As we come together at Microsoft Ignite 2024, we’re excited to unveil the latest security, AI and cloud innovations coming to Windows for our commercial customers. We’re pushing the boundaries to continue making Windows the most secure and performant platform for you and your organization.
Announcements include:
- The latest security innovation, requirements and updates on our commitment to building the most secure operating system on Earth
- Availability of new cutting-edge AI tools for our developer community designed to drive new innovation on Copilot+ PCs and Windows 11
- Updates on AI-powered Copilot+ PCs with Windows 11 and Microsoft 365 for enhanced productivity
- The introduction of a new class of devices built to connect securely to Windows 365 in seconds, and expansion of Cloud PC solutions to more jobs such as Frontline workers, BYOD (bring your own device) employees, high-capacity computing and cloud-powered resiliency.
Throughout the next few days, we will outline our commitment to security, productivity and user experiences across Windows 11, Copilot+ PCs and Windows 365. Windows 11 is the most secure operating system on Earth, and the best computing platform for businesses of all sizes. We will explore how, together, Windows 11 and Microsoft 365 boost employee productivity, the value and performance Copilot+ PCs provide organizations, and we will share details on the right IT controls and security layers available to safeguard your organization. Additionally, we will highlight how Windows enables management of countless mission-critical workloads and how we are extending Windows across more platforms, to more jobs, with Windows 365 Cloud PCs.
Security and Resiliency: Our Top Priority
Protecting your organization’s data from emerging threats and ensuring system integrity is paramount. Windows 11 raises the bar for security and reliability, while maintaining the Windows open ecosystem where customers and partners innovate freely.
We are committed to ensuring that Windows remains the most reliable and resilient open platform for our customers. As part of this commitment, we are introducing the Windows Resiliency Initiative, covering four areas of work:
- Strengthen reliability based on learnings from the incident we saw in July
- Enabling more apps and users to run without admin privileges
- Stronger controls for what apps and drivers are allowed to run
- Improved identity protection to prevent phishing attacks
Empowering IT administrators with great tools during critical times is a top priority. Our first step is born out of the learnings from the July incident with the announce of Quick Machine Recovery. This feature will enable IT administrators to execute targeted fixes from Windows Update on PCs, even when machines are unable to boot, without needing physical access to the PC. This remote recovery will unblock your employees from broad issues much faster than what has been possible in the past. This feature will be available to the Windows Insider Program community in early 2025.
We are also evolving our partnership with endpoint security partners you rely on to keep your employees safe. For over 20 years, we have collaborated deeply with these partners as part of the Microsoft Virus Initiative (MVI). These partners have extensive integration with the Windows platform and play a significant role in safeguarding customers’ digital portfolios. This summer we brought together a group of industry leaders and partners to discuss new ways we can work together to ensure that Windows 11 remains the most secure and resilient operating system.
As an outcome of that summit, MVI partners will be required to take specific actions to improve security and reliability. In addition to increased testing and strengthened incident response processes, these partners must follow safe deployment practices for updates to your Windows endpoints. The practices include controlled gradual rollouts, and the monitoring and recovery procedures such as those recently shared by the US Cybersecurity and Secure Infrastructure Administration (CISA).
The close Microsoft collaboration with MVI partners also includes working on new Windows platform capabilities to enable running anti-virus processing outside kernel mode. This will enable anti-virus products on Windows to provide a high level of security while minimizing reliability risks, as crashes outside kernel mode will only affect the anti-virus application, and not all of Windows. A private preview of these new Windows security platform capabilities will be made available to partners in July 2025.
Our focus on Windows security goes well beyond the close collaboration with the MVI partners. Our Windows Secure by Design strategy is a comprehensive approach to ensuring that Windows 11 is the most secure operating system we have ever built, from the moment you power on your PC.
With Windows 11, we’ve achieved a remarkable 3x reported reduction in firmware attacks and 2.9x fewer instances of credential theft compared to Windows 101
We continue to raise the security bar with hardware security baseline requirements, security at every endpoint and related features enabled on by default.
- Hardware Security Baseline: Our customers expect that every Windows 11 PC is safe and secure. Windows 11 leverages the latest hardware security features, such as TPM 2.0 and Secure Boot, to provide a robust defense against sophisticated attacks. Hardware security baselines now provide organizations with a consistent foundation and the confidence they expect in their operating system.
- User-centric security enhancements: Guided by the Microsoft Secure Future Initiative, we are making big changes to deliver the highest level of Windows security. Smart App Control and App Control for Business policies provide peace of mind that only verified apps can run on your device, helping fend off attacks like malicious attachments or even social engineered malware. Windows Hello authentication has been extended to passkeys, so that you no longer have to choose between a simple sign-in and a safe one.
- Administrator protection: We have introduced a new feature in preview where employees have standard user permissions by default, but can still make Windows system changes, including app installation, when necessary. With administrator protection enabled, if a system change requires administrator rights, the employee is prompted to authorize the change using Windows Hello. Upon approving the change, Windows creates a temporary isolated admin token that is destroyed once the process is completed. Administrator Protection helps to ensure that employees remain in control, not malware.
Learn more from David Weston about these new security enhancements.
Windows 365 and Windows 11 provided us with the capability, the operational resilience, the security that we needed to be able to provide a secure platform on which to build our products and services off.
–Sandra Lee, Group Chief Information Security Officer, London Stock Exchange Group
For detailed insights into these features and our Windows security priorities, please refer to our updated Windows Security book. This book provides a comprehensive view of our commitment to the Microsoft Secure Future Initiative and our aligned Windows security goals.
Empowering Developers with Cutting-Edge AI Tools
As we continue our journey into the AI era of computing, providing the right software tools and performant hardware to our developer community is critical to our success. This important community is at the forefront of this AI transformation, and with the introduction of Copilot+ PCs equipped with a powerful neural processing unit (NPU), we are seeing accelerated innovation around new AI experiences. Today, I’m excited to share new capabilities for developers which are designed to assist in the integration of AI in applications.
At Build 2024, we introduced Windows Copilot Runtime (WCR), a reliable platform for developers to create innovative experiences more securely and efficiently, regardless of where they are on their AI development journey. Windows Copilot Runtime encompasses AI frameworks and tool chains that enable developers to integrate their own on-device models into Windows, utilizing robust client silicon such as GPUs and NPUs.
Whether they are just getting started or are already building custom models, WCR includes a set of APIs that are powered by over 40 on-device models included with Windows. Phi 3.5 Silica, built from the Phi series of models, is optimized for the Snapdragon X series NPU in Copilot+ PCs, enabling text intelligence capabilities like text summarization, text completion and text prediction. Developers can access Phi 3.5 Silica API and Optical Character Recognition (OCR) API which recognizes and extracts text present within an image in Windows App SDK 1.7 Experimental 2 release in January.
Today, I’m pleased to announce four new Imaging APIs in Windows Copilot Runtime which developers can access in Windows App SDK 1.7 Experimental 2 release in January.
- Image super resolution: API increases fidelity of the image as well as upscaling the resolution of the image. This API can be used to enhance clarity of blurry images.
- Image segmentation: API enables separating foreground and background of an image, as well as removing specific objects or regions within an image. Creativity apps like image editing or video editing can easily bring background removal capabilities in their apps using this API.
- Object erase: This API enables erasing unwanted objects from the image and blends the erased area with the rest of the background.
- Image description: API provides a text description of an image.
We are seeing exciting innovation with Windows Copilot Runtime and the NPU, coming from new third-party developers such as Adobe Premiere Pro, LiquidText, Dot Vista, Promeo by Cyberlink, McAfee’s Deepfake Detector, Capture One, Affinity Photo and more.
In addition to the new AI-powered APIs and frameworks, it’s important to enhance developer productivity with tools they need to be efficient in their workflow. Windows Subsystem for Linux (WSL) offers a robust environment for AI development on Windows, allowing developers to simultaneously run Windows and Linux workloads.
Starting today, we are introducing several critical enhancements to WSL and WinGet, empowering IT professionals to effectively manage their enterprise’s line-of-business applications.
- Intune device compliance integration will provide IT professionals with an interface to control WSL distribution and version usage in their enterprise with controlled access.
- Microsoft Entra ID integration with WSL allows enterprise developers to access protected enterprise resources from a WSL distribution. It provides an automatic connection for Linux processes to use the underlying Windows authentication.
We are excited to offer developers more choices for Linux distribution on WSL. With a new WSL distribution architecture, we are providing additional extensibility to IT professionals and enterprise developers to have more Linux distributions including Red Hat to choose from.
Harnessing the Power of AI: Windows 11 and Copilot+ PCs
AI is at the heart of our vision for the future of Windows 11, and its introduction into the productivity space is an exciting step forward. By leveraging the combined strengths of Windows 11 and Microsoft 365, we empower employees to achieve more with less effort through all-new AI experiences on Copilot+ PCs and Windows 11.
With an integrated NPU capable of 40+ TOPS (trillion operations per second), Copilot+ PCs provide unique AI experiences and rich contextual insights across applications, with near real-time processing capabilities and support for the next generation of AI applications. When you add Microsoft 365 and the suite of innovative tools – including a large language model, graph and productivity features – employees can improve workflows, communicate effectively and collaborate more efficiently.
With the introduction of Copilot+ PCs, Windows has been rearchitected, in collaboration with AMD, Intel and Qualcomm, and OEM partners, to optimize every layer of the stack for AI experiences. Copilot+ PCs are the fastest, most intelligent and the most secure PCs we’ve ever built. Together, Windows 11 on Copilot+ PCs with Microsoft 365 deliver experiences that enrich and empower employees and businesses in valuable new ways.
Our innovation focuses on three key aspects of the employee experience: simplifying workflows, helping you find information faster and improving communication tools so everyone can be seen, heard and understood. Together, Windows and Microsoft 365 offer an experience with fewer clicks, less friction, richer context and greater capabilities for everyone.
Simplifying Your Workflow
An important aspect of productivity is the ability for employees to quickly switch between tasks, navigate applications and identify the right tools. This all takes time and effort which may distract from the task at hand. With Microsoft 365 Copilot on Windows 11, employees with a Copilot+ PC have access to a personal assistant for work designed to scale their impact, including aiding in idea generation, collaboration and task completion.
We have only just begun unlocking new possibilities with Microsoft 365 Copilot on Copilot+ PCs. Microsoft 365 Copilot can harness the power of AI by utilizing the integrated NPU, allowing models to run locally. This reduces reliance on an internet connection for tasks such as AI writing assistance in applications like Outlook and Word. In the coming months, organizations will experience even greater benefits through new AI innovations, making generative writing capabilities accessible to more employees and enabling them to achieve more with less effort. Learn more from Jared Spataro about Microsoft 365 Copilot innovations in his blog.
Recall (Preview): Disabled by Default
Earlier this year, we introduced Recall for Copilot+ PCs, designed to make it easier to quickly find what you’ve seen before on your PC. We heard your feedback on needing a secure and controllable experience for using Recall in your organizations, and it will be. Recall will be disabled by default, and IT will enable this feature through new policies before it can be made available to employees for opting in and will ship with meaningful security enhancements, including additional layers of data encryption and Windows Hello protection, making it one of the most secure experiences we have ever built. Our goal is to ensure that your employee and organization data is protected from the beginning, and we look forward to hearing your feedback on this new experience.
AI Assistance at Your Fingertips
Another Copilot+ PC feature recently announced is Click to Do (preview), an all-new powerful productivity paradigm that puts AI at your fingertips to assist with many tasks across applications such as being able to summarize any content on your screen, even if it’s in a Teams call. Click to Do (preview) in Recall is releasing first to our Windows Insider community on Copilot+ PCs before rolling out more broadly to our customers. It is designed to connect you to quick AI actions based on the context of what’s on your screen, making it faster and easier to get things done, all done in secure and private workflows.
Finding What You’re Looking For Faster
A seamless workflow relies on quickly finding what you need. Employees often struggle to locate files or information on their PC and across applications. Copilot+ PCs, with powerful NPUs, will reduce this frustration using Improved Windows Search, which uses federated semantic search to interpret user intent even when it doesn’t match the exact file name. This feature will be released first to our Windows Insider community on Copilot+ PCs, starting early next year, before rolling out more broadly to our customers. Our Microsoft 365 Copilot customers can search both local and cloud files, boosting efficiency. These capabilities will expand to the Windows search box and Settings in the future.
Effective Communication and Team Collaboration
Achieving optimal productivity involves more than just completing tasks; it also includes enabling employees to communicate effectively while engaging in work they are passionate about. When using Teams on Copilot+ PCs, employees will experience optimized performance and reduced battery consumption. Teams Super Resolution enhances the quality of incoming video, improving visibility of colleagues even with weak internet connections. Live Captions with live translation support from over 40 languages into English, makes it easier than ever to connect with colleagues near and far2. And, for the days you need to look and sound your best, Windows Studio Effects provide valuable visual and audio filters, providing optimal appearance and sound quality during a video call. These innovative experiences are powered by Windows Copilot Runtime. Studio Effects, Live captions with live translations and Image super resolution are available as ready to use APIs in Windows Copilot Runtime. Organizations can leverage these APIs to bring similar experiences to life in your applications, such as WhatsApp who has upgraded their user experience adding Windows Studio Effects controls directly into the UI. Learn more.
Work Securely and with Enhanced Flexibility in the Cloud
With Windows 365, we extend Windows 11, Microsoft 365 and AI capabilities across any platform. Give employees the limitless computing power of Windows in the cloud, with access to the same Windows experience no matter which device they are on. With Windows 365 you can ensure business continuity across your entire team from remote and in-person employees, to consultants, contractors and temporary workers.
A More Secure Way to Access Your Work – Windows 365 Link
As organizations shift more workloads to the cloud for better security and flexibility, Microsoft is expanding its Cloud PC solution with a new class of devices built to connect securely to Windows 365 in seconds.
Today we are excited to announce Windows 365 Link – the simple, secure and purpose-built device for Windows 365. Windows 365 Link is now in preview and will become generally available for purchase in select markets at $349 starting April 2025. It enables desk-based users to work securely on a familiar Windows desktop in the Microsoft Cloud with responsive, high-fidelity experiences.
Compact, fanless and lightweight, Windows 365 Link can be conveniently shipped directly to users. It boots in seconds, wakes instantly from sleep, and offers local processing for video conferencing solutions such as Microsoft Teams meetings and Webex by Cisco, maximizing employee productivity. Windows 365 Link supports dual 4K monitors, four USB ports, an audio port, an Ethernet Port, Wi-Fi 6E and Bluetooth 5.3, making it compatible with both wired and wireless peripherals. It is simple to manage using Microsoft Intune alongside other PCs with a small Windows-based OS footprint with minimal applicable configuration policies.
Windows 365 Link is designed with security in mind. The device does not store local data or apps and employees do not have admin privileges, ensuring corporate data stays protected within the Microsoft Cloud. Security baseline policies are enabled by default and security features cannot be disabled. Login is simple and secure with password-less authentication using Microsoft Entra ID and the Microsoft Authenticator app or USB security keys.
Windows is dedicated to delivering choice and flexibility for our customers. Critical to that effort is our OEM and silicon ecosystem. Just like we did with 2:1s, we’re starting with first party devices and doing the work to get the product experience right. As we continue to expand the Cloud PC category, we look forward to expanding offerings as well, scaling with our OEM partners in 2025.
Support for Frontline Workers and BYOD
Today at Ignite, we are also announcing Windows 365 Frontline provisioned in “shared mode,” which will provide a new way to access Windows 365 Cloud PCs and is now available in preview. This new mode is designed for users who need brief access to complete ad-hoc tasks quickly and securely from a non-personalized Windows desktop environment and their user data is deleted upon log off.
Additionally, Windows App now supports Mobile application management (MAM) for iOS and Android. Now in preview, MAM enhances device redirection and strengthens security on unmanaged or externally managed devices. It allows organizations to define device security criteria and customize access, supporting BYOD scenarios.
Now with Windows 365, we have one integrated solution that leads to security, that leads to cost efficiency, that leads to much better employee productivity and employee experience.
–Vineet Gupta, Head of Employee Experience, HP
Extending Windows 11 to Mixed Reality
Windows in mixed reality brings the full capabilities of Windows 11 to mixed reality headsets, starting with Meta Quest 3 and Quest 3S. Access to your local Windows PC or Windows 365 Cloud PC from a Quest headset is seamless and it takes only seconds to connect to a private, high-quality, large, multiple-monitor workstation. This will be available in public preview by the end of the year.
Endpoint Modernization
We continue to make progress on Windows endpoint modernization, designed to enhance security, productivity and management efficiency for organizations moving to Windows 11. As the end of support for Windows 10 approaches, there has never been a better time to upgrade to Windows 11, a more secure and resilient computing environment that empowers organizations to protect their data, optimize productivity and remain competitive in the rapidly evolving digital landscape. And with features like Windows Backup for Organizations with Entra ID Accounts coming in public preview this Spring, the transition to Windows 11 is easier than ever before. Learn more about the tools and resources available to organizations.
And, as more of our customers make the move to the cloud, we continue to support them with Cloud PCs, Cloud Services and Cloud Management tools. Today at Ignite we announced several new features to help IT management ensure they can minimize the impact to the already stretched resources within their teams.
Windows Update for Business deployment service has now been woven into Windows Autopatch, providing a more cohesive and streamlined update experience. With this change, customers can use Windows Autopatch to simplify keeping their Windows devices up to date. This automation helps to ensure the seamless deployment of updates for the Windows operating system, Microsoft 365 Apps for enterprise, Microsoft Teams and Microsoft Edge.
The unified dashboard in the Microsoft Intune admin center allows for easy management of update policies, groups, status and reports, enabling IT professionals to maintain the level of control needed for their organization. This approach aims to reduce complexity, enhance compliance and security, and improve resource allocation. This dashboard ensures timely updates, minimizes disruptions and frees IT resources for strategic initiatives, without requiring additional licensing.
Hotpatch for Windows is an innovative feature in preview, aimed at boosting both productivity and security. With Hotpatch, updates are downloaded in the background and become effective immediately upon installation, eliminating the need for a device restart. This enables customers to work without interruptions, while keeping systems protected with the latest security updates.
When combined with Windows Autopatch, Hotpatch streamlines the update process and significantly shortens the time needed for applying updates. Organizations utilizing Windows Autopatch have reported up to a 95% reduction in the time required to deploy feature updates.
Hotpatch will also be available on Windows 365 Cloud PCs.
Learn more about the related tools and resources available to the Windows ITPro Community.
Building a Future with Windows: Innovation and Security at the Forefront
As we look to the future, our mission remains clear: to create a seamless and secure experience for every customer, organization and developer. With the new capabilities in Windows 11, Copilot+ PCs and Windows 365, combined with our relentless focus on innovation, we are building a future where we will unlock the full potential of what Windows can offer.
What you’ve seen today is just the beginning. We’re committed to continuous innovation and improvement. Whether it’s through enhanced security, better performance or transformative AI experiences, we’re building a future where Windows empowers every user and organization to achieve more.
1 Windows 11 Survey Report. Techaisle, September 2024. Commissioned by Microsoft. Windows 11 results are in comparison with Windows 10 devices.
2 On some devices, Copilot+ PC experiences require free updates available starting later this year and continuing into 2025. Timing varies by device and region. See aka.ms/copilotpluspcs