KB5079489 Preview for Windows 11 26H1: DISM Order, Copilot+ AI Updates Explained

Microsoft’s KB5079489 preview for Windows 11 version 26H1 arrives as a telling example of where the platform is headed in 2026: more frequent servicing, more AI-specific payloads, and more complexity for anyone who still treats a cumulative update as a simple one-click event. The March 26, 2026 release, which advances systems to OS Build 28000.1764, is not just another patch Tuesday-style refresh. It is also a reminder that Windows servicing now spans classic quality fixes, prerelease tuning, and Copilot+ PC-only AI components that can ride along in the same package but do not apply universally.

Overview​

The clearest story here is not the build number itself, but the way Microsoft is packaging modern Windows maintenance. KB5079489 is explicitly described as a preview update, which means it is aimed at early validation rather than broad, security-driven deployment. That matters because preview updates are increasingly where Microsoft seeds the behavior changes, servicing refinements, and feature-adjacent fixes that may later become part of a broader release cadence.
The update also underscores a practical shift for IT teams: installation order now matters more often. Microsoft says this package contains one or more MSU files that must be installed in a specific sequence, and it offers two methods: install all packages together with DISM so prerequisite MSUs can be discovered automatically, or install each MSU individually in the documented order. That is not unusual in enterprise servicing, but it is a reminder that Windows updates are becoming more modular and more image-aware, especially when administrators are servicing offline media or deployment images.
Another important detail is the AI component note. Microsoft says the latest cumulative update includes AI component updates, but those components are only applicable to Windows Copilot+ PCs and will not install on standard Windows PCs or Windows Server. In practical terms, the package is broader than its effective footprint, which is convenient for Microsoft’s single-update distribution model but can confuse administrators who expect every payload inside an MSU to matter on every device.
The update also fits into a recognizable cadence. Just days earlier, Microsoft released KB5079466 on March 10, 2026, and before that KB5077239 on February 24, 2026, both for Windows 11 version 26H1. That sequence suggests Microsoft is iterating quickly on this branch, using preview releases to tune the platform before changes solidify into the next security update cycle. For organizations that test rings carefully, that tempo is both a benefit and a burden.

Background​

Windows servicing has spent the last several years moving away from the old “big release, long pause” model and toward a continuous innovation approach. Microsoft now routinely distinguishes between security updates, optional non-security previews, out-of-band releases, and servicing stack components, and that taxonomy matters because each class serves a different operational purpose. The result is a more agile platform, but also a more demanding one for enterprises that have to test, stage, and roll back updates across heterogeneous fleets.
The March 26 preview lands against that backdrop. It is not primarily about headline features or consumer-facing splashiness. Instead, it appears to be part of a broader pattern in which Microsoft uses preview releases to stabilize the servicing pipeline, validate package dependencies, and prepare the codebase for whatever becomes the next baseline in production channels. That is especially relevant when an update includes both traditional OS changes and AI-specific payloads tied to Copilot+ hardware.
The Copilot+ dimension is worth pausing on. Microsoft’s support material makes clear that certain AI components are architected specifically for Copilot+ PCs, which are defined by an NPU capable of 40+ TOPS. That means Windows servicing is no longer merely about kernel stability, driver compatibility, and UI behavior; it also increasingly reflects hardware-specific intelligence features that may be present on one class of PC and irrelevant on another.
For consumers, that can feel seamless when it works. For administrators, it means the same KB can behave differently depending on device type, image type, and deployment method. That asymmetry is now a defining trait of Windows update management. It is one reason Microsoft’s documentation repeatedly tells image builders to use matching Dynamic Update packages for the same month whenever possible, and to fall back only to the most recently published version when a same-month package is unavailable.

What KB5079489 Changes​

At the highest level, KB5079489 is a preview cumulative update for Windows 11 version 26H1, advancing the branch to OS Build 28000.1764. Microsoft’s public note emphasizes the package structure and installation method more than the user-visible change log, which suggests the release is at least partly about servicing plumbing rather than a marquee consumer feature. That does not make it insignificant; on the contrary, these are often the updates that reveal where Microsoft is tightening the platform before the next stable phase.
The most operationally important detail is that the update package may contain prerequisite MSUs. Microsoft’s instructions say administrators can either install all the MSU files together in one folder and let DISM discover dependencies, or install each file individually in the correct order. In enterprise environments, that distinction matters because a deployment pipeline that assumes a single-file update can fail silently, or at least fail inconsistently, when prerequisite packages are not staged correctly.

Installation methods​

Microsoft’s guidance effectively offers a choice between automation and precision. Method 1 is the safer bet for most administrators because DISM can resolve prerequisite relationships when all relevant MSUs are present in one folder. Method 2 is for teams that want explicit sequencing, perhaps when integrating updates into a gold image or troubleshooting why a prerequisite did not install as expected.
That approach reflects a broader shift in Windows deployment. The OS is increasingly delivered as a set of layered components rather than a monolithic installer, and the servicing experience now rewards admins who understand package dependency chains. For a home user, that complexity is mostly hidden. For an IT shop, it becomes part of the daily reality of keeping fleets current.

• Method 1 is best for bulk deployment with prerequisite discovery.
• Method 2 is better when you need explicit package ordering.
• DISM remains the canonical tool for offline and online servicing.
• Windows Update Standalone Installer is still supported, but it is not always the most robust option for complex package chains.

Why the order matters​

The reason Microsoft is insistent about order is simple: cumulative updates increasingly bundle multiple servicing elements that are not equally applicable across all systems. If a prerequisite MSU is missing, the target package may not stage correctly, or it may stage but leave you with an incomplete servicing state. That is an avoidable class of problem, but only if deployment teams read the fine print.
This also hints at why preview releases are valuable to Microsoft. They expose packaging issues before those issues can metastasize into broad rollout failures. In other words, KB5079489 is not just an update; it is part of Microsoft’s test harness for the Windows update ecosystem itself.

AI Components and Copilot+ PCs​

Microsoft’s note that the update includes AI component updates but that those components apply only to Windows Copilot+ PCs is one of the most important lines in the release. It confirms that Windows is now shipping updates that are meant to coexist with a common servicing channel while targeting a narrow subset of devices at install time. That is a clever distribution strategy, but it also makes update management less intuitive for mixed estates.
The Copilot+ PC category is not just marketing language. Microsoft defines it by the presence of a sufficiently capable NPU, and its own support material distinguishes Copilot+ devices from standard Windows 11 PCs in terms of what AI experiences they can run. In practice, that means some update content is increasingly shaped by hardware eligibility rather than by a universal OS baseline.

What this means for IT admins​

For endpoint managers, the biggest challenge is visibility. A single update bulletin may contain payloads relevant to only a subset of the fleet, which complicates compliance reporting and image planning. It also increases the risk that teams misinterpret the presence of a component in the package as a sign it will install everywhere.
A sensible response is to segment testing by hardware class. Copilot+ laptops, standard business notebooks, and Windows Server images should be validated as separate servicing tracks, even if they all share the same KB umbrella. That is not overkill; it is now basic hygiene. One package name no longer guarantees one behavior profile.

What this means for consumers​

For consumers, the good news is that most of this complexity remains behind the curtain. If you are on a Copilot+ PC, the update may improve AI-related capabilities without requiring separate manual intervention. If you are not, the AI payloads should simply not install, which keeps the update from polluting non-eligible systems with irrelevant components.
The downside is opacity. Many users still have no clear sense of whether a device is Copilot+ eligible, what an NPU does, or why one Windows 11 update contains both general OS changes and machine-specific AI files. Microsoft has done a lot to normalize Copilot branding, but the servicing architecture behind it is still something only power users and administrators are likely to understand fully.

• Copilot+ updates are increasingly hardware-specific.
• Standard Windows PCs may receive the same KB without the AI payloads.
• The servicing model is becoming more layered and less transparent.
• Mixed-device fleets need more careful update validation than before.

Preview Releases and the Windows 11 26H1 Cadence​

KB5079489 should be read in the context of a rapid sequence of Windows 11 26H1 updates. Microsoft released KB5077239 on February 24, 2026, and KB5079466 on March 10, 2026, both as part of the same branch. When preview updates appear at that pace, the message is that Microsoft is actively shaping the branch in near real time rather than letting it sit untouched between larger milestones.
That cadence is valuable because it gives organizations a chance to catch issues earlier. It is also a warning that waiting until the next mandatory security release may no longer be the safest way to validate the OS. The better strategy is to treat preview builds as an early signal of what the production servicing path will eventually look like.

The enterprise value of previews​

Enterprise IT teams often dislike preview updates because they create extra testing work. That reaction is understandable, but previews can actually reduce risk when they are used properly. They provide an advance look at package composition, compatibility, and deployment behavior, which can prevent more disruptive surprises later in the month or quarter.
The trick is discipline. Preview updates should be staged in rings, monitored closely, and rolled out to a small but representative population before they touch production environments. That is especially true when the update may include both conventional OS fixes and AI-adjacent components that behave differently on different hardware.

The consumer angle​

For consumers, preview releases are mostly invisible unless they opt in through Windows Update settings or use an environment that pulls them in automatically. Still, the existence of a preview update tells you something about Microsoft’s priorities: the company wants to shape the platform ahead of the next security cycle, not after it. That is a subtle but important difference.

• Preview releases surface issues before they become mandatory.
• They help Microsoft validate package layering and dependency chains.
• They demand better staging discipline from enterprises.
• They rarely matter to everyday users unless a bug affects them directly.

Installation and Servicing Strategy​

Microsoft’s support note is unusually focused on mechanics, and that tells us something about the update. The company wants administrators to understand not just that KB5079489 exists, but how it should be serviced in online and offline scenarios. That includes direct installation on a running PC, integration into mounted images, and use on deployment media.
This is increasingly important because many Windows deployments are no longer live, interactive installs. They are images, task sequences, golden templates, and provisioning pipelines. A preview update that offers specific guidance for both running systems and installation media is therefore more practical than it may first appear.

DISM versus WUSA​

DISM remains the more flexible tool for modern servicing because it can operate against live systems and offline images, and it can be pointed at a package folder to discover dependencies. WUSA is still supported, but Microsoft’s guidance implies that it is not always the best fit when multiple MSUs or prerequisite relationships are involved. That distinction is small on paper and huge in production.
The main takeaway is straightforward: if you are servicing anything beyond a single laptop, you should assume there may be dependency logic at work. That is especially true when deploying to mixed environments with differing chipset support, AI eligibility, or baseline OS states. Simple installation assumptions are now a liability.

Offline images and Dynamic Update​

The update also touches on Dynamic Update for Windows installation media, which is a reminder that Microsoft wants setup media to stay current with the same month’s servicing components where possible. If the same-month SafeOS or Setup Dynamic Update is unavailable, Microsoft says to use the most recently published version. That guidance is pragmatic, but it also shows how much Windows installation now depends on keeping multiple moving parts aligned.
For system builders and imaging teams, that means update planning has to include more than the LCU itself. It also means tracking which month’s setup and SafeOS packages were used, because mismatches can create subtle deployment issues that are hard to diagnose after the fact.

• Online servicing is easiest through DISM with the package folder staged.
• Offline image servicing requires careful mount and package targeting.
• Dynamic Update should be aligned by month whenever possible.
• Imaging teams need more documentation than casual users do.

Competitive Implications​

KB5079489 may look like a narrow Microsoft maintenance story, but it has broader competitive implications. The tighter Windows becomes around AI-specific servicing, the more it differentiates itself from operating systems that still treat AI features as optional apps rather than as system-level components. That distinction matters in enterprise procurement, where platform integration can be as important as feature novelty.
It also raises the bar for rivals that want to market “AI PCs.” If Microsoft can distribute hardware-specific AI payloads through the same servicing cadence used for the rest of Windows, it creates a powerful integration story. Competitors may be able to match individual features, but matching the distribution, servicing, and lifecycle management story is harder.

Enterprise versus consumer positioning​

For enterprises, the attraction is that AI features can be controlled and validated within a known servicing framework. For consumers, the appeal is more emotional: features show up as part of Windows itself, which makes them feel native and durable rather than bolted on. That dual positioning is one of Microsoft’s strongest strategic advantages.
But there is a flip side. As Windows becomes more feature-rich and hardware-aware, it also becomes harder to explain and support. That may create openings for competitors that market simpler update stories, even if they lack the same depth of integration. Complexity can be a moat, but it can also be friction.

Market effects​

The update cadence also reinforces the idea that modern PCs are increasingly being sold on their ability to receive ongoing intelligence upgrades, not just on CPU and GPU speed. That pushes the market toward more differentiated hardware categories and encourages buyers to pay attention to NPU capability, not merely traditional benchmarks.

• Microsoft strengthens the case for integrated AI servicing.
• Copilot+ hardware gains more strategic importance.
• Competitors must compete on both features and distribution.
• Enterprises may prefer Microsoft’s unified lifecycle management.

Strengths and Opportunities​

The strongest aspect of KB5079489 is that it reflects a mature servicing model: flexible enough to handle offline images, explicit enough to support admins, and modern enough to carry AI-specific updates without breaking the broader Windows update channel. That is not flashy, but it is the kind of operational sophistication that matters most in real deployments.

• Clear servicing options for both online and offline scenarios.
• Dependency-aware installation reduces package-order mistakes.
• Copilot+ AI updates can be delivered without separate workflows.
• Preview status gives IT teams an early look at the next servicing state.
• Dynamic Update guidance helps keep installation media current.
• Modular packaging better supports mixed device fleets.
• One KB, multiple targets simplifies distribution even when payloads vary.

Risks and Concerns​

The same complexity that makes KB5079489 powerful also creates risk. Administrators who assume all MSUs are interchangeable, or who ignore the note about Copilot+ applicability, may run into failed deployments or misleading compliance results. On the consumer side, the opacity of AI payloads could continue to blur the line between what the update changes and what the device can actually use.

• Package-order mistakes can derail staged deployments.
• Misread applicability may cause confusion in mixed fleets.
• Preview updates can surface regressions before stable validation is complete.
• AI branding may outpace user understanding of hardware requirements.
• Image servicing complexity raises support overhead.
• Copilot+ fragmentation can create inconsistent feature expectations across devices.
• More moving parts means more opportunities for failure if teams skip testing.

Looking Ahead​

KB5079489 is a preview, so the most important question is not whether it exists, but how its lessons feed into the next production-quality cumulative update. If Microsoft’s packaging and AI-component strategy works smoothly here, we should expect to see the same pattern continue: modular updates, Copilot+ gating, and a servicing stack that increasingly treats hardware capability as a first-class variable.
The broader trend is unmistakable. Windows is becoming less like a static operating system that occasionally gets patched, and more like a constantly evolving platform where features, hardware support, and update mechanics are all intertwined. That can be powerful for users and IT teams alike, but only if Microsoft keeps the process understandable and reliable. The next few servicing cycles will tell us whether Windows’ AI era feels elegant or merely complicated.

• Watch for whether KB5079489’s package structure becomes the template for the next security release.
• Monitor whether Copilot+ AI payloads continue to expand within standard cumulative updates.
• Track any deployment issues reported by enterprise admins using DISM or offline images.
• Pay attention to whether Microsoft increases the number of prerequisite MSUs in future releases.
• Observe whether Microsoft’s servicing documentation becomes more explicit as update complexity grows.

In the end, KB5079489 is less about a single build number than about the direction Windows is taking. Microsoft is clearly betting that the future of the platform lies in tightly managed, hardware-aware, AI-infused servicing. If that bet pays off, Windows will feel more intelligent and more responsive; if it doesn’t, update management may become the newest pain point in an already demanding ecosystem.

---

Source: Microsoft Support March 26, 2026—KB5079489 (OS Build 28000.1764) Preview - Microsoft Support