Windows 11, version 24H2

Mechanics Team
10 min readOct 15, 2024

--

Security, experience, performance, and migration updates.

Enhance security, performance, and user experience with Windows 11, version 24H2. Keep your data and identity protected with features like personal data encryption, Windows Hello with passkeys, and Windows Studio Effects. Built-in AI capabilities, including live captions with real-time translation and advanced video call enhancements, leverage powerful NPUs for seamless, efficient performance. Whether you’re a business professional or a creative, Windows 11, version 24H2 offers significant improvements in productivity, energy efficiency, and multitasking capabilities.

Deployment and migration to Windows 11, version 24H2 is straightforward, ensuring compatibility with most existing hardware and peripherals. Tools like Windows Autopatch and Windows Autopilot, integrated with Microsoft Intune, streamline the update and provisioning processes, making device setup and compliance effortless. Jeremy Chapman, Director of Microsoft 365 shares how Windows 11, version 24H2 ensures your organization stays secure, productive, and ready for the future.

Windows 11, version 24H2 updates are here.

Scrollable quick settings menu, Wi-Fi 7 support for faster connectivity, and enhanced File Explorer with text labels for easy file management. Take a look.

Boost performance and efficiency.

Improved battery life, superior video playback, and enhanced productivity. See it here.

Streamline your migration from Windows 10 to Windows 11.

Enhanced Windows update, deployment, and migration tools using Windows Autopatch. Automate device provisioning for an out-of-the-box setup, ensuring compliance with policies using Windows Autopilot. Get started.

Watch our video here.

QUICK LINKS:

00:00 — Windows 11, version 24H2
00:51 — Personal Data Encryption
02:20 — Windows Hello with passkeys
03:26 — Default proactive protection
04:01 — Windows 11, version 24H2 Updates
05:35 — Accessibility updates
06:03 — AI capabilities- live captions
07:13 — Built-in AI — Windows Studio Effects
08:29 — Performance and efficiency
09:13 — Deployment and migration
10:25 — Windows Autopatch
11:36 — Windows Autopilot
12:29 — Wrap up

Link References

Get started at https://aka.ms/Windows11Enterprise

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Keep getting this insider knowledge, join us on social:

Video Transcript:

-Windows 11 24H2 is here, and today, we’ll take a deeper look at what’s new in this release of Windows, from the experiences to new admin controls, including the latest security enhancements exclusive to Windows 11 with additional data encryption options and phish-resistant strong authentication to help protect you from evolving threats. Then experience updates everyone will see in 24H2 spanning the system tray, File Explorer, improvements in connectivity, and more.

-Then, for Copilot+ PCs, we’ll explore new integrated AI options using on-device models with Windows Studio Effects, and if your PCs are currently running Windows 10, we’ll show you how things have improved to manage your migration and your options to extend security updates if you need more time. So let’s get into this, starting with security. Here, it’s worth noting that Windows 11’s existing security improvements with credential safeguards, malware shields, and application protection have already led to a reported 58% drop in security incidents, including a 3.1x reduction in firmware attacks. That said, with the threat landscape evolving faster than it ever has, there are a number of new Windows 11 security protections lighting up in 24H2.

-First, to better protect your files, personal data encryption is a new capability for Windows 11 Enterprise and EDU editions that relies on Windows Hello for business authentication. It creates a unique key for each user profile’s desktop, documents, and pictures folders. Protection is indicated by the lock icon, making files only readable during an active user session, and it works independently of BitLocker or any other volume-level encryption as additional protection, and if a PDE-enabled device is shared or has multiple user accounts, even if another user is a local administrator on that device, while they can see folder and file names, they won’t be able to decrypt and view the contents of those files. They’re locked. Personal data encryption can be enabled on Microsoft Intune-managed devices via policy. Then, once enforced, encryption can take up to seven days to complete, and processing happens during the defined device maintenance window to avoid productivity impacts.

-And for increased protection against credential theft without compromising convenience, Windows Hello is now extended to work with passkeys for more secure phish-resistant multi-factor authentication when accessing apps and websites. When you register with an online service or set up your device with a Microsoft Entra account using a passkey, Windows generates a new cryptographic key pair where the private key is stored securely on your device and the public key is registered with the online service.

-Then, to authenticate, your Windows device first proves that it possesses the private key, which can only be used after you unlock it with Windows Hello using your face, fingerprint, or PIN. Additionally, for PCs that come with 24H2 pre-installed, when you set up or use Windows Hello, your credentials are more protected by default using virtualization-based security, which isolates credentials while generated and in use in a secure container outside of the running operating system, so even if you just use a PIN, that’s also stored in the secured container. That means this works from devices with or without built-in biometric sensors. Windows 11 24H2 devices also add default proactive protection against malware-based credential theft. Local security authority protection is now on by default. This prevents untrusted code from running and accessing LSA memory where credentials can be stored. It helps prevent increasingly common malware attacks where app tokens are stolen as you sign into sites and services and transferred to another device in order for it to gain access to resources in what’s known as a token replay attack. So those are just a few security-based highlights.

-With that, let’s move on to the Windows 11 experience updates and what’s new for 24H2 that everyone will see, followed by the AI-powered experiences available for Copilot+ PCs. Starting in the system tray, Windows adds a scrollable view of quick settings. Instead of editing the list to add new quick actions, you can scroll through the list and rearrange them. From quick settings to extend battery life, you can enable or disable energy saver, which works even when PCs are plugged in, in case you want to conserve energy at any time. For Wi-Fi quick settings, we’ve added a new refresh button where you can now trigger a scan of available Wi-Fi networks that are within range. If your device supports it, Windows 11 24H2 also can connect to Wi-Fi 7 networks, which are up to four times faster than Wi-Fi 6, and by the way, Wi-Fi 7 also supports multi-link operation, ultra-wide bandwidth for high-bandwidth scenarios like virtual and augmented reality, and 4096 QAM for improved video streaming. Now this will also speed up connectivity for file transfers. In fact, in the task bar, once you’ve started a longer process like a file transfer, a download, or a video render, with the new thin line representing 100% percent, you’ll be able to more easily gauge progress, and one more thing to point out for the files themselves in File Explorer.

-In addition to the icons from previous Windows 11 versions with the right-click context menu, we’ve now added text labels for cut, copy, paste, rename, share, and delete. There are also more options for accessibility. You can now toggle live captions on and off directly from quick settings. For better accessibility when using supported Bluetooth low-energy hearing aids, we’ve streamlined Bluetooth device connection and pairing, and by the way, you can now use direct pairing with Swift Pair, and once connected, compatible devices work with audio streaming and smooth call handling. Again, these updates are available for everyone.

-Now, if you are using a Windows 11 24H2 Copilot+ PC, advanced on-device AI capabilities also light up. These devices have more than 40 models that bring various intelligent local capabilities and take advantage of power-efficient neuro-processing units or NPUs that can do, at minimum, 40 trillion or more operations per second. Let me show you a few highlights. First, I’m in settings under Accessibility and Captions, using live captions with translations, and Windows can interpret any audio played on the system from any app. So I’ll try this out, playing a video in the Windows Media Player that I made earlier. Now that I have live captions enabled with translation… And as you saw, while I spoke in English, German, and Mandarin, it translated everything back to me in English captions in real time, and this is all running using the local models on the device baked into Copilot+ PCs so there’s no latency to round-trip the data and it’s almost instantaneous.

-For more built-in AI, let’s look at Windows Studio Effects, which is easily accessible in quick settings and works with the NPU to improve your online presence regardless of which app is using your built-in camera or microphone. For example, Portrait Light automatically adjusts the image quality to help you show up better in not so well lit environments. Also, participating in a video call using the three creative filters gives you some fun options. Here, the animated option is selected, and you can now see the cartoon effect on our subject while still preserving their facial features. Then, the improved portrait blur with real-time depth estimation off the camera feed, as you can see, does much better than previous iterations, and even though you can’t see it in the demo, the enhanced voice focus uses the NPU for deep echo cancellation and removes background noise when you’re on a call for Teams, Zoom, or WhatsApp. Of course, the automatic framing continues to keep you in the ideal position, which is super handy with some of the ultra-wide field of view cameras, and if you combine eye contact with teleprompter turned on, it’s pretty powerful. So eye contact is enhanced as you read content on the screen, making you appear more engaged and natural with others on the call.

-Now, let’s go under the hood of Windows 11 to look at recent performance and efficiency improvements. In a study by Principal Technologies, which predates Copilot+ PCs and compares popular business laptops from HP and Lenovo running Windows 11 and Windows 10 on equivalent spec devices, PCMark 10 benchmarks saw battery life improvements across the board for Windows 11. Local video playback and streaming video tests also favored Windows 11. Then, for productivity tasks, also using PCMark 10 benchmarks, Windows 11 also scored higher. Additionally, for creative work using Cinebench R23 benchmarks, both single and multi-core Windows 11 outscored Windows 10.

-So, now, let’s move on to your Windows 11 24H2 deployment considerations, especially if some or most of your devices are currently running Windows 10. First, in the area of compatibility, your Windows 10 hardware and peripherals will just work with Windows 11. In fact, the overwhelming majority of business PCs running today will run Windows 11. As rule of thumb, any device with eighth-gen Intel processors or newer released after 2017 will work, and unless your PCs are more than seven years old, there should be nothing holding you back, and for applications, more than 99.7% of Windows 10 apps will run on Windows 11, and if you’re running Windows 10 on some or most of your systems now, it’s really a good time to start thinking about your migration. Windows 10 end of support is coming in October 2025, at which point, if you’ve not yet migrated, there are more options to purchase extended security updates for systems running Windows 10 22H2 and newer. Now, this option gives you more time to migrate and should be thought of as a last resort. Extended security updates are included with Windows 365 and Azure Virtual Desktop, as well as physical devices used to connect to Windows 365, and the good news is we’ve been enhancing the Windows update, deployment, and migration tools ever since your last migration, so when you’re coming from Windows 10, you don’t need to re-image existing devices.

-For Microsoft Intune, you can manage Windows devices, and using Windows Autopatch, our fully-managed cloud native update solution, which is included with Microsoft 365, E3, and E5, you can update your Windows 10 devices to Windows 11. Enrolling your tenant into Windows Autopatch, as you can see here, is easy. You’ll agree to assessing your tenant for readiness, then enroll, accept the terms, and add contact information for your Windows Autopatch admins. The solution will automatically create multiple progressive deployment rings, allowing you to apply the latest updates according to your organization’s custom configuration, where you can configure release settings and group assignments for each deployment ring. So you maintain full control over the deployment of updates, and by design, Autopatch minimizes disruptions and distractions with early issue identification, and it supports safe rollout with halt and rollback support.

-Next, as you refresh your hardware with new devices, the Windows Autopilot deployment service can also be managed from Microsoft Intune, where you can automate device provisioning to streamline the out-of-box set-up experience and make the devices you purchase compliant with your management policies and settings, as well as install your required apps and run any defined scripts in order to make sure those devices are immediately business ready. As you purchase new devices, you’ll work with your hardware supplier to create the management connection between your organization and those devices so they can be directly shipped to your employees. Then, once the device is powered up and connected to the internet, your policies and settings are enforced and the device is made compliant before it’s allowed to connect to your managed resources. Migration from Windows 10 to Windows 11, in fact, has never been easier, and there are no compromises with 24H2.

-Now, to learn more and get started, check out aka.ms/Windows11Enterprise and keep watching Microsoft Mechanics for more updates. Subscribe if you haven’t yet, and thanks for watching.

--

--

No responses yet