Remote Server Administration Tools (RSAT) are now natively supported on Arm64-based Windows 11 PCs. Starting with the February 2026 non-security preview update (KB5077241), six RSAT components are available as optional components on Windows 11 versions 24H2 and 25H2, including Server Manager.

Source

Microsoft Agent 365 is the control plane for AI agents in the enterprise: a set of capabilities built on Microsoft Entra, Purview, Defender XDR, and the Microsoft 365 Admin Center that gives IT and security teams a single location to observe, govern, manage, and secure AI agents — regardless of whether they were built with Microsoft tooling, open-source frameworks, or third-party platforms.

Source

Microsoft announced that Windows Autopatch will enable hotpatch security updates by default for all eligible devices starting with the May 2026 Windows security update. The change affects devices managed through Microsoft Intune and the Windows updates API in Microsoft Graph. Hotpatch updates install security fixes without requiring a device restart, accelerating compliance across organizations. Previously, this feature required manual activation by administrators.

Source

Microsoft announced Wave 3 of Microsoft 365 Copilot, introducing Copilot Cowork as a new AI-driven work mode that executes multi-step tasks across Office applications. However, Copilot Cowork is a double misnomer because the tool qualifies as neither a copilot nor a coworker.

Source

Microsoft is retiring the legacy WebRTC-based optimization for Teams in Virtual Desktop Infrastructure (VDI) and replacing it with a new architecture called SlimCore — also referred to as VDI 2.0 — introduced in Q4 2024. The change affects Windows endpoints connecting to Azure Virtual Desktop (AVD), Windows 365, and Citrix, with defined End of Support and End of Availability milestones. In parallel, Microsoft has announced a public tech preview of the new optimization for Omnissa Horizon. This article covers the architectural differences, supported platforms, new features, and the steps required to complete the migration.

Source

Windows Terminal Preview 1.25 was released in March, after a brief pause in the quarterly release cycle to focus on reliability and performance. The update introduces a Settings search UI, a rewritten Actions editor for key binding configuration, built-in support for Kitty's Keyboard protocol, two new community translations, and several miscellaneous improvements and bug fixes. You can install it from the Microsoft Store, the GitHub releases page, or via winget.

Source

The Defender deployment tool for Windows now ships as a single .exe with the onboarding package baked in, with configurable expiry dates, a required portal key to activate it, and onboarding event logs visible in the device timeline — replacing the old script/blob approach. The previous tool gave no clear status feedback, leaving admins unable to tell if onboarding was in progress or had failed.

Source

Windows Autopatch update readiness reached general availability, adding four capabilities to the Windows Autopatch blade in the Microsoft Intune admin center. The new features—management status report, quality update journey, alerts and remediations, and Update Readiness Checker—give IT teams proactive visibility into device readiness, update blockers, and remediation guidance across Intune-managed Windows fleets. All capabilities are included in the existing Windows Autopatch license at no additional cost. Windows Autopatch is available for customers with Windows Enterprise, Frontline, US Government, Education, and Business Premium SKUs.

Source

Windows Admin Center (WAC) vMode (Virtualization Mode) is a current in-preview management gateway for Hyper-V environments, deployable as a stateful appliance with an integrated PostgreSQL database. Unlike aMode (Administration Mode), vMode targets centralized virtualization management across multiple hosts and clusters, without requiring System Center Virtual Machine Manager (SCVMM). The only mandatory prerequisite is the Microsoft Visual C++ Redistributable. This article covers the system requirements, environment preparation, and installer walkthrough for vMode, and briefly explains how aMode installation differs.

Source

Starting with the February 2026 preview updates for Windows 11 24H2 and 25H2, Microsoft has made Group Policy Preferences (GPP) debug logging configurable directly in Local Group Policy via gpedit.msc. Previously, these settings were primarily managed through domain-based Group Policy Objects (GPOs); enabling them via Local Group Policy typically required manually copying the GroupPolicyPreferences .admx/.adml templates into the local PolicyDefinitions store. You can now enable per-CSE (client-side extension) event logging and file-based tracing on individual client devices without a domain controller.

Source

Twenty years ago, I authored my first 4sysops blog post. However, my fascination with IT started much earlier. I can't recall exactly how I came to this realization, but I initially believed that computers were superior learning tools to books and that studying how to use them would give me superpowers. Forgive me, I was just an immature teenager. Although I soon forgot this idea, I was already hooked after the initial lines of my first computer program.

Source

Windows 365 Reserve and Windows 365 Boot are two complementary Microsoft cloud services that, when combined, let employees resume work on a preconfigured Cloud PC from any Windows 11 device without additional setup. Windows 365 Reserve provides short-term Cloud PC access for users whose primary physical device is unavailable. Windows 365 Boot redirects the Windows 11 sign-in experience directly to a Cloud PC, though administrators can configure policies to allow users to access the physical device's local OS if needed.

Source

Windows 11 Insider Preview builds introduce a new secure processing mode for batch files and CMD scripts. IT administrators can enable it via a registry value named LockBatchFilesWhenInUse, which prevents batch files from being altered while they execute. The feature also improves performance when Windows Defender Application Control (WDAC) code integrity policies are active. It is currently available in the Dev Channel build 26300.7939, and the Beta Channel build 26220.7934.

Source

Windows Server vNext Insider Preview build 29531 introduces ReFS boot, allowing you to install and start Windows Server from a Resilient File System (ReFS)-formatted boot volume for the first time. This feature brings integrity-level metadata checksums, online corruption repair, block cloning, and 35-petabyte volume scalability to the OS boot partition — capabilities that NTFS cannot match. ReFS boot requires UEFI firmware and a minimum of 2 GB for the WinRE partition. Learn how to enable Windows ReFS boot during Windows Server installation.

Source

Microsoft Secure Boot certificates issued by the 2011 Certificate Authorities (CAs) are expiring starting June 2026. Every Windows device with Secure Boot enabled must be updated to trust the 2023 certificates before expiration to retain security update support. Microsoft provides a monitoring-only approach using Intune Remediations that runs a PowerShell detection script on enrolled devices and reports Secure Boot and certificate status back to the Intune admin center — without making any changes to devices. This article explains the prerequisites, deployment steps, data collected, and how to read the results.

Source

Microsoft released version 2602 of the Security Baseline for Windows Server 2025, approximately eight months after the previous version 2506. The update adds 10 new Group Policy settings and removes one, focusing on NTLM auditing, printer security, and authentication hardening. Most of the new policies were already included in the Windows 11 Security Baselines since 2022 and are now being backported to the server edition. The baseline is available as part of the Microsoft Security Compliance Toolkit 1.0.

Source

Microsoft Defender for Endpoint has received a set of new features and enhancements in February 2026, covering live response management, configuration visibility, vulnerability reporting, and predictive threat mitigation. These updates span endpoints running Windows, macOS, Linux, Android, and iOS. This article covers the most significant additions to the Defender portal and their operational impact on security teams.

Source

Microsoft's original Secure Boot certificates — issued in 2011 — begin expiring in June 2026. Unlike Windows 11, Windows Server does not receive these updates automatically via Windows Update. Administrators must manually deploy the 2023 replacement certificates to all applicable servers and Generation 2 virtual machines before the deadline. Systems that remain on the 2011 certificates after expiration enter a degraded security posture and cannot receive future Secure Boot updates.

Source

Windows 10 Enterprise LTSB 2016 reaches end of support (EOS) on October 13, 2026, after which Microsoft will stop delivering security updates, bug fixes, and technical support. Organizations that cannot migrate to a newer release by that date can purchase Extended Security Updates (ESU), a paid program that provides critical security patches for up to three years. ESU licenses for LTSB 2016 will be sold through Volume Licensing or a Cloud Solution Provider (CSP) starting in Q2 2026. Activation is performed using a Multiple Activation Key (MAK) and the slmgr.vbs command-line tool.

Source