Windows Insider Canary Channel

Started by Corrine, March 08, 2023, 08:02:39 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Corrine

Build 25387.1200 is now available. This update does not include new content and is designed to test the servicing pipeline. Again, no blog post.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

via Twitter, Build 25393 is available for the Canary Channel with no blog post.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

Announcing Windows 11 Insider Preview Build 25905

Starting with today's build, Windows Insiders in the Canary Channel will notice that the name of the branch shown in the desktop watermark has changed back to RS_PRERELEASE. As a result of this change, Insiders will notice that some features that were previously removed temporarily with the switch over to ZN_RELEASE have now returned – in addition to some new features mentioned below.

What's new in Build 25905

New features from the Dev Channel
This build includes new features from the Dev Channel, such as Dev Drive, Backup and Restore improvements (Windows Backup), Dynamic Lighting, the Windows App SDK version of File Explorer and Gallery, and more.

Rust in the Windows Kernel
Rust offers advantages in reliability and security over traditional programs written in C/C++.  This preview shipped with an early implementation of critical kernel features in safe Rust. Specifically, win32kbase_rs.sys contains a new implementation of GDI region. While this is a small trial, we will continue to increase the usage of Rust in the kernel. Stay tuned!

[We are beginning to roll this out, so the experience isn't available to all Insiders in the Canary Channel just yet as we plan to monitor feedback and see how it lands before pushing it out to everyone.] 

Arm32 UWP App deprecation
Starting in this Insider Preview build in the Canary Channel, we have removed support for Arm32 UWP applications from Windows on Arm, as documented here: Windows 11 Specs and System Requirements. After the OS upgrade, any installed Arm32 applications will no longer launch on your device. Note that this does not affect Arm64 applications.

  • During setup, you will see a message with a list of applications that are currently Arm32 installed on the system.
  • In many cases, the list of impacted applications will be reduced by manually forcing the Microsoft Store to install any pending application updates prior to the OS upgrade. To do this, launch the Microsoft Store application, choose "library", then click on the "Get Updates" button.
  • After the OS upgrade is complete, to fix any Arm32 applications, you will need to manually uninstall then reinstall those applications from the Microsoft Store. By doing so, you will install a compatible version that will run on your device.

New PostAuthenticationAction support for terminating individual processes in Windows LAPS
Thank you everyone who gave us feedback on the new Windows Local Administrator Password Solution feature which we shipped a few months ago. Several customers pointed out that the new Post Authentication Actions feature (PAA) only handled termination of interactive logon sessions. This meant that PAA was not able to terminate specific individual processes that were launched in an OTS (over-the-shoulder) elevation scenario, for example using runas.exe. We are announcing an improvement with this build that addresses this feedback on that limitation. A new option has been added to the PostAuthenticationActions Group Policy in this Insider Preview build:

The new option is described as "Reset the password, logoff the managed account, and terminate any remaining processes". This new option is basically a superset of the previous "Reset the password and logoff the managed account" option. When the new setting is configured, PAA will first notify and then terminate any interactive logon sessions, followed by enumerating and terminating any remaining processes that are still running under the Windows LAPS-managed local account identity. No notification precedes this termination.

In addition, we've greatly expanded the event logging messages that are emitted during post-authentication-action execution, to give you deeper insights into exactly what was done during the operation.

Note: "Reset the password and logoff the managed account" remains the default PAA action.

Please try out this new feature and let us know what you think here on the Windows LAPS feedback page.

Changes and Improvements

[Emoji]
  • With the update of our color font format to COLRv1, Windows is now able to display richer emoji with a 3D like appearance with support coming soon to some apps and browsers. These emoji use gradients to bring the design style that our customers have been asking for. The new emoji will bring more expression to your communications.
[Zune]
  • In celebration of Marvel Studio's Guardians of the Galaxy Volume 3, we temporarily re-launched Zune.net last month. We also took the opportunity to fix an issue that was causing some challenges in getting the original Zune drivers to install in Windows 11 with this build in the Canary Channel. So now it should be easier to use your (totally unsupported and still discontinued) Zune on Windows 11. Over time, the fix will make its way through the Insider Channels and eventually to all Windows 11 customers. For fun, check out how Scott Hanselman brought a few Zunes back to life.
Microsoft Store Update
Windows Insiders in all channels running version 22306.1401.x.x of the Microsoft Store and higher will see the following improvements rolling out:

More pricing information: To help you with your purchase decisions, you'll now see information about the lowest price products have dropped to in the past 30 days.

Introducing AI Hub: Explore a new curated section in the Microsoft Store where we will promote the best AI experiences built by the developer community and Microsoft. This is a space where we will educate customers on how to start and expand their AI journey, inspiring them to use AI in everyday ways to boost productivity, spark creativity and so much more.

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Microsoft Store.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

Via Twitter: Windows Insider Program on Twitter: "We made some additions and tweaks to the flight blog post for Build 25905. ^BLB"

SMB Updates [Added 7/13]
Beginning with Build 25905 for the Pro and Education editions of Windows 11, SMB signing is now required by default for all connections. This the same behavior change first added in Build 25381 for the Enterprise editions. This changes legacy behavior, where Windows 10 and 11 required SMB signing by default only when connecting to shares named SYSVOL and NETLOGON and where Active Directory domain controllers required SMB signing when any client connected to them. This is part of a campaign to improve the security of Windows and Windows Server for the modern landscape.

For more information on this change, visit https://aka.ms/SMBSigningOBD

Recover your PC from Windows Update [Added 7/13]

A new Windows Update recovery feature in this build under Settings > System > Recovery and "Fix Problems using Windows Update". On eligible Insider Channels such as the Canary Channel today, this feature will download and install a repair version of the OS. This operation reinstalls the OS that you have and will not remove any files, settings, or apps. The repair content is displayed on the Windows Update Settings page with the title appended with "(repair version)". This capability can be useful in many instances but is intended to be used for keeping the device secure and up to date. Devices may need to complete in progress updates prior to this process taking effect.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

Announcing Windows 11 Insider Preview Build 25915

What's new in Build 25915

New features from the Dev Channel

This build includes new features from the Dev Channel, such as modernized File Explorer Home, Address Bar, and Details Pane, passwordless improvements (passkey), never combined mode on the taskbar, and more.

The New Outlook for Windows is now an inbox app
Starting with this build, the new Outlook for Windows Preview is now an inbox app. With the new Outlook for Windows, you can connect work and personal emails, calendars, and contacts in one secure place. Learn about the new Outlook for Windows here and the most recent set of updates for Insiders here. You can click here to learn more about the future of Mail and Calendar in Windows.

Changes and Improvements

[Graphics]
  • We have improved refresh rate logic to allow different refresh rates on different monitors, depending on the refresh rate for each monitor and content shown on the screen. This will help most with refresh rate-dependent multitasking, like playing a game and watching a video at the same time.
  • While a Dynamic Refresh Rate (DRR) is selected and Battery saver is also enabled, Windows will remain at the lower refresh rate and not switch to the higher rate until after Battery saver is disabled.
Fixes for known issues
  • The issue that resulted in some Windows Insiders in the Canary Channel on ASUS devices or PCs with ASUS motherboards has been resolved and these Insiders should receive this flight.
  • Ethernet-connected devices will no longer lose network connectivity after updating to this build.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

Announcing Windows 11 Insider Preview Build 25921

What's new in Build 25921

HDR Background Support
You can now set JXR files to be your desktop background and if you have an HDR display, they will render in full HDR.

First – make sure your device has an HDR display or is connected to a HDR display that supports HDR. You can check this by going to Settings > System > Display and checking the HDR toggle.

Next, download an HDR .JXR file to your device. Then right-click on your desktop, choose "Personalize" and then "Background", and under "Personalize your background" – go and select the .JXR file you downloaded to your device.

You can download example .JXR files here to try this experience out on your HDR-capable device/display.

The background should load on your display. If you have multiple displays attached to your device, the background will show as HDR or SDR depending on each display's capabilities. When using external displays attached to your device, we recommend running the HDR Calibration app for best picture quality. Please note that for this build, there may be some issues with the HDR version of the desktop background not correctly display on some laptops with HDR.

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Desktop Environment > Background and Wallpaper.

Rich thumbnail previews (tooltips) for cloud files on Start
For people logged into a Windows 11 Pro or Enterprise editions with an AAD account ( soon to be Microsoft Entra ID), we are providing a richer thumbnail preview (tooltips) when hovering over cloud files such as Word documents under Recommended on the Start menu. For this initial release, richer thumbnail previews will not be available for all files and a later update will enable the experience for more files and for MSA users. Additionally, when right-clicking on cloud file recommendations, there is now an option to quickly share these files.

What will appear only for people logged with an AAD account currently are the richer thumbnail previews for cloud files if available such as Word documents. People who are logged in with an AAD account will see richer thumbnail previews for cloud files.

People who are logged in with a local account or MSA will see this experience when hovering over files (cloud files and local files) under Recommended on the Start menu:



However, what is currently a bug is that for files that do not have rich thumbnail previews that can be provided, it should not be showing the preview area (where the thumbnail preview would be).

NOTE: This feature previously rolled out to the Dev Channel with this flight and to the Beta Channel with this flight. We adjusted the text in both those blog posts based on feedback from Insiders.

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Desktop Environment > Start menu.

Changes and Improvements

[General]
  • Cortana can be uninstalled in this build. For more on the end of support for Cortana, click here.
[Taskbar & System Tray]
  • Beginning to roll out with this build, Chat is now Microsoft Teams – Free. Microsoft Teams – Free is pinned by default to the taskbar and can be unpinned like other apps on the taskbar. Windows Insiders who click to launch Teams will discover a mini communications experience making it possible to chat, call, and meet with their people within just a click or two. Not only does its compact size make it easy to place the window anywhere on desktop, but you can passively keep tabs on your conversations with the ability to have it visible as they browse the web or connect with your communities.  Phone Link integration is coming soon to Microsoft Teams (free) as well.
[Task View & Desktops]
  • When navigating between desktops in Task View (WIN + CTRL + left or right arrows), labels will be shown. New sliding animations will also show when you change your desktops using trackpad gestures, touch gestures, hotkeys and by clicking on the Task View flyout.
[Networking]
  • A new asynchronous error-handling feature in the DHCP client service will allow for faster response time for some runs of ipconfig /renew on the Windows command line. Improvements will vary depending on system and network conditions, but ideal cases will improve from ~4.1 seconds to ~0.1 seconds per run.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

Announcing Windows 11 Insider Preview Build 25926

What's new in Build 25926

New features from the Dev Channel

This build includes new features from the Dev Channel, such improvements for Windows Ink, improved screen casting experience, local file sharing improvements (was available in last week's Canary Channel flight), and more.

Changes and Improvements

[Taskbar & System Tray]
  • Notifications will now show as a bell in the system tray and when new notifications come through, the bell will colorize based on your system accent color. When there are no notifications and the clock is visible, the bell will be empty. Notification counts are no longer shown.
[Graphics]
  • Starting with Build 25921, we have added options for tuning intensity and color boost to the color filters via Settings > Accessibility > Color Filters. Please note there is an issue in which the labels for the sliders are missing. The first slider is for "Intensity" and the second slider is for "Color Boost". The labels will appear as expected in a future flight.

Fixes for known issues

  • We fixed the issue causing devices with mobile broadband connectivity to not be able connect to a wireless network due to an issue in which the APN configuration may get lost on upgrade with Build 25921.

Snipping Tool Update
We are beginning to roll out an update to Snipping Tool (version 11.2306.43.0 and higher) to Windows Insiders in the Canary and Dev Channels. This update introduces new buttons to edit in Paint for screenshots and edit in Clipchamp for screen recordings.

FEEDBACK: Please file feedback in Feedback Hub by clicking here.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

Announcing Windows 11 Insider Preview Build 25931 (Canary Channel)

QuoteREMINDER: As builds released to the Canary Channel are "hot off the presses," we will offer limited documentation for builds flighted to the Canary Channel including documenting only the most significant and highly impactful known issues. Please note that we will not publish a blog post for every flight – only when new features are available in a build.

What's new in Build 25931

New features from the Dev Channel
This build includes new features from the Dev Channel such as Unicode Emoji 15 support, voice access is available to use on more areas in Windows such as the Lock screen, and more.

DC location will no longer use NetBIOS\WINS\mailslot-based discovery by default
We have previously announced the deprecation of both Windows Internet Name Service (WINS) and Remote Mailslots (see this blog post here for information on Remote Mailslots). These deprecations are legacy technologies that are no longer secure in today's environments. As part of these deprecations, DC location in your environment may be affected mainly because many legacy applications still specify short NetBIOS-style domain names when trying to locate a domain controller (DC). To help ease this transition with these deprecations, we are making two improvements to the DC locator algorithm in Windows.

First, we are blocking by default the use of NetBIOS\WINS\mailslot-based methods for DC-discovery. This behavior can be reverted with the use of a new Group Policy setting (BlockNetBIOSDiscovery). In addition to disabling the new BlockNetBIOSDiscovery policy, reversion to default behavior also requires enabling the EnableMailslots SMB configuration option. (You can query and set the EnableMailslots setting using the Get-SmbClientConfiguration and Set-SmbClientConfiguration PowerShell cmdlets.)

PLEASE NOTE: Reversion should be considered only as a temporary measure while more viable, longer-term solutions are explored.

Second, we have added additional client-side logic to aid in the mapping of short NetBIOS-style domain names to DNS domain names. This improvement consists of two parts:
  • DC locator will now automatically download additional information about the child domains in trusting forests and use that information as part of the discovery algorithm.
  • As a last-resort fallback, and to accommodate unforeseen situations, forest administrators can manually configure a set of DNS-to-NetBIOS-domain-name mappings (using the Active Directory Domains and Trusts management snap-in) which are also downloaded and used by DC Locator during discovery.
Additional information is available here for DC locator changes.

Changes and Improvements

[General]
  • Insider Preview Build Expiration: The expiration date for Insider Preview builds flighted to the Canary Channel has been updated to 9/15/2024 starting with Build 25931. Please make sure you are updated to the latest build in the Canary Channel.
  • In addition to the Camera app and Cortana, the Photos app, People app, and Remote Desktop (MSTSC) client can be uninstalled.
[File Explorer]
  • Added more fields to show in the Details pane, including image dimensions for pictures, number of pages for .docx, space used and free information for drives, and many others.
[Dynamic Lighting]
  • You can now instantly sync your Windows accent color with the devices around you with the "Match my Windows accent color" toggle under "Effects" for Dynamic Lighting via Settings > Personalization > Dynamic Lighting.
[Windows Spotlight]
  • After doing an OS update, in certain cases such as using the default Windows 11 background or a solid color – Windows Spotlight may be enabled for you. If you decide you don't want Windows Spotlight enabled, you can turn it off and in future OS updates it should not be enabled for you again unless you choose to re-enable the experience.

Fixes for known issues
  • We fixed a major issue where you could no longer connect over SMB to a third-party storage device using guest (no username or password) credentials.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

Announcing Windows 11 Insider Preview Build 25931 (Canary Channel)

Cumulative Update Build 25931.1010 (KB5030120) does not include anything new. It is designed to test the servicing pipeline for builds in the Canary Channel.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

Announcing Windows 11 Insider Preview Build 25936 (Canary Channel)

What's new in Build 25936

Post-OOBE Experiences
We are trying out several new experiences for after completing OOBE ("out of box experience") starting with this build. You may see one of these three experiences launched automatically on your device after completing OOBE.

  • If you choose 'Development Intent' within the 'Let's Customize Your Experience' page during OOBE, Dev Home will be automatically launched on your device after logging in and reaching the desktop for the first time after OOBE setup.
  • If you choose 'Development Intent' within the 'Let's Customize Your Experience' page during OOBE, the Get Started app will be automatically launched on your device after logging in and reaching the desktop for the first time after OOBE setup. The Get Started app will show you a personalized flow that will help you learn more about Dev Home and give you the opportunity to open Dev Home.
  • If you choose to 'Restore' your device during OOBE, the Get Started app will be automatically launched on your device after you log into your device for the second time after completing OOBE. The Get Started app will show you a personalized flow that will help you learn about key apps and settings, tell you that Windows has restored on your device and show you how to access your restored apps on Start menu or taskbar.
These experiences will help you learn about new features in Windows 11 and help you complete your device setup. These experiences will only be available to a small subset of Insiders in the Canary Channel at first and you may see different variations of these experiences.

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Install and Update > Initial out of box setup.

Changes and Improvements

[General]
  • [REMINDER] Insider Preview Build Expiration: The expiration date for Insider Preview builds flighted to the Canary Channel has been updated to 9/15/2024 starting with Build 25931. Please make sure you are updated to the latest build in the Canary Channel.
[Dynamic Lighting]
  • We have added the ability to choose a custom color to light up your devices with.
[Task Manager]
  • We've updated the Task Manager settings page to match the design principles of Windows 11. The design has a similar look and feel to the Settings in Windows 11 and provides a cleaner UI separating categories into different sections.
[Settings]
  • The end task feature under System > For Developers no longer requires Developer Mode to be enabled first before it can be used.

Fixes for known issues
  • Fixed the underlying crash which was causing .NET updates to get stuck requesting restart in Windows Update Settings in recent Canary Channel builds.
  • Fixed a few issues which were causing the End Task option in the taskbar to not work, or to close more than just the app you had selected.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

Announcing Windows 11 Insider Preview Build 25941 (Canary Channel)

Changes and Improvements

[Graphics]
  • In this Insider Preview build, you may notice that there have been some changes in the advanced display settings page via Settings > System > Display > Advanced display. Dynamic refresh rate can now be enabled via a toggle. After being enabled, Windows will then dynamically adjust the refresh rate up to the selected rate to help save power. Click here for more information on Dynamic refresh rate.
  • Additionally, we've made small changes to help bring awareness to limitations (related to the display or the cable being used) that may not allow you to set a high refresh rate while being on a high display resolution. When selecting a refresh rate, you may notice some refresh rates will show an asterisk. That means that in order to select that specific refresh rate, the display resolution will need to be changed to one that supports the selected refresh rate. This behavior happens when there are limitations due to the cable or the display's capabilities and is not new, but we wanted to make sure you were aware of it.
[Cast]
  • Building off the Cast improvements introduced with Build 25926, we have updated the Cast flyout in Quick Settings with additional support for you in case you face any trouble discovering nearby displays, fixing connections, and more.
[Settings]
  • The graph at the top of the Power & Battery page in Settings has been removed. Insiders can continue to see a graph of battery usage in the battery usage section further down the page. The Power & battery settings page is also no longer broken up by "Power" and "Battery" sections.

Fixes for known issues
  • Fixed issues impacting the File Explorer context menu and command bar dropdowns, causing them to become transparent, and not work with touch.
  • Fixed issues impacting File Explorer launch reliability.
  • Fixed issues causing the Japanese and Chinese IMEs to not work properly in certain apps, and to not work correctly in the File Explorer search box.
  • Fixed an issue causing Settings to crash when looking at detailed battery usage.
  • The new options for tuning intensity and color boost of Color Filters now have labels.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

New Updates for Snipping Tool and Notepad for Windows Insiders

Updates for Snipping Tool and Notepad to Windows Insiders in the Canary and Dev channels on Windows 11.

Snipping Tool (version 11.2307.44.0)
With this update to Snipping Tool, we are introducing the combined capture bar, making it easier to switch between capturing screenshots and screen recordings without having to open the app. Use the Print Screen or Win + Shift + S keyboard shortcuts to open the capture bar for snipping, where you will continue to find the familiar snipping modes or try the new Win + Shift + R keyboard shortcut to open the capture bar for recording.

We are also improving the screen recording experience based on your feedback by introducing support for optionally recording your PC audio and voice overs using a microphone. New app settings let you configure the default audio recording settings for new screen recordings, and if you have multiple recording devices, you can select your preferred recording device before you start recording.

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Apps > Snipping Tool.

Notepad (version 11.2307.22.0)
With this update, Notepad will start automatically saving your session state allowing you to close Notepad without any interrupting dialogs and then pick up where you left off when you return. Notepad will automatically restore previously open tabs as well as unsaved content and edits across those open tabs. Saved session state does not impact any of your files, though, and it is still your choice whether to save or discard unsaved changes to files anytime you close a tab. You can turn this feature off in app settings if you would prefer to have a fresh start every time you open Notepad.

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Apps > Notepad.

[PLEASE NOTE: We are beginning to roll these experiences out, so they may not be available to all Insiders in the Canary and Dev Channels just yet as we plan to monitor feedback and see how it lands before pushing it out to everyone.]


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

Announcing Windows 11 Insider Preview Build 25947 (Canary Channel)

Fixes for known issues
  • Fixed a high hitting ctfmon.exe crash in recent flights, which may have impacted the ability to type for some Insiders.
  • Fixed a few issues impacting explorer.exe reliability, including fixing an issue which could cause File Explorer to crash when navigating to Gallery.
  • Fixed an issue which was causing explorer.exe to not work in safe mode.
  • Did some work to help improve the performance when switching between different pages in Task Manager.
  • Fixed the issue causing some Insiders to see an unexpected pop up asking you to "Select an app to open this 'ms-screenclip' link" after the latest Snipping Tool app update.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

Background Removal in Paint begins rolling out to Windows Insiders

Today we are beginning to roll out an update for the Paint app to Windows Insiders in the Canary and Dev Channels (version 11.2306.30.0). With this update, we are introducing background removal! With background removal, you can now remove the background of any image automatically in just one click leaving a smooth cutout of the subject. Background removal can detect the subject from the entire canvas or from a selection using the selection tool.

To get started, paste or import content onto the canvas and click on the new remove background button in the toolbar to remove the background on your entire image. You can also use the rectangle select to specify an area that you want to remove the background on.

As always, we love getting feedback from the community and we will be looking out for your thoughts and suggestions on this update!

Please note that an earlier version of this update (version 11.2306.28.0) went live earlier today and includes a bug where a confidentality banner is shown. The newer update (version 11.2306.30.0) will correct the issue.

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Apps > Paint.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

Announcing Windows 11 Insider Preview Build 25951 (Canary Channel)

What's new in Build 25951

SMB NTLM Blocking
Starting with this build (Build 25951), the SMB client now supports blocking NTLM for remote outbound connections. This changes legacy behavior, where Windows SPNEGO would negotiate Kerberos, NTLM, and other mechanisms with the destination server to decide on a supported security package. NTLM in this case refers to all versions of the LAN Manager security package: LM, NTLM, and NTLMv2.

With this new option, an administrator can intentionally block Windows from offering NTLM via SMB. An attacker who tricks a user or application into sending NTLM challenge responses to a malicious server will no longer receive any NTLM data and cannot brute force, crack, or pass a password, as they will never be sent over the network. This adds a new level of protection for enterprises without a requirement to entirely disable NTLM usage in the OS. You can configure this option with Group Policy and PowerShell. You can also block the use of NTLM in SMB connections on demand with NET USE and PowerShell.

For more information on configuring and troubleshooting NTLM blocking, review https://aka.ms/SmbNtlmBlock.

SMB Dialect Management
Starting with this build (Build 25951), the SMB server now supports controlling which SMB 2 and 3 dialects it will negotiate. This changes legacy behavior, where Windows SMB always negotiated the highest matched server dialect from SMB 2.0.2 to 3.1.1 clients. Beginning in Windows 10, support was added for controlling SMB client dialects, but not server dialects.

With this new option, an administrator can remove older SMB protocols from usage in the organization, blocking older, less secure, and less capable Windows devices and third parties from connecting.

You can configure this option with Group Policy and PowerShell. Both SMB client and server now include complete management support (previously the client support was only manual registry editing).

For more information on understanding and configuring SMB dialects, review https://aka.ms/SmbDialectManage.

Changes and Improvements

[Lock screen]
  • We've adjusted the network flyout on the Lock screen to better match the UI of the network flyout from quick settings in system tray on the taskbar.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.