As a seasoned tech enthusiast with a penchant for staying ahead of the curve, I must say that Microsoft’s upcoming Windows 11 update is truly something to behold! The new features they’re rolling out are not just innovative, but also incredibly user-friendly.
Starting October 1, 2024, Microsoft initiated a staged release of the Windows 11 2024 Update (version 24H2) for both individual users and businesses alike. Unlike typical updates, which primarily emphasize new features and enhancements for consumers, this rollout also incorporates changes designed to boost the performance and functionality of the operating system within business environments and large organizations.
To start, users who have compatible devices running either Windows 11 Home or Pro can now access the latest feature update. Additionally, this upgrade will be offered to users via several channels, including Windows Server Update Services, Configuration Manager, Windows Update for Business, and the Microsoft 365 admin center.
As a tech enthusiast, I’m excited to share that the new Windows 11 Enterprise and Education editions I’m planning to get will enjoy extended support for 36 months. In contrast, the Pro and Home editions will only have 24 months of support.
Additionally, starting from October 1, 2024, Microsoft has released both the Windows 11 Enterprise LTSC 2024 (Long-Term Servicing Channel) and the Windows 11 IoT Enterprise LTSC 2024. The former will receive support for a period of five years, while the latter will be maintained for an extended duration of ten years.
In this article, I’ll detail the standout modifications that Microsoft plans to introduce with the Windows 11 2024 Update specifically tailored for businesses.
Windows 11 version 24H2 changes for admins
Beyond just consumer-focused enhancements, Microsoft is also incorporating certain upgrades tailored expressly for network managers.
File Explorer
In this latest update, Microsoft is highlighting a new feature that allows users to generate archive formats within the revamped File Explorer.
The wizard offers functionality for generating 7zip, Tar, and Zip compressed files. Unfortunately, it does not provide a feature to create .rar archives or handle file encryption at this time.
You can access the “Create Archive” wizard by right-clicking the file, selecting items, and then clicking “Additional options.”
Choosing any of these options enables you to generate a ZIP, 7Z, or TAR archive. If you select the 7-zip option, it offers various compression techniques within.
- LZMA2.
- Store.
- Deflate.
- BZip2.
- LZMA1.
- LZMA2.
- PPMd.
Tar (GNU, POSIX pax interchange, Restricted POSIX interchange, and POSIX ustar) supports various compression methods such as:
- BZip2.
- Gzip.
- xz.
- Zstandard.
Finally, for Zip, the compression methods include:
- Store.
- Deflate.
Furthermore, during the extraction phase, if a file already exists with the same name in the destination, File Explorer will present an alert dialog box, allowing you to either ignore (skip) or overwrite (replace) the conflicting files altogether.
To clarify, it’s worth mentioning that the capability to work with archival formats was initially present in version 23H2, allowing extraction but not creation. Nevertheless, more recent updates have now equipped version 23H2 with the power to generate archival formats as well.
Context menu labels
Another minor but important improvement is the addition of labels for “Cut,” “Copy,” “Rename,” “Share,” and “Delete.”
The company is highlighting these modifications, however, the File Explorer also boasts several additional enhancements.
Networking
This upcoming update for Windows 11 in 2024 offers numerous beneficial enhancements in network functionality. Among these advancements are modifications to the Local Administrator Password Solution (LAPS) and Server Message Block (SMB). Furthermore, this edition of the OS is compatible with the latest Wi-Fi technology, Wi-Fi 7.
Local Administrator Password Solution
In the latest operating system update, LAPS – a handy feature – enables administrators to effortlessly handle the passwords of user accounts on computers connected to a domain. This upgrade allows for automatic creation of managed local accounts, customization of account names, deactivation or activation of these accounts, and even randomizing the selected account names for additional security measures.
The “PasswordComplexity” policy can now generate passwords that are easier to understand. The new change will ignore certain characters to make the password more readable. In addition, the LAPS tab in the “Users and Computers” snap-in now uses a different font to simplify passwords.
As a passionate user, I appreciate that the Local Administrator Password Solution enables me to create clearer, less complex passphrases. It’s a relief to know that I can select three-word options and adjust the passphrase length according to my preference, making it easier for me to remember and type them accurately.
Additionally, the Local Administrator Password Solution (LAPS) now identifies if a device reverts to an earlier version, thereby maintaining consistency in passwords between the computer and the Active Directory server. Yet, it’s essential for network administrators to employ the “Update-LapsADSchema” PowerShell command to utilize this functionality.
Server Message Block (SMB)
SMB, or Server Message Block, is a method for easily exchanging files, printers, and other resources like serial ports between different devices on a computer network in a straightforward manner.
In the Windows 11 2024 Update, Microsoft will implement modifications regarding SMB (Server Message Block) signing, encryption, optional client and server ports, an exception list for NTLM blocking, management of dialects, SMB over QUIC, and alterations to firewall rules.
SMB signing and encryption
By standard, SMB signing enforces security for all connections in Windows 11 Home, Pro, Education, and Enterprise versions. This measure is designed to safeguard against potential data manipulation by intruders or device misrepresentation.
Furthermore, it is now mandatory for administrators to enforce encryption on all outgoing transmissions, enhancing the security of data being sent significantly.
In summary, it’s now straightforward for network administrators to activate auditing features either via Group Policy or PowerShell, allowing them to keep tabs on the SMB security compliance.
SMB client and server new ports
You can now establish a connection to an SMB server via TCP, QUIC, or RDMA on alternate network ports other than the standard ones. In contrast to the traditional port 443, the SMB over QUIC in the server’s operating system version allows for endpoints with different port numbers.
SMB NTLM blocking
Microsoft is giving users an option to prevent NTLM (an older, less secure authentication method) from being used in outgoing remote connections, without completely turning off NTLM altogether.
SMB dialect management
You can control which SMB versions (dialects) are allowed to connect, potentially blocking older and less secure devices.
SMB over QUIC
The development team is additionally enhancing control regarding client access, limiting certain features, and implementing monitoring for Small Business Management (SMB) connections via the QUIC protocol – an innovative replacement for conventional Transmission Control Protocol (TCP).
SMB firewall rule
I’ve noticed a shift in the standard firewall settings for SMB shares. Now, it operates with a stricter rule set, automatically securing unneeded ports and bolstering overall protection. Yet, Microsoft ensures flexibility by still allowing users to tailor these rules according to their specific requirements.
Wi-Fi 7 support
I’ve noticed that the operating system now accommodates Wi-Fi 7 (IEEE 802.11be Extremely High Throughput or EHT), which is an evolution from Wi-Fi 6 and 6E standards. It boasts speeds surpassing 40Gbps, a significant leap over the previous versions’ speed offerings, and it promises reduced latency, enhanced efficiency, reliability, and power management.
Of course, your device will still require a Wi-Fi 7 adapter and supported hardware (such as a compatible access point) in the network to use this technology.
You can learn more about additional networking changes rolling out with this feature update.
Taskbar
In the update for Windows 11 version 24H2, enhancements particular to the Taskbar have been added. Notably, the Quick Settings interface undergoes aesthetic adjustments, transitioning away from an editable layout towards a scrollable page displaying all accessible options instead.
Now in the user interface, you have the option to enable or disable Live Captions, while on the wireless settings page, there’s a fresh addition – a manual refresh button to scan for nearby networks at your convenience. Earlier, you had to wait for the system to automatically refresh the network list, which could sometimes be time-consuming.
Printer
As your analyst, I’m excited to share that our latest update features enhancements to printing functionality, with the standout addition being the integration of “Windows Protected Print” (WPP) mode. This innovative development represents a new universal print stack, enabling users to configure printers effortlessly without requiring third-party drivers or software installations.
Due to a rise in malicious attacks targeting the Windows printing system, such as Stuxnet and Print Nightmare, this new feature is designed to enhance security by adopting the Internet Printing Protocol (IPP) for printing. By doing so, it eliminates the reliance on third-party drivers, which are more susceptible to exploits, particularly older versions.
In simpler terms, the Protected Print mode for Windows limits the capabilities available to the print queue (spooler), imposes tighter rules on the code that gets executed during printing, and enables the conversion of documents to XPS format using the user’s account rather than the system’s.
As a devoted user, I’d like to highlight an essential point: This nifty feature is compatible exclusively with Mopria printers. During setup, be prepared for the system to uninstall any existing printer drivers you might have had beforehand.
Energy Saver
On Windows 11, the software giant is changing the Battery Saver mode with the Energy Saver mode.
The new energy-saving feature is based on the existing Battery Saver and Power mode features to extend battery life and reduce power usage at the cost of performance.
The functionality can be found within the “Power Management” or simply “Power” settings menu, and it’s applicable for both laptops and desktop computers to aid in energy conservation, even when they don’t have batteries.
The Quick Settings flyout also includes an option to toggle the feature on or off quickly from the Taskbar.
The operating system comes equipped with a Content Adaptive Brightness Control (CABC) function. This feature adjusts the display’s brightness and contrast according to the content on the screen. In update 24H2, Microsoft is extending this capability to laptops and hybrid devices when they are connected to a power source; however, it’s at the manufacturer’s discretion to activate this feature.
System
Instead of using various components within the Windows Kernel with traditional operating systems, the new approach is to employ Rust, enhancing security by doing so.
Rust is a programming language that’s known for its robust security features, as it effectively guards against problems such as buffer overflow, null pointer referencing, and dealing with potentially unsafe pointers, which are common vulnerabilities in languages like C and C++.
Moreover, the latest edition offers compatibility with the SHA-3 standard, encompassing derivative functions such as SHAKE, cSHAKE, and KMAC.
The SHA-3, also known as the Secure Hash Algorithm 3, is a modern cryptographic hash function that has been developed to take over from SHA-2. It’s the most recent addition to the Secure Hash Algorithm family of standards, which was published by the National Institute of Standards and Technology (NIST).
These functions are now turned on through the Windows CNG library:
- Supported SHA-3 hash functions: SHA3-256, SHA3-384, SHA3-512 (SHA3-224 is not supported)
- Supported SHA-3 HMAC algorithms: HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512
- Supported SHA-3 derived algorithms: extendable-output functions (XOF) (SHAKE128, SHAKE256), customizable XOFs (cSHAKE128, cSHAKE256), and KMAC (KMAC128, KMAC256, KMACXOF128, KMACXOF256).
Sudo command
Microsoft is unveiling a Linux-style implementation of the Sudo (superuser execute) command, which can function across all Windows Terminal interfaces such as Command Prompt, PowerShell, and Windows Subsystem for Linux (WSL).
So far, to execute elevated commands without encountering the “Access is denied” error in Windows Terminal, you needed to operate it as an administrator. However, using the ‘Sudo’ command simplifies this process. With ‘Sudo’, you can easily run any command with administrative privileges within a standard user session.
It’s worth mentioning that while this resembles the Sudo command found in UNIX-like operating systems, it’s not exactly the same. The version designed for Windows 11 possesses fewer capabilities. Microsoft opted to use the same name to reduce the learning curve for users, despite having the option to choose another name.
The feature has to be enabled manually through the “For developers” settings page.
Location improvements
Microsoft recently added privacy settings aimed at restricting certain applications from viewing the list of nearby Wi-Fi networks, with the intention of enhancing your location privacy.
This fact is important as apps can estimate the device’s position using Wi-Fi networks, thereby implying that they might be able to determine your location without explicitly asking for your consent.
From the “Location” settings menu, you’ll find options to control which apps are allowed to view your list of wireless networks. Additionally, the system is now set up to notify you promptly if an unanticipated demand for location services arises. You can choose to allow or deny such requests as needed.
Granting access enables the app to log into the “Latest Actions” area. Additionally, you can disable the “Be notified when apps seek your location” setting to suppress prompts once the location feature has been deactivated.
Accessibility
In this new operating system release, Microsoft is additionally providing compatibility for hearing aid devices using Bluetooth Low Energy Audio (LE Audio) technology.
Once you remove devices from the “Settings for Hearing Aids”, you can stream audio and make calls. Furthermore, you have the ability to manage presets, adjust ambient noise levels, and apply enhancements.
Additionally, the settings page allows you to keep track of both the battery level and connectivity status for your hearing aids.
Windows Update
In simpler terms, the Windows 11 2024 Update includes a novel method for updates called “Checkpoint Cumulative Updates.” This system is intended to simplify and speed up the updating process by making it easier and quicker to download and install updates.
Instead of getting the complete update with all patches from the initial launch, devices will now only download the modifications that have been made since the most recent checkpoint update. This not only decreases the file size for downloading but also reduces bandwidth usage and shortens the installation time.
To ensure the smooth functioning of this process, Microsoft plans to roll out periodic “milestones,” or updates, multiple times per year. Subsequent updates will primarily consist of the recent modifications made since the preceding milestone.
In versions 24H2 and above, Checkpoint Cumulative Updates operate automatically. For older versions of the operating system, updates will still be carried out through the conventional method.
Administrative templates
For the current Windows 11 edition, Microsoft has introduced an option that allows administrators to independently obtain the Administrative Templates (.admx) files. These are distinct from the ones already located within the “PolicyDefinitions” folder.
Remote Desktop Connection
In the updated version of the Remote Desktop Connection application (previously mstsc.exe), there are a few minor enhancements. For instance, it now adheres to the screen scaling settings from your System Settings, and offers multiple zoom choices such as 350%, 400%, 450%, and 500%.
Registry
The Registry hasn’t seen many updates, but now, the Registry Editor allows you to restrict your search query to the current selected key and its sub-keys.
Out-of-box Experience (OOBE)
Beyond enhancing the setup process for Windows, post-installation in the initial user experience, notably on the networking settings screen, there will be additional “Install driver” options provided to automatically install necessary network drivers as required.
Security
In the upgrade to version 24H2, the company is emphasizing several key security enhancements such as:
Personal Data Encryption
The fresh addition, Personal Data Encryption (PDE), operates in conjunction with Windows Hello authentication. This innovative feature generates a distinct key for your Desktop, Documents, and Pictures folder contents to ensure their safety. As you utilize this feature, look out for a new padlock symbol on each file, which can only be accessed during an active session.
In other words, if someone else signs in using an admin account with a distinct profile, they might have access to view the files, but they won’t be granted permission to open them.
As a tech enthusiast, I’m excited to share that the enhanced security feature I’ve come to appreciate is accessible for Enterprise and Educational sectors via Windows Hello for Business Authentication. Unlike other encryption methods, it operates independently, providing an additional shield without relying on BitLocker or similar systems. This feature is designed to bolster security and instill a sense of reassurance.
Activate this function in the Microsoft Intune Admin Center using a policy, and keep in mind that the encryption process might take as long as a week to complete.
Windows Hello with passkeys
From now on, the latest version of the operating system will broaden the functionalities of Windows Hello to support passkeys. This improvement aims to enhance security, make it harder for phishing attacks, and provide multi-factor authentication when users sign into applications or websites.
Essentially, when you register for an online service using Microsoft Entra ID and a passkey, or configure your computer in this way, Windows 11 generates a set of keys. One of these keys gets saved on your device itself, while the other is kept safe within the online service.
Further enhancements in version 24H2 focus on boosting the security of your Windows Hello login details. These credentials now receive stronger safeguards through Virtualization Based Security, which keeps them separate from the active operating system. This functionality is compatible with devices sporting biometric features or not.
Default Proactive Protection
In the latest update for Windows 11, an additional protective measure called Default Proactive Protection has been implemented, bolstering the system’s defenses against unauthorized access through malicious software that steals login credentials.
Local Security Authority protection
Microsoft has started automatically activating the Local Security Authority (LSA) protection as a standard setting via the Windows Security application. This measure aims to restrict unverified code, including unsigned drivers and extensions, from gaining access to LSA memory where sensitive data such as user credentials are typically stored.
This protective layer ensures that unauthorized users can’t seize the sign-in app token and utilize it to log into your account on another device, a type of security breach called a token mimicry or duplication attack.
AI features
While it’s true that AI-driven features will eventually be accessible for compatible Copilot+ PCs in the future, Microsoft is equally emphasizing these advancements as beneficial tools for network administrators. Among the highlighted features are Live Captions, Windows Studio Effects, Cocreator on Paint, Auto Super Resolution for ARM devices, Restyle Image and Image Creator for Photos, and many more.
Live Captions with AI
On Copilot+ devices, the existing Live Captions feature in Windows 11 is enhanced with AI capabilities. Instead of only providing captions in text form for audio and video content, it now translates and displays subtitles in English from a wide range of 44 languages, not just text but also as spoken words.
The company states that the translation process, which includes both scanning and generation, occurs directly on your device. However, some data might be transmitted to Microsoft for various purposes.
Windows Studio Effects
For a while now, Windows Studio Effects have been integrated into the operating system. However, in the Windows 11 version 24H2, Microsoft is enhancing these features using AI technology and making them available on Copilot+ compatible devices.
Among its features, you’ll have the ability to utilize automatic framing, background blur, portrait lighting, voice enhancement, artistic filters, and eye contact options (both standard and teleprompter) when making video or audio calls.
- Automatic framing: Keeps you centered in the frame.
- Portrait light: Brightens your face during video calls.
- Eye contact: Adjust your gaze to simulate eye contact. For example, the Standard option offers subtle correction, while the “Teleprompter” option offers advanced AI for more natural eye contact.
- Background blur: the “Standard Blur” blurs the background, while the “Portrait Blur” offers a more pronounced blur.
- Creative Filters: The “Illustrated” option transforms your video into an illustration, while the “Animated” option gives your video a lively, animated effect. You also have the “Watercolor” option to apply a watercolor effect.
Voice Clarity
As an analyst, I’m excited to share that Microsoft is broadening the availability of Voice Clarity for more users. This innovative technology is tailored to tackle issues such as echo cancellation, reducing real-time reverberation, and background noise suppression, enhancing overall audio quality significantly.
Auto Super Resolution
Auto Super Resolution, or Auto SR, is a handy feature that leverages artificial intelligence technology to enhance the resolution of games, resulting in smoother gameplay and better visual quality.
This tool operates in a manner reminiscent to NVIDIA’s Deep Learning Super Sampling (DLSS) Super Resolution, AMD’s FidelityFX Super Resolution, and Intel’s XeSS. However, unlike these counterparts, Auto SR increases the resolution of games automatically without the need for developers to modify their code directly.
This function operates differently, opting for Neural Processing Units (NPU) instead of Graphics Processing Units (GPU), to handle the process of upscaling.
For Copilot+ computers, activating the feature can be done via the “Graphics” settings menu. Once activated, if a compatible game is running, the system will alert you that an Automatic Super Resolution (Auto SR) option is accessible.
Restyle Image and Image Creator for Photos
Microsoft is developing a fresh “Reimagine Image” tool powered by artificial intelligence residing in your PC, enabling you to transform any photo with diverse photographic methods, much like the filters you’re accustomed to applying on mobile devices.
Also, you can use a text prompt to change the background and other parts of the image.
The firm is planning to introduce the “Text-to-Image Generator,” originally found in the Paint application, into the Photos app. This new feature uses artificial intelligence to turn written prompts into visual images.
Cocreator for Paint
On Paint, “Cocreator” is a new feature that scans your drawing and helps you create your artwork.
With this feature, you can input text prompts and fine-tune the creative level using a slider. The built-in system employs a sophisticated diffusion algorithm to generate top-notch images with minimal input required.
Other details
The Windows 11 2024 Update doesn’t increase the hardware requirements for existing devices compatible with the operating system. Furthermore, Microsoft notes that administrators can upgrade compatible systems running Windows 10 directly to Windows 11 version 24H2 using the target version capability available from Windows Update for Business, the business deployment service, and feature update deployments in Windows Autopatch.
As per the company’s statement, the majority of applications should work seamlessly with the latest operating system version. However, in case any compatibility issues arise within organizations, they can leverage the App Assure service for assistance.
Based on the information provided by the company, approximately 99.7% of applications are expected to function seamlessly on Windows 11. Additionally, most existing hardware and peripheral devices should operate without complications, provided they have an 8th-generation Intel processor (or its equivalent).
As a researcher delving into the latest updates from Microsoft, I’d like to highlight that this particular guide focuses exclusively on the modifications Microsoft is advocating for network administrators. It’s important to note, however, that the new feature update encompasses a multitude of additional features and enhancements as well.
More resources
Read More
- SQR PREDICTION. SQR cryptocurrency
- DOGS PREDICTION. DOGS cryptocurrency
- KNINE PREDICTION. KNINE cryptocurrency
- LDO PREDICTION. LDO cryptocurrency
- TON PREDICTION. TON cryptocurrency
- CLOUD PREDICTION. CLOUD cryptocurrency
- JASMY PREDICTION. JASMY cryptocurrency
- EVA PREDICTION. EVA cryptocurrency
- METIS PREDICTION. METIS cryptocurrency
- HI PREDICTION. HI cryptocurrency
2024-10-11 14:11