- Pulseway 9.2: Remote monitoring with workflow automation - Thu, May 18 2023
- ENow Active Directory Monitoring & Reporting - Tue, May 16 2023
- Auditing and restricting NTLM authentication using Group Policy - Thu, May 11 2023
Microsoft is developing Windows 11 in three parallel channels: Dev, Beta, and Release Preview. The last two are directly tied to the upcoming release. In the case of 22 H2, the betas and release previews appeared under build numbers along the lines of 10.0.22[4-6]xx.xxxx. In addition, the manufacturer continues to release updates for the current 21H2 using the build numbers 10.0.22000.xxx. These releases occasionally include new features, which are also usually included in 22H2.
The releases in the Dev channel last appeared under build number 25xxx and brought some interesting innovations. However, Microsoft explicitly points out that the dev features will be part of a later OS version, or possibly never be released at all.
Microsoft leaves the decision about the innovations coming to GA release open until the last minute. Nevertheless, companies should test commercial prerelease versions for productive use. As an incentive, the manufacturer offers free support.
Windows 11 22H2 will thus first receive the new functions from the preview releases. However, it can be assumed that some features from the Dev channel will find their way into the OS later via regular updates. This most likely applies to LAPS integration or DNS over TLS.
The following overview, therefore, also includes relevant innovations from the Dev channel. These can be identified by the build number, 25xxx.
Setup and updates
There are several new features and behaviors to note with Windows 11 22H2 during the setup process and updates:
- Windows 11 Pro edition now requires Internet connectivity. There is no option to create a local account for continuing the setup process.
- New mobile device linking capabilities: In the out-of-box experience (OOBE) phase, you will now see a new page allowing you to link your Android phone to Windows 11.
- You can now suppress update notifications in Windows 11 22H2 with "Display options for update notifications" under Computer configuration > Administrative Templates > Windows Components > Windows Update > Manage end user experience.
- Build 22000.829 (KB5015882) for Windows 11 21H2 introduced the option to update to a newer Windows 11 version during the out-of-box experience (OOBE) when you first sign in. If you choose to update to a newer version, the update process will begin shortly after the update is installed on the device.
Note the following new security features and capabilities that will likely find their way into Windows 11 22H2:
Smart App Control (SAC) to block dangerous apps (Build 10.0.22567.1)—This requires a fresh installation of Windows to activate the feature. This will guarantee that the Windows installation is in a pristine state without any chance of malicious software hidden in the system. Windows 11 first performs an evaluation installation to determine whether Smart App Control will work with all installed software and other business-critical applications.
DNS over TLS—Build 25158 shipped DNS of TLS (DoT) as an alternative to encrypted DNS protocol to DNS over HTTPs (DoH). Since it does not require an HTTPS tunnel like DoH, it may result in a small performance improvement depending on the environment.
Transport Layer Security (TLS) 1.3—With Build 22621.169, Microsoft has added support for Transport Layer Security (TLS) 1.3 in the Windows client and server Lightweight Directory Access Protocol (LDAP) implementations.
LAPS—Preview Build 25145 integrated Local Administrator Password Solution (LAPS) into the operating system.
Secured-core Configuration Lock—Secured-core Configuration Lock prevents (unintentional) configuration drift. It helps to ensure that PCs stay in a properly configured Secured-core state.
Pluton—Microsoft announced a zero-trust technology built on top of TPM 2.0. Pluton is a special-purpose security processor that allows protection against firmware attacks as well as physical attacks with direct integration with the CPU. It is unclear whether 22H2 will support this technology.
Hypervisor-Protected Code Integrity—HVCI will be enabled by default on a broader set of devices running Windows 11.
22538—HTTPS boot for Hyper-V Generation 2 VMs. The feature is enabled by default.
22621.169—The Remove-Item cmdlet allows you to properly interact with Microsoft OneDrive folders.
22621.290—OneDrive storage supports alert and subscription management in the settings app.
22622.436—Windows Terminal became the default terminal in Windows 11.
22622.450—Files are compressed regardless of their size if you have configured Server Message Block (SMB) Compression.
22000.917—IT admins can remotely add languages and language-related features using PowerShell.
22579.1—Group Policy exits for excluding USB removable drives from BitLocker encryption.
File Explorer has been updated with a Home screen, tabs, and a redesigned navigation pane with stronger OneDrive integration. This promises easier workflows and views to find files, including those located in OneDrive (Build 22621.160).
Updated Print Queue and Print dialogs with automatic printer detection to ease printer installation, troubleshooting, and print queue management.
Improved power management tweaks to reduce energy composition can potentially help mobile laptop users.
Additional UI enhancements and features:
- New Start menu folders allow grouping apps
- Possibility to change the number of pins in the Start menu with new options
- Ability to drag and drop files in the taskbar
- New Snap layouts interface supports drag and dropping
- Task manager UI has a new redesigned interface
- New live captions feature for spoken content
- New voice control features
- New touch gestures for tablets
- Visual changes and legacy interface
- Options to control Bluetooth devices in updated Quick Settings features
With each new version of the Windows client operating system, Microsoft offers additional Group Policy settings to help manage the new features, settings, and enhancements. Undoubtedly, we will see new policies allowing admins to control the new Smart App Control feature and the other UI changes.
The Windows 11 22H2 release doesn't include spectacular new features. The subsystem for Android could have played this role, but it's still unclear when it will ship. Nevertheless, the new Windows 11 release offers many improvements. The most obvious concern the UI and usability. This comes as no surprise, since Windows 11 introduced many changes compared to its predecessor. The redesigned desktop in 21H2 had some rough edges and inconsistencies, which Microsoft is trying to iron out over time.
Subscribe to 4sysops newsletter!
Businesses will especially welcome the new security features in Windows 11 22H2. Smart App Control looks promising and might help defend PCs against ransomware. However, it does require a fresh install of the operating system.
Want to write for 4sysops? We are looking for new authors.
They just keep making it worse, don’t they. Not really an enterprise software anymore.