickly find and get back to any app, website, image, or document just by describing its content using the AI capabilities of Copilot+ PCs.
    • Finding your documents, photos, and settings across Windows 11 is easier on Copilot+ PCs with improved Windows search, powered by semantic indexing models along with traditional lexical indexing.
    • Use Phone Link to access cross-device features between your mobile device and PC. For example, you can make phone calls, send SMS messages, or access your photos.
    • Web developers can use their existing content to create interactive widgets that can be added to multiple widgets surfaces.
    • You can now manage which apps Windows recommends actions for by going to Settings > Apps > Actions on Copilot+ PCs.
    2025-04-25
    10:00 PT
    The April 2025 Windows non-security preview update is now available for Windows 11, versions 23H2 and 22H2
    The April 2025 non-security preview update is now available for Windows 11, versions 23H2 and 22H2. The non-security preview update for Windows 11, version 24H2 will be available in the coming days. For instructions on how to install this update on your home device, check the Update Windows article. Information about the contents of this update is available from the release notes, which are accessible from the Windows 11 update history page. To learn more about the different types of monthly quality updates, see Windows monthly updates explained. To be informed about the latest updates and releases, follow us on X @WindowsUpdate.

    Highlights for the Windows 11, versions 23H2 and 22H2 update: 
    • This update adds pivot-based curated views on File Explorer Home that supports ease of access of Microsoft 365 content on Windows.
    • Using speech recap, you can quickly access spoken content and follow along with live transcription all with simple keyboard shortcuts.
    • Use Phone Link to access cross-device features between your mobile device and PC. For example, you can make phone calls, send SMS messages, or access your photos.
    • Web developers can use their existing content to create interactive widgets that can be added to multiple widgets surfaces.
    • Make last-minute edits such as cropping, rotating, and adding filters to images shared though the share sheet.
    2025-04-22
    14:00 PT
    The April 2025 Windows non-security preview update is now available for Windows 10, version 22H2
    The April 2025 non-security preview update is now available for Windows 10, version 22H2. The non-security preview update for Windows 11, versions 24H2, 23H2, and 22H2 will be available soon. For instructions on how to install this update on your home device, check the Update Windows article. Information about the contents of this update is available from the release notes, which are accessible from the Windows 10 update history page. To learn more about the different types of monthly quality updates, see Windows monthly updates explained. To be informed about the latest updates and releases, follow us on X @WindowsUpdate.

    Highlights for the Windows 10, version 22H2 update: 
    • This update contains miscellaneous security improvements to internal Windows OS functionality.
    • This update makes quality improvements to the servicing stack, which is the component that installs Windows updates.
    • Additions have been made to blocklist drivers with security vulnerabilities that have been used in Bring Your Own Vulnerable Driver (BYOVD) attacks.
    2025-04-22
    10:00 PT
    Take Action: Out-of-band updates to address issues with local policy events in Active Directory group policy
    Microsoft has identified an issue where audit logon/logoff events in the local policy of the Active Directory Group Policy might not show as enabled on the device even if they are enabled and working as expected. This can be observed in the Local Group Policy Editor or Local Security Policy, where local audit policies show the "Audit logon events" policy with security setting of "No auditing". An out-of-band (OOB) update has been released today, April 11, 2025, to address this issue.

    Windows home users are unlikely to be affected by this issue, as logon auditing is generally only necessary in enterprise environments. This OOB update is a non-security release, and organizations that are not affected by this issue don’t need to install this update.

    The OOB updates available only on the Microsoft Update Catalog for the Window versions affected by this issue. They are cumulative, so you do not need to apply any previous update before installing them, and they supersede all previous updates. If you haven’t deployed the April 2025 Windows security update yet and you utilize Active Directory Group Policy, we recommend you apply this OOB update instead for the Windows versions listed below:

    • Windows 11, versions 23H2 and 22H2 (KB5058919)
    • Windows Server 2022 (KB5058920)
    • Windows 10 Enterprise LTSC 2019 and Windows Server 2019 (KB5058922)
    • Windows 10 LTSB 2016 and Windows Server 2016 (KB5058921)
    • Azure Stack HCI, version 22H2 (KB5058920)
    2025-04-11
    14:00 PT
    Windows Office Hours: April 17, 2025
    If you are an IT admin with questions about managing and updating Windows, we want to help. Every third Thursday of the month, we host a live chat-based event on the Tech Community called Windows Office Hours. Members of the Windows, Intune, Windows Autopilot, Windows Autopatch, and Windows 365 engineering teams will be standing by to answer your questions. We also have experts from FastTrack, the Customer Acceleration Team, and Microsoft public sector teams. 

    Want to attend the April 17 session of Office Hours? Add it to your calendar and select Attend on the event page to let us know you’re coming. There is no video or live meeting component. Simply visit the event page, log in to the Tech Community, and leave your questions in the Comments section. You can also bookmark https://aka.ms/Windows/OfficeHours for upcoming dates (and the ability to add this event to your calendar). We look forward to helping you.
    2025-04-10
    10:00 PT
    Chile DST changes 2025 update now available
    Updates are now available to reflect the new 2025 Daylight Saving Time (DST) change in the Aysén region in Chile. On March 20, 2025, the Chilean government made an official announcement that the Aysén Region in Chile would permanently stay in DST or UTC-3.

    Microsoft has included support for this change in the April 2025 Windows security update for all supported versions of Windows 11, Windows 10, and Windows Server.

    For more information about Daylight Saving Time changes, please see: Daylight Saving Time & Time Zone Blog.
    2025-04-09
    14:00 PT
    (Updated) The April 2025 Windows security update is now available
    Updated April 9, 2025: This message was updated to reflect the current availability of Windows 10 2015 LTSB.

    The April 2025 security update is now available for all supported versions of Windows. We recommend that you install these updates promptly. For more information about the contents of this update, see the release notes, which are easily accessible from the Windows 11 and Windows 10 update history pages. For instructions on how to install this update on your home device, check the Update Windows article. To learn more about the different types of monthly quality updates, see Windows monthly updates explained. To be informed about the latest updates and releases, follow us on X @WindowsUpdate.
      
    Highlights for the Windows 11, version 24H2 update: 
    • This security update includes improvements that were a part of update KB5053656 (released March 27, 2025).
    • This update makes quality improvements to the servicing stack, which is the component that installs Windows updates.
    • This update addresses an issue where machine passwords might not rotate correctly in the Identity Update Manager, which can result in user authentication issues.
    • This update adds support for the Aysen region in Chile Daylight Saving Time (DST) change in 2025. For more info about DST changes, see the Daylight Saving Time & Time Zone Blog.
    Short on time? Watch our Windows 11 release notes video for this month's tips.
    2025-04-08
    10:00 PT
    KB5057784: Protections for CVE-2025-26647 (Kerberos Authentication)
    Windows updates released on or after April 8, 2025, contain protections for a vulnerability with Kerberos authentication. These protections are deployed in three phases (see below). The first phase, Audit mode, begins April 8, 2025.

    April 8, 2025: Initial Deployment phase – Audit mode
    • The initial deployment phase starts with the updates released on April 8, 2025. These updates add new behavior that detects the elevation of privilege vulnerability described in CVE-2025-26647 but does not enforce it.
    • To enable the new behavior and be secure from the vulnerability, you must ensure all Windows domain controllers are updated and the AllowNtAuthPolicyBypass registry key setting is set to 2.

    July 8, 2025: Enforced by Default phase
    • Updates released on or after July 8, 2025, will enforce the NTAuth Store check by default. The AllowNtAuthPolicyBypass registry key setting will still allow customers to move back to Audit mode if needed. However, the ability to completely disable this security update will be removed.

    October 14, 2025: Enforcement mode
    • Updates released on or after October 14, 2025, will discontinue Microsoft support for the AllowNtAuthPolicyBypass registry key. At this stage, all certificates must be issued by authorities that are a part of NTAuth store.
    To learn more about these protections, please see Guidance for applying protections related to CVE-2025-26647.
    2025-04-08
    10:00 PT
    Immediate Action: Enforce PAC Validation for CVE-2024-26248 & CVE-2024-29056
    Last year, Windows updates released on and after April 9, 2024, added new behaviors that start the process of addressing a security risk in the Kerberos PAC Validation Protocol.

    Starting today, the Enforcement phase of deployment begins. After installing the April 2025 Windows security update and later updates on all Windows domain controllers and Windows clients, support for Compatibility mode will be removed, and the new secure behavior will be enabled by default. This will properly mitigate the vulnerabilities described in CVE-2024-26248 and CVE-2024-29056.

    2025-04-08
    10:00 PT
    Continuing WSUS support for driver synchronization
    Does your organization still rely on Windows Server Update Services (WSUS) for driver synchronization? While it’s part of a deprecated WSUS service, you still can. Based on your valuable feedback, we are postponing the plan to remove WSUS driver synchronization, which was slated for April 18, 2025. Stay tuned as we work on a revised timeline to streamline our services for you. Read about additional details and cloud-based alternatives at Continuing WSUS support for driver synchronization.
    2025-04-07
    10:00 PT
    Hotpatch for Windows client now available
    Hotpatch updates are now available for organizational devices on Windows 11 Enterprise, version 24H2 and x64 (AMD/Intel) CPU. With hotpatch updates, you can quickly take measures to help protect your organization from cyberattacks, while minimizing user disruptions. You’ll first create a hotpatch-enabled quality update policy in Windows Autopatch through the Microsoft Intune console. Eligible devices managed by this policy will be offered hotpatch updates in a quarterly cycle. Eight months out of twelve, you won’t need to restart the device for the security update to take effect. Read more about hotpatch for Windows client, its benefits, how it works, and how your organization can take advantage of it today. 
    2025-04-02
    09:00 PT
    Interim guidance for Chile DST changes 2025
    On April 5, 2025, the Aysén region in Chile will remain on permanent Daylight Saving Time (DST), UTC-03, joining the Magallanes region. Please note that only the Aysén region is affected by this change, while other regions of Chile remain unaffected. This change will diverge from the America/Santiago time zone and create a new zone, America/Coyhaique.

    Microsoft plans to release an update to support this change in the April 2025 Windows security update. A temporary workaround is recommended for users affected by these changes. For more information about this Daylight Savings Time change, please see: Daylight Saving Time & Time Zone Blog.
    2025-04-01
    12:00 PT
    Get started with March 2025 improvements in Windows 11
    If you’re an IT professional or decision maker, start using the newest Windows 11 capabilities with helpful tips and actionable steps summarized in one place. Discover the Windows 11 Roadmap, quick machine recovery, attestation readiness verifier for TPM reliability, various enhancements across Microsoft Intune and AI, and so much more. Dive deeper into Windows management, security, and productivity by watching the latest Technical Takeoff sessions on demand.
    2025-03-31
    10:00 PT
    Introducing the Windows roadmap
    The Windows roadmap is a transparent view into what features and improvements are coming to Windows 11 to help you manage change for your estate. See what’s coming to the Windows Insider Program, what’s gradually rolling out, and what’s generally available with estimated release dates. Check out instructions on how to access these innovations before they’re enabled by default. You can filter by a specific version of Windows, the release channel, device type, or the latest status. Read the official announcement at Introducing the Windows roadmap.
    2025-03-27
    12:00 PT
    The March 2025 Windows non-security preview update is now available for Windows 11, version 24H2
    The March 2025 non-security preview update is now available for Windows 11, version 24H2. For instructions on how to install this update on your home device, check the Update Windows article. Information about the contents of this update is available from the release notes, which are accessible from the Windows 11 update history page. To learn more about the different types of monthly quality updates, see Windows monthly updates explained. To be informed about the latest updates and releases, follow us on X @WindowsUpdate.

    Highlights for the Windows 11, version 24H2 update:  
    • This update enhances communication on AMD and Intel®-powered Copilot+ PCs with live captions and real-time translation. Live captions support translating more than 44 languages into English, including speakers in real-time video calls, recordings, and streamed content. 
    • Finding your documents, photos, and settings across Windows 11 is easier on Copilot+ PCs with improved Windows Search, powered by semantic indexing models along with traditional lexical indexing. Available on Snapdragon-powered Copilot+ PCs, with support for AMD and Intel-powered Copilot+ PCs coming soon. 
    • The Gamepad keyboard layout is now available for the touch keyboard in Windows 11. This includes button accelerators (e.g., X button for backspace, Y button for spacebar).  
    • A new experience to improve the discoverability of the emoji and more panels in Windows 11 with the introduction of a new system tray icon on the taskbar.  This change will initially be available to a small group of devices. 
    2025-03-27
    10:00 PT
    The March 2025 Windows non-security preview update is now available for some supported versions of Windows
    The March 2025 non-security preview update is now available for Windows 11, versions 23H2, and 22H2, as well as Windows 10, version 22H2. The non-security preview update for Windows 11, version 24H2 will be available soon. For instructions on how to install this update on your home device, check the Update Windows article. Information about the contents of this update is available from the release notes, which are accessible from the Windows 11 and Windows 10 update history pages. To learn more about the different types of monthly quality updates, see Windows monthly updates explained. To be informed about the latest updates and releases, follow us on X @WindowsUpdate.

    Highlights for the Windows 11, versions 23H2 and 22H2 update: 
    • This update includes "Top cards", an easy way to view your PC’s key specifications, including processor, RAM, storage, and GPU. "Top cards" appear under Settings > System > About.
    • The Gamepad keyboard layout is now available for the touch keyboard.
    • This update includes a new system tray icon on the taskbar that improves emoji and panel discoverability.
    2025-03-25
    10:00 PT
    Attestation readiness verifier for TPM reliability
    If you’re an IT admin, consider a new tool to enhance Trusted Platform Module (TPM) reliability for Windows 11, version 24H2. It simulates verification of Measured Boot logs and proactively identifies security and reliability issues. Easily check for potential issues at the hardware and firmware layer, perform critical checks, and see the health state of devices at your organization in the Event Viewer Log. See instructions on how to use it at Attestation readiness verifier for TPM reliability
    2025-03-19
    10:00 PT
    Windows Office Hours: March 20, 2025
    If you are an IT admin with questions about managing and updating Windows, we want to help. Every third Thursday of the month, we host a live chat-based event on the Tech Community called Windows Office Hours. Members of the Windows, Intune, Windows Autopilot, Windows Autopatch, and Windows 365 engineering teams will be standing by to answer your questions. We also have experts from FastTrack, the Customer Acceleration Team, and Microsoft public sector teams. 

    Want to attend the March 20 session of Office Hours? Add it to your calendar and select Attend on the event page to let us know you’re coming. There is no video or live meeting component. Simply visit the event page, log in to the Tech Community, and leave your questions in the Comments section. You can also bookmark https://aka.ms/Windows/OfficeHours for upcoming dates (and the ability to add this event to your calendar). We look forward to helping you.
    2025-03-13
    10:00 PT
    The March 2025 Windows security update is now available
    The March 2025 security update is now available for all supported versions of Windows. We recommend that you install these updates promptly. For more information about the contents of this update, see the release notes, which are easily accessible from the Windows 11 and Windows 10 update history pages. For instructions on how to install this update on your home device, check the Update Windows article. To learn more about the different types of monthly quality updates, see Windows monthly updates explained. To be informed about the latest updates and releases, follow us on X @WindowsUpdate.
      
    Highlights for the Windows 11, version 24H2 update: 
    • This security update includes improvements that were a part of update KB5052093 (released February 25, 2025).
    • This update makes quality improvements to the servicing stack, which is the component that installs Windows updates.
    • This update addresses security issues for your Windows operating system. 
    Short on time? Watch our Windows 11 release notes video for this month's tips.
    2025-03-11
    10:00 PT
    30-day notice: Manage PAC Validation related to CVE-2024-26248 & CVE-2024-29056
    Last year, Windows updates released on or after April 9, 2024 added new behaviors that start the process of addressing a security risk in the Kerberos PAC Validation Protocol. Presently, it is still possible to override the enforcement settings and revert to Compatibility mode.

    However, beginning with Windows updates to be released in April 2025, there will be no support for Compatibility mode, and the new secure behavior will be enabled during the Enforcement phase.

    Be ready to fully enable Enforcement mode later this year:
    1. Ensure that all Windows domain controllers and Windows clients are updated with a Windows security update released on or after April 9, 2024.
    2. Review Audit events that are visible in Compatibility mode. This will help identify which devices have not been updated with a Windows security update released on or after April 9, 2024.
    3. Install the April 2025 Windows update on all Windows domain controllers and Windows clients, once it becomes available later this year. Enforcement mode will be fully enabled in your environment. This will properly mitigate the vulnerabilities described in CVE-2024-26248 and CVE-2024-29056.

    2025-03-10
    10:00 PT
    Prepare for removal of DES in Kerberos for Windows Server and client
    IT admins: Prepare for removal of Data Encryption Standard (DES) in Kerberos for Windows Server 2025 and Windows 11, version 24H2. While it’s an optional component that isn’t installed by default, it’s important to detect and disable your DES use to avoid potential disruption before taking the September 2025 security update. Consider adopting the Advanced Encryption Standard (AES) algorithm as a stronger encryption method. Learn more and follow recommended guidance in Removal of DES in Kerberos for Windows Server and client.
    2025-02-28
    14:00 PT
    Get started with February 2025 improvements in Windows 11
    If you’re an IT professional or decision maker, start using the newest Windows 11 capabilities with helpful tips and actionable steps summarized in one place. Discover AI capabilities in Microsoft Purview to help secure and govern data, Copilot insights for Microsoft Intune Endpoint Privilege Management (EPM), and other improvements. Dive into update and device management, the latest in productivity and security features, and additional Windows 11 innovations. Build your agenda for Windows and Intune sessions at Microsoft Technical Takeoff (aka.ms/TechnicalTakeoff), the free virtual skilling event March 3–6.
    2025-02-27
    10:00 PT
    The February 2025 Windows non-security preview update is now available for Windows 11, version 24H2
    The February 2025 non-security preview update is now available for Windows 11, version 24H2. For instructions on how to install this update on your home device, check the Update Windows article. Information about the contents of this update is available from the release notes, which are accessible from the Windows 11 update history page. To learn more about the different types of monthly quality updates, see Windows monthly updates explained. To be informed about the latest updates and releases, follow us on X @WindowsUpdate.

    Highlights for the Windows 11, version 24H2 update: 
    • You can now share files directly from a jump list on the taskbar. Jump lists appear when you right-click an app that has a jump list.
    • This update makes Windows Spotlight easier to find. You’ll notice changes to the icon color and background.
    • This update makes it easier to learn more about the image on your lock screen when you click the "Like" button.
    • You can now snooze or turn off the "Start backup" reminder in the File Explorer address bar.
    2025-02-25
    14:00 PT
    The February 2025 Windows non-security preview update is now available for some supported versions of Windows
    The February 2025 non-security preview update is now available for Windows 11, versions 23H2, and 22H2, as well as Windows 10, version 22H2. The non-security preview update for Windows 11, version 24H2 will be available soon. For instructions on how to install this update on your home device, check the Update Windows article. Information about the contents of this update is available from the release notes, which are accessible from the Windows 11 and Windows 10 update history pages. To learn more about the different types of monthly quality updates, see Windows monthly updates explained. To be informed about the latest updates and releases, follow us on X @WindowsUpdate.

    Highlights for the Windows 11, versions 23H2 and 22H2 update: 
    • You can now share files directly from a jump list on the taskbar. Jump lists appear when you right-click an app that has a jump list.
    • This update makes Windows Spotlight easier to find. You’ll notice changes to the icon color and background.
    • This update makes it easier to learn more about the image on your lock screen when you click the "Like" icon.
    • You can now snooze or turn off the "Start backup" reminder in the File Explorer address bar.
    2025-02-25
    10:00 PT
    60-day reminder: Deprecation of WSUS driver synchronization
    Updated April 7, 2025: IMPORTANT. A new decision overrides the below announcement and makes it no longer accurate. The removal of WSUS driver synchronization is postponed. Please read Continuing WSUS support for driver synchronization.

    If you’re using driver synchronization updates via Windows Server Update Services (WSUS), prepare for change. This service is scheduled for deprecation on April 18, 2025. For on-premises contexts, drivers will be available on the Microsoft Update catalog, but you won’t be able to import them into WSUS. You’ll need to use any of the available alternative solutions, such as Device Driver Packages, or transition to cloud-based driver services for your organization, such as Microsoft Intune and Windows Autopatch. Read the original announcement, including links to alternatives, at Deprecation of WSUS driver synchronization.
    2025-02-18
    10:00 PT
    Windows Office Hours: February 20, 2025
    If you are an IT admin with questions about managing and updating Windows, we want to help. Every third Thursday of the month, we host a live chat-based event on the Tech Community called Windows Office Hours. Members of the Windows, Intune, Windows Autopilot, Windows Autopatch, and Windows 365 engineering teams will be standing by to answer your questions. We also have experts from FastTrack, the Customer Acceleration Team, and Microsoft public sector teams. 

    Want to attend the February 20 session of Office Hours? Add it to your calendar and select Attend on the event page to let us know you’re coming. There is no video or live meeting component. Simply visit the event page, log in to the Tech Community, and leave your questions in the Comments section. You can also bookmark https://aka.ms/Windows/OfficeHours for upcoming dates (and the ability to add this event to your calendar). We look forward to helping you.
    2025-02-13
    10:00 PT
    The February 2025 Windows security update is now available
    The February 2025 security update is now available for all supported versions of Windows. We recommend that you install these updates promptly. For more information about the contents of this update, see the release notes, which are easily accessible from the Windows 11 and Windows 10 update history pages. For instructions on how to install this update on your home device, check the Update Windows article. To learn more about the different types of monthly quality updates, see Windows monthly updates explained. To be informed about the latest updates and releases, follow us on X @WindowsUpdate.
      
    Highlights for the Windows 11, version 24H2 update: 
    • This security update includes improvements that were a part of update KB5050094 (released January 28, 2025).
    • This update makes quality improvements to the servicing stack, which is the component that installs Windows updates.
    • This update makes miscellaneous security improvements to internal OS functionality. 
    Short on time? Watch our Windows 11 release notes video for this month's tips.
    2025-02-11
    10:00 PT
    60-day notice: Manage PAC Validation related to CVE-2024-26248 & CVE-2024-29056
    Last year, Windows updates released on or after April 9, 2024 added new behaviors that start the process of addressing a security risk in the Kerberos PAC Validation Protocol. Presently, it is still possible to override the enforcement settings and revert to Compatibility mode.

    However, beginning with Windows updates to be released in April 2025, there will be no support for Compatibility mode, and the new secure behavior will be enabled during the Enforcement phase.

    Be ready to fully enable Enforcement mode later this year:
    1. Ensure that all Windows domain controllers and Windows clients are updated with a Windows security update released on or after April 9, 2024.
    2. Review Audit events that are visible in Compatibility mode. This will help identify which devices have not been updated with a Windows security update released on or after April 9, 2024.
    3. Install the April 2025 Windows update on all Windows domain controllers and Windows clients, once it becomes available later this year. Enforcement mode will be fully enabled in your environment. This will properly mitigate the vulnerabilities described in CVE-2024-26248 and CVE-2024-29056 will be mitigated.

    2025-02-11
    10:00 PT
    Full Enforcement mode for certificate-based authentication on Windows DCs effective February 2025
    If you are a domain administrator for your organization, learn about the latest changes to certificate-based authentication. The last phase of the changes to certificate-based authentication on domain controllers (DC) is here. As stated in reminders, Full Enforcement mode phase starts in February 2025. This mode change occurs when you install the Windows updates dated February 2025 or later.

    February 2025 or later - Full Enforcement mode:
    • If you do not set up the StrongCertificateBindingEnforcement registry key, Full Enforcement mode turns on.
    • If a certificate fails the strong (secure) mapping criteria, Windows will deny authentication. However, the option to move back to Compatibility mode will remain until September 2025.
    These changes started in May 2022 to enhance security and followed a planned timeline of Enablement Phases. On September 10, 2024, changes to the Full Enforcement mode key dates were made to reflect new dates.

    2025-02-10
    11:00 PT
    Coming soon: Quality updates during the out-of-box experience
    If you’re an IT admin, soon, you’ll get an improved out-of-box experience (OOBE) of new Windows 11 devices. By mid-2025, a new policy will allow you to choose whether new Windows 11 devices on version 22H2 and higher get the latest applicable quality update during the OOBE. You’ll be able to configure the setting via Windows Autopilot and Windows Autopilot device preparation as a mobile device management (MDM) policy and a Group Policy. Learn more at Coming soon: Quality updates during the out-of-box experience.
    2025-02-06
    10:00 PT
    Get started with January 2025 improvements in Windows 11
    If you’re an IT professional or decision maker, start using the newest Windows 11 capabilities with helpful tips and actionable steps summarized in one place. This month, we begin the year of the Windows 11 PC refresh as Windows 11, version 24H2 becomes broadly available. Dive deeper into cloud solutions for frontline workers, improved Microsoft 365 Copilot experiences, the latest security and productivity features, and other innovations across Windows 11 and Copilot+ PCs. 
    2025-01-31
    14:00 PT
    Deprecation: What it means in the Windows lifecycle
    Gain clarity on the meaning of deprecation in the Windows lifecycle. A deprecation announcement is an advance notice or a "save the date" courtesy to signal that the product will be retired or removed in the future. In the meantime, deprecated products are still supported. Benefits of deprecation periods include strengthening your organizational compliance goals and supporting your transition. Get our recommendations for proactive lifecycle management in Deprecation: What it means in the Windows lifecycle
    2025-01-31
    14:00 PT
    The January 2025 Windows non-security preview update is now available for Windows 11, versions 23H2 and 22H2
    The January 2025 non-security preview update is now available for Windows 11, versions 23H2 and 22H2. For instructions on how to install this update on your home device, check the Update Windows article. Information about the contents of this update is available from the release notes, which are accessible from the Windows 11 update history page. To learn more about the different types of monthly quality updates, see Windows monthly updates explained. To be informed about the latest updates and releases, follow us on X @WindowsUpdate.

    Highlights for the Windows 11, versions 23H2 and 22H2 update: 
    • This update improves the previews that show when your cursor hovers over apps on the taskbar. The update also improves their animations.
    • An icon will appear in the system tray when you use an app that supports Windows Studio Effects. This only occurs on a device that has a neural processing unit (NPU).
    • In File Explorer, when you right-click items in the left pane, the “New Folder” command appears on the context menu.
    • You can now share directly to apps that support sharing in Windows. Just right-click local files in File Explorer or on the desktop.
    • This update adds a new keyboard shortcut in the Magnifier app: CTRL+ALT+Minus sign. Use it to quickly switch between the current zoom and 1X zoom.
    2025-01-29
    14:00 PT
    The January 2025 Windows non-security preview update is now available for some supported versions of Windows
    The January 2025 non-security preview update is now available for Windows 11, version 24H2 and Windows 10, version 22H2. The non-security preview update for Windows 11, versions 23H2 and 22H2 will be available soon. For instructions on how to install this update on your home device, check the Update Windows article. Information about the contents of this update is available from the release notes, which are accessible from the Windows 11 and Windows 10 update history pages. To learn more about the different types of monthly quality updates, see Windows monthly updates explained. To be informed about the latest updates and releases, follow us on X @WindowsUpdate.

    Highlights for the Windows 11, version 24H2 update: 
    • This update addresses an issue with High dynamic range (HDR) that causes some games to appear oversaturated. This occurs when you use Auto HDR.
    • This update improves the previews that show when your cursor hovers over apps on the taskbar. The update also improves their animations.
    • An icon will appear in the system tray when you use an app that supports Windows Studio Effects. This only occurs on a device that has a neural processing unit (NPU).
    • In File Explorer, when you right-click items in the left pane, the “New Folder” command appears on the context menu.
    • You can change time zones in Settings > Time & Language > Date & Time.
    2025-01-28
    14:00 PT
    A new Outlook experience for Windows 10 devices
    As part of the optional January 2025 non-security preview update and February 2025 security update, the new Outlook for Windows will be automatically installed on Windows 10 devices once you install these updates on your device. This will help simplify the transition to Windows 11 as Windows 10 will reach end of support on October 14, 2025. The new Outlook for Windows will appear in the Apps section on the Start menu, alongside classic Outlook, without changing any settings or defaults. If you are an IT administrator, learn about the options to manage this migration at Control the installation and use of new Outlook
    2025-01-28
    14:00 PT
    90-day reminder: Deprecation of WSUS driver synchronization
    Updated April 7, 2025: IMPORTANT. A new decision overrides the below announcement and makes it no longer accurate. The removal of WSUS driver synchronization is postponed. Please read Continuing WSUS support for driver synchronization.

    If you’re using driver synchronization updates via Windows Server Update Services (WSUS), prepare for change. This service is scheduled for deprecation on April 18, 2025. For on-premises contexts, drivers will be available on the Microsoft Update catalog, but you won’t be able to import them into WSUS. You’ll need to use any of the available alternative solutions, such as Device Driver Packages, or transition to cloud-based driver services for your organization, such as Microsoft Intune and Windows Autopatch. Read the original announcement, including links to alternatives, at Deprecation of WSUS driver synchronization.
    2025-01-24
    10:00 PT
    The January 2025 Windows security update is now available
    The January 2025 security update is now available for all supported versions of Windows. We recommend that you install these updates promptly. For more information about the contents of this update, see the release notes, which are easily accessible from the Windows 11 and Windows 10 update history pages. For instructions on how to install this update on your home device, check the Update Windows article. To learn more about the different types of monthly quality updates, see Windows monthly updates explained. To be informed about the latest updates and releases, follow us on X @WindowsUpdate.
      
    Highlights for the Windows 11, version 24H2 update: 
    • This security update includes improvements that were a part of update KB5048667 (released December 10, 2024).
    • This update makes quality improvements to the servicing stack, which is the component that installs Windows updates.
    • This update includes additions to the vulnerable driver blocklist, improving protection against vulnerable driver attacks.
    Short on time? Watch our Windows 11 release notes video for this month's tips.
    2025-01-14
    10:00 PT
    Windows Office Hours: January 16, 2025
    If you are an IT admin with questions about managing and updating Windows, we want to help. Every third Thursday of the month, we host a live chat-based event on the Tech Community called Windows Office Hours. Members of the Windows, Intune, Windows Autopilot, Windows Autopatch, and Windows 365 engineering teams will be standing by to answer your questions. We also have experts from FastTrack, the Customer Acceleration Team, and Microsoft public sector teams. 

    Want to attend the January 16 session of Office Hours? Add it to your calendar and select Attend on the event page to let us know you’re coming. There is no video or live meeting component. Simply visit the event page, log in to the Tech Community, and leave your questions in the Comments section. You can also bookmark https://aka.ms/Windows/OfficeHours for upcoming dates (and the ability to add this event to your calendar). We look forward to helping you.
    2025-01-09
    10:00 PT