This week Microsoft finally announced Windows 11 24H2 is now available for all, not just Copilot+ PCs, so let’s have a look at what’s new. Microsoft added a lot of new feature, explained in this IT Pro Blog: Windows 11, version 24H2: What’s new for IT pros – Windows IT Pro Blog (microsoft.com)
Windows LAPS Account Management
I will try to focus on a few things, that I find very interesting. The first and probably most awaited feature, is the new Account Management for LAPS. Now you can create your LAPS User Account directly via Policy from e.g. Intune without needing to either rely on custom PowerShell scripts or the Windows Account creation CSP, which required to set an initial fix password in order to create the account. This was available for Windows Insiders for a while, now we can finally use it in production devices. You can configure these policies using the LAPS CSP:LAPS CSP | Microsoft Learn
Rudy Ooms has covered this a while ago, when it still was an Insider only feature, so if you are interested in how it works, check out his blog post: Windows LAPS | Automatic Account Management | Passphrase (call4cloud.nl)
Sudo
Starting in Windows 11 24H2, we now have a sudo command available to get on-demand admin rights, similar to what we know in Linux. To test sudo, we need to enable it in the developer settings:
With sudo enabled, we can now easily use functions that require admin rights from a non-elevated session, for example without sudo a manage-bde status would return an error, if ran from an non elevated cmd, even if the logged on user was a member of the administrators group:
With sudo, we now can run this command elevated, while the rest still runs in a non-elevated session:
Before enabling sudo on your clients, read through the security recommendations from Microsoft since depending on your environment, it can create additional risks: Sudo for Windows | Microsoft Learn
Other changes
Beside these two bigger changes, Windows 11 24H2 comes with a lot of smaller changes and improvements like:
- Support for Wi-Fi 7 and SHA3,
- Big improvements to the SMB protocol
- Support for 7z and tar archives
- Install Network / Wi-Fi Drivers during OOBE:
- and a lot more…
One of my personal UI favorites, is the new text labels in the file explorer context menu, making the copy paste, etc. buttons more understandable:
No new Windows version, without some discontinued features, for 24H2 this would be WordPad, which is now no longer part of Windows, Alljoyn but also the Windows Mixed Reality Portal and the support for WMR VR Headsets.
Conclusion
My recommendation is, try it out yourself, you can deploy 24H2 easily using Windows Update for Business or Autopatch directly from Intune, all settings for 24H2 are already available and ready for your testing:
Leave a Reply