Intune Archives

Winsage

May 23, 2026

Windows 11 adds policy to remove Copilot app

A new preview build of Windows 11 introduces a Group Policy option titled Remove Microsoft Copilot app, located in User Configuration settings under Administrative Templates and Windows Components. This policy is conditional, applying only when both Microsoft 365 Copilot and Microsoft Copilot are present, the Copilot app has not been user-installed, and it has not been launched in the last 28 days. Alternative methods to control the Copilot app include the Intune Settings Catalog entry to turn off Copilot, a registry DWORD at HKEYLOCALMACHINESOFTWAREPoliciesMicrosoftWindowsWindowsCopilot, and AppLocker packaged-app rules. Community discussions indicate that PowerShell uninstall methods are temporary solutions due to potential reinstallation by subsequent updates.

Winsage

May 23, 2026

CVE-2026-45585: YellowKey BitLocker Bypass

BitLocker, a security feature for data protection, has a vulnerability identified as CVE-2026-45585, also known as YellowKey, which allows unauthorized access to encrypted data on Windows 11 versions 24H2, 25H2, 26H1, and Windows Server 2025. This flaw does not compromise BitLocker’s encryption but affects the recovery environment supporting it. The vulnerability can be exploited locally through the Windows Recovery Environment (WinRE) by an attacker with physical access, who can trigger an unrestricted shell and access the BitLocker-protected volume. Microsoft has provided two mitigation strategies: modifying the WinRE image to remove the autofstx.exe entry and transitioning from TPM-only protection to a TPM+PIN requirement at startup. The exploit poses challenges for detection, as it occurs pre-boot and currently lacks vendor-published indicators of compromise. Organizations using BitLocker for unattended devices are particularly at risk, as the vulnerability can lead to loss of confidentiality if an attacker gains access before the legitimate user.

Winsage

May 20, 2026

Microsoft shares mitigation for YellowKey Windows zero-day

Microsoft has addressed the YellowKey vulnerability, a zero-day flaw in Windows BitLocker identified as CVE-2026-45585. This vulnerability allows unauthorized access to BitLocker-protected drives through a specific exploitation process involving 'FsTx' files. The flaw was disclosed by an anonymous researcher known as 'Nightmare Eclipse.' Microsoft has released mitigation strategies, including removing the autofstx.exe entry from the Session Manager's BootExecute REGMULTISZ value and reestablishing BitLocker trust for WinRE. Additionally, users are advised to change BitLocker settings from "TPM-only" to "TPM+PIN" mode, requiring a pre-boot PIN for drive decryption, and to enable "Require additional authentication at startup" for unencrypted devices.

Winsage

May 19, 2026

Introducing new Surface devices built for business and AI acceleration

IT leaders face challenges from the rise of artificial intelligence, sophisticated security threats, and scrutiny over investment decisions regarding PC fleets. Microsoft has introduced the Surface line to address these demands, integrating advanced silicon and software for enhanced security and AI capabilities. The new Surface Pro for Business and Surface Laptop for Business, powered by Intel Core Ultra Series 3 processors, offer significant performance improvements, including up to 35% better graphics than the MacBook Air with M5 and over 90% faster than the Laptop 5 on select configurations. The Surface Laptop for Business is available in 13-inch and 15-inch models, starting at 9.99, featuring a high-resolution touchscreen, advanced haptic touchpad, and up to 23 hours of battery life. The 13-inch Surface Pro for Business, also starting at 9.99, combines multiple input methods with on-device AI processing. All Surface devices are designed with security as a core principle, shipping as Secured-core PCs, and include an optional integrated privacy screen. They support AI applications both in the cloud and on-device, enhancing productivity. Devices can be managed through Microsoft Intune for operational efficiency. The new Surface devices are made from recycled materials, designed for energy efficiency, and certified by ENERGY STAR.

Winsage

May 8, 2026

Microsoft Tests Point-in-Time Restore for Windows 11, a Full System Backup Beyond Classic System Restore

Microsoft is testing a recovery feature for Windows 11 called Point-in-Time Restore, which offers a more extensive system snapshot than the traditional System Restore. It was first introduced in the Windows 11 Insider Experimental preview on April 24, 2026. The feature aims to minimize downtime and simplify troubleshooting and can be accessed through the Windows Recovery Environment and the Windows Settings app. Point-in-Time Restore backs up a broader range of data compared to System Restore, including user files, applications, settings, passwords, secrets, certificates, and keys. It restores the entire PC to a previous state, losing any local changes made after the snapshot. The feature operates on an automated schedule, with snapshots retained for up to 72 hours, and users can create new snapshots at specified intervals. For optimal use, Point-in-Time Restore is enabled by default on PCs with at least 200GB of drive space, with a storage cap of 2% of total drive capacity. It remains optional for consumer versions of Windows. A specialized version for Windows 365 Enterprise cloud PCs is always active, retains restore points for up to a month, and uses scalable cloud storage. Remote management support for Point-in-Time Restore is under development and not yet available. Currently, it is limited to builds within the Windows 11 Insider Experimental channel, with broader availability details pending.

Winsage

May 7, 2026

Publish to Microsoft Store as a company—now with free registration and faster onboarding

- The fee for company developer accounts on the Microsoft Store has been eliminated, allowing free account creation. - Developers can now sign up using their organization’s Microsoft Entra ID work account. - The onboarding process has been improved with a revamped flow that includes clearer requirements, real-time status updates, and automated verification checks. - Both Individual and Company accounts are now free to register. - Organizations are encouraged to have their D-U-N-S Number ready to expedite business verification. - If a D-U-N-S Number is unavailable, organizations can upload supporting documents for verification, which may take longer due to manual review. - Providing a business domain email address can help verify employment and speed up account approval. - Email notifications regarding verification status will be sent, and prompt responses can expedite the onboarding process. - Developers can publish a variety of app types on the Microsoft Store without modifying existing code, benefiting from secure discoverability and distribution capabilities. - Non-game apps can utilize their own in-app commerce systems while retaining 100% of revenue. - Organizations can begin the account creation process at storedeveloper.microsoft.com.

Winsage

May 6, 2026

“Minimize downtime and simplify troubleshooting”: Microsoft’s powerful new recovery tool is quietly fixing System Restore. Here’s how it actually works.

System Restore is a recovery tool in Windows that allows users to revert their systems to a previous state, originating with Windows ME. It generates restore points that can be created manually or automatically, with a maximum retention of 60 days starting from the Windows 11 24H2 update in 2025. System Restore captures essential system files and settings but does not recover personal files. The new Point-in-Time Restore feature, introduced in 2025 and appearing in the Windows 11 Insider Experimental preview in April 2026, captures a broader range of data, including user files and applications, and operates on a scheduled basis with snapshots retained for up to 72 hours. It is optional for standard users, enabled by default for PCs with 200GB or more storage, and has storage limits set to 2% of total drive capacity. In enterprise settings, it is always enabled for Windows 365 Enterprise, maintaining restore points for up to one month and utilizing cloud storage. Point-in-Time Restore aims to improve the recovery experience and address limitations of the classic System Restore.

Winsage

May 6, 2026

Security updates Windows no longer require frequent reboots

Since early May 2026, a U.S. company has introduced Hotpatching technology for compatible devices, allowing security updates to be applied without a full system reboot. This technology replaces code fragments directly in the RAM of running processes, reducing the size of downloaded packages and enabling quicker implementation of critical patches. The update mechanism operates on a hybrid schedule with four base months requiring mandatory reboots for cumulative changes and eight hotpatching months focusing on in-memory security fixes. If extensive architectural changes are needed or if the software environment does not meet standards, the system defaults to a standard installation algorithm that requires a reboot. The technology is designed for corporate infrastructures with high operational demands and requires Windows 11 version 24H2 or later, specific editions, and enabled VBS virtualization protection.

Winsage

May 6, 2026

Microsoft enables Hotpatching by default: Windows updates without restarts become a reality

Beginning in May 2026, Microsoft will introduce Hotpatching as a default feature for compatible systems, allowing security updates to be applied without requiring a restart. Hotpatching updates code directly in the memory of running processes, enabling selective updates without interrupting the entire system. It does not replace monthly security updates but alters their activation process on eligible systems, categorized as security updates within the monthly B releases. Eligible systems must be running Windows 11 version 24H2 or newer and possess suitable licenses such as Enterprise, Education, Microsoft 365, or Windows 365. Management of these updates will be facilitated through Windows Autopatch or Microsoft Intune. Microsoft will continue to utilize baseline updates that require a restart, which will alternate with Hotpatch months. Hotpatching aims to reduce the frequency of restarts tied to security updates, particularly benefiting environments where uptime is critical. However, planned restarts will still be necessary, and robust telemetry and maintenance practices will be needed to ensure smooth operation.

Winsage

May 1, 2026

Microsoft now lets admins choose pre-installed Store apps to uninstall

Microsoft has updated its Windows 11 operating system to enhance the management of preinstalled applications. The new RemoveDefaultMicrosoftStorePackages policy allows IT administrators to remove any preinstalled MSIX/APPX applications by referencing their Package Family Name (PFN) through Group Policy Object (GPO) or custom OMA-URI for mobile device management (MDM). This feature requires devices to have at least the April 2026 Windows non-security update. It is available for Windows 11 version 24H2 Enterprise and Education editions, whereas it was initially exclusive to version 25H2 or later. A comprehensive list of supported applications and instructions for applying the policy are provided in Microsoft's documentation. Additionally, a new policy setting enables the uninstallation of the AI-powered Copilot digital assistant from enterprise devices after the April 2026 Patch Tuesday updates. The dynamic list option for this policy will be rolled out in the coming months.