Windows 11 24H1: what IT Admins need to know

Configurare noua (How To)

Situatie

24H1 is the first half-yearly feature update of 2025, building on the previous 23H2 release with enhancements focused on:

  • AI-powered workflows

  • Security hardening

  • User experience refinements

  • Integration with Microsoft 365 and Entra ID (formerly Azure AD)

This update is available to both Home and Pro editions, but enterprise environments using Windows 11 Enterprise and Education should expect additional features via their servicing channels.

1. New Group Policies

Microsoft has introduced and deprecated several GPO settings:

New:

  • EnableCopilotChat – Allows or blocks AI assistant Copilot per user/device

  • ForceWindowsUpdatesAIRecommendations – Enable AI-powered update suggestions

  • HideMicrosoftAccountRequirement – (for Pro) optional control over OOBE flow

 Deprecated:

  • DoNotShowWelcomeExperience is now replaced with a new onboarding flow

  • Older Edge GPOs for legacy InPrivate restrictions

 Tip: Use the latest Administrative Templates (ADMX) to reflect these changes in your GPMC.

2. Changes to Out-of-Box Experience (OOBE)

Microsoft continues its push toward cloud-based accounts and AI onboarding.
The default OOBE flow now requires an internet connection and pushes for Microsoft accounts — even on Windows 11 Pro.

Workaround: Use tools like Rufus to pre-modify the ISO or use unattend XML scripts with local account presets for enterprise imaging.

3. File Explorer & Taskbar Behavior

  • New File Explorer with tab grouping and context-aware previews

  • Taskbar now integrates Copilot by default, unless disabled via GPO

  • Recent bug reports indicate slow navigation on systems with mapped network drives — a known issue being patched in KB5037543

4. New Security Defaults

  • Smart App Control is now enabled by default on clean installs

  • Support for Pluton Security Processor (on new laptops)

  • Improved credential isolation via LSA Protection auto-enabled

Be prepared to adjust hardening policies in organizations using legacy apps or unsigned drivers.

Compatibility Notes

Many legacy tools and monitoring agents might not behave well with new AI APIs and Copilot overlays. Common issues have been reported with:

  • Older endpoint security tools

  • Custom automation scripts that rely on deprecated Shell hooks

  • RDP clients using TLS 1.0 (which is now blocked)

Recommendation: Run a pilot deployment on non-critical endpoints before full rollout.

Deployment & Update Best Practices

  • WSUS/SCCM: 24H1 is available as Feature Update via WSUS

  • Intune: Compatible with Intune version 2403+. Enables AI settings at deployment

  • Media Creation Tool: Use only for non-domain endpoints or manual testing.

Solutie

Tip solutie

Permanent

Voteaza

Up Down
(2 din 4 persoane apreciaza acest articol)
Share
Tweet
Share

Despre Autor

Leave A Comment?