Windows 11 24H2 Preview: KB5064081 (26100.5074) SSU + AI Features

Microsoft released an optional Preview update on August 29, 2025 — KB5064081 (delivered as OS Build 26100.5074) — that packages an updated servicing stack plus a broad set of consumer and enterprise-facing changes for Windows 11 (24H2). The package continues Microsoft’s pattern of shipping underlying code in preview builds while enabling higher‑impact features through staged, server‑side rollouts, meaning what appears on any given device depends on feature‑flag gating, hardware eligibility, and licensing entitlements. This update is explicitly preview/validation focused: it is intended for pilot rings and Release Preview/Insider testing rather than immediate broad production deployment.

Background / Overview​

Windows 11 version 24H2’s servicing model has shifted toward combined Servicing Stack Updates (SSU) + cumulative payloads and checkpoint-style delivery to improve reliability and reduce bandwidth impact. KB5064081 follows that pattern: it bundles an updated servicing stack (a persistent component that hardens the update pipeline) together with cumulative fixes and feature bits. Because SSUs are effectively permanent once applied, administrators must treat combined SSU+LCU packages with caution and plan rollback or recovery strategies accordingly.
Microsoft’s Release Preview and Insider notes for the relevant mid‑August through late‑August preview flights make two operational realities clear:

• Many user‑visible features in these preview releases are being delivered as gradual rollouts — code is distributed broadly but features are activated for subsets of devices to manage risk.
• Several generative/AI features are gated by hardware (Copilot+ NPUs) and licensing (Copilot/Microsoft 365 entitlements), so availability will vary across devices and accounts.

What KB5064081 (Build 26100.5074) includes — high‑level summary​

This preview build mixes visible AI-led productivity improvements with a practical set of reliability and enterprise features. The most important shipping themes are:

• AI and productivity integrations surfaced in the shell (Recall, Click to Do, File Explorer AI actions).
• UI and usability polish (reworked permission dialogs, taskbar/search tweaks, Task Manager changes).
• Enterprise readiness and housekeeping (Windows Backup for Organizations, deprecation/removal of PowerShell 2.0, MDM enrollment adjustments).
• A bundled Servicing Stack Update (SSU) alongside the cumulative payload.

Key consumer-facing items called out in the Release Preview commentary and community hands‑ons include:

• Recall: repositioned as a personalized homepage with Recent Snapshots, Top Apps and Websites, and a left navigation bar (Home/Timeline/Feedback/Settings). Snapshot collection remains opt‑in and filterable to limit what is captured.
• Click to Do: an onboarding-first-run tutorial plus expanded local on‑device actions for text and images (summarize text, remove image backgrounds, quick edits). Some actions still require cloud/Copilot integration.
• File Explorer AI: right‑click context menu actions for image edits (Blur Background, Erase Objects, Remove Background, Visual Search) and a Summarize action for documents that integrates with Copilot/Microsoft 365 (Summarize requires a valid Copilot/M365 subscription).
• Permission dialogs: redesigned capability prompts that dim the screen and center consent dialogs to reduce accidental acceptance and improve clarity.
• Taskbar & Search: cosmetic and functional tweaks (larger optional clock in the notification center, grid image view for taskbar search, clearer indexing status).

On the enterprise and platform side the update brings:

• Windows Backup for Organizations: promoted toward general availability as an Intune/Entra‑centric restore capability for user settings and Microsoft Store app lists (does not backup Win32 apps). Requirements and tenant enablement are necessary.
• PowerShell 2.0 removal: Windows 11, version 24H2 begins the removal process for legacy PowerShell 2.0; organizations must inventory and migrate scripts and automation that depend on that engine.
• MDM enrollment reporting change: an enrollment behavior documented in related guidance (KB5065083) means some older devices will report ApplicationVersion as BuildVersion + 1 to indicate restore-capable status — important for MDM servers expecting specific UBR values during OOBE.

Deep dive — AI features, privacy and licensing​

Recall and Snapshot privacy​

Recall’s repositioning turns it into a small‑form personal timeline and resumption surface. It collects snapshots of recent activity and surfaces Top Apps and Websites to help users resume tasks quickly. Important operational notes:

• Opt‑in snapshot saving is required; IT and privacy teams should verify retention and export policy mechanics before enabling at scale.
• Export workflows may include protective controls (for example, export codes) in certain regions; administrators must confirm how snapshots are stored and whether enterprise retention/compliance requirements are met.

File Explorer AI actions and Copilot integration​

File Explorer’s right‑click AI actions are a meaningful step toward integrating generative capabilities into the file management surface. However, two gating factors matter:

• On‑device vs cloud processing: Some image edits and text generation are on‑device, while more advanced summarization integrates with Microsoft 365 Copilot backends and requires a Copilot subscription and appropriate licensing.
• Hardware gating: Certain features are targeted at Copilot+ devices (on‑device NPUs and specific OEM/driver support); non‑Copilot hardware may not receive the same experience.

Administrators should treat these features as capability surfaces with mixed data locality: local processing reduces privacy exposure, but Copilot‑backed functions may transmit content to cloud services under Microsoft’s licensing model. Validate policy decisions and consent flows before enabling in managed environments.

Platform, servicing and management changes​

Servicing Stack Update (SSU) behavior and implications​

KB5064081 includes a Servicing Stack Update alongside the cumulative payload. SSUs are critical to update reliability but are persistent once installed; combined SSU+LCU packages complicate rollback. Recommended operational posture:

• Test the combined package in a pilot ring before broad deployment.
• Ensure recovery media and system images are current before applying preview SSU packages.
• For offline deployments, verify the Microsoft Update Catalog and MSU packaging before building standardized images.

Windows Backup for Organizations — practical limits​

This feature provides tenant-driven backup of user settings and Microsoft Store app lists for Entra‑joined devices managed by Intune. Key constraints:

• It does not back up traditional Win32 MSI/EXE applications.
• Restores require tenant enablement and may be constrained by Conditional Access and Intune policies.
• Test restores in a lab tenant before relying on the feature for large-scale migrations.

PowerShell 2.0 deprecation​

Microsoft has signaled removal of PowerShell 2.0 from Windows images starting with this wave; organizations should:

• Inventory scripts and tools that target PS 2.0 explicitly.
• Migrate to PowerShell 5.1 or PowerShell 7.x where possible.
• If migration is not immediately feasible, isolate legacy workflows in VMs or containers that retain older engines.

MDM enrollment ApplicationVersion +1 behavior​

Related guidance (published in the same August 29 timeframe) explains that during OOBE, certain older devices will present Enrollment requests where the ApplicationVersion is reported as the BuildVersion + 1 to indicate a restore-capable device after the OOBE update path is applied. This affects how MDM servers decide to deliver the restore CSP and is important for Intune and third‑party MDM vendors to avoid mismatches that could leave devices stuck during enrollment. Administrators managing OOBE and Autopilot flows should test enrollment on representative hardware and update MDM logic where necessary.

Accessibility, compatibility and staged rollout — risks and things to watch​

Staged rollouts create variability and test complexity​

The staged, server‑side enablement model reduces risk for Microsoft but creates short‑term heterogeneity: two machines on the same build can show different behaviors. This complicates functional testing (UI automation, screenshot-based tests) and accessibility validation because the presence or absence of a feature can be tied to server flags rather than local build content. Treat these preview builds as test beds, not production candidates.

Accessibility regressions remain a known concern​

Visual theming changes that transition legacy dialogs to dark palettes have delivered immediate user comfort improvements, but early hands‑on reports show:

• Some inconsistent focus indicators and keyboard outlines.
• Occasional buttons or microcomponents still using legacy light assets.
  Those are real accessibility risks. Microsoft’s staged approach is designed to surface and correct such regressions before broad exposure, but organizations and accessibility advocates should actively test with screen readers, high‑contrast modes, and keyboard workflows and file Feedback Hub reports for any regressions.

Compatibility with automation and third‑party tooling​

Because many legacy dialogs are used by UI automation tools, test automation suites and RPA workflows may break or produce inconsistent results when the theming or control-level metrics change. Update selector strategies and include both themed and unthemed scenarios in test matrices.

Practical deployment guidance — prioritized checklist​

This section gives a practical, prioritized plan for IT teams preparing to pilot KB5064081 or similar preview updates.

• Inventory and risk assessment
• Audit PowerShell dependencies and legacy scripts calling PS 2.0; schedule migrations or isolate legacy tasks in VMs.
• Pilot & test rings
• Deploy to a small, representative pilot group (diverse hardware, especially include Copilot+ and non‑Copilot devices).
• Verify OOBE/Autopilot flows and MDM enrollment behavior, watching for the ApplicationVersion +1 pattern.
• Backup and recovery readiness
• Ensure recent system images and WinRE media are available. Because SSUs are persistent, maintain recovery paths if rollback is needed.
• Privacy & compliance validation
• Test Recall snapshot exports and retention behavior in a lab tenant.
• Confirm whether any Copilot/Microsoft 365 integrations transmit content to cloud backends and ensure that aligns with data governance policies.
• Automation & accessibility validation
• Run UI automation, keyboard navigation, and screen reader tests on updated machines to catch regressions introduced by theming or control changes.
• Communication & training
• Notify helpdesk staff about cosmetic changes (darkened file dialogs), potential Copilot gating, and MDM enrollment quirks so they can triage user reports quickly.
• Monitor telemetry and feedback
• Use Feedback Hub reports, Insider forums, and telemetry to watch for regressions; hold off mass deployment until test metrics meet organizational thresholds.

Troubleshooting and rollback considerations​

• If installation fails or the system won’t boot after applying the preview update, use WinRE recovery media or restore from a previously created system image. Administrators should maintain tested recovery procedures before applying preview SSUs.
• For File Explorer crashes or context-menu issues after installation, disable third‑party shell extensions (using tools like ShellExView in test rings), test with a clean user profile, and report reproducible issues via Feedback Hub.
• If MDM/OOBE enrollment stalls, verify enrollment logs for the ApplicationVersion/BuildVersion mismatch and consult MDM vendor guidance for handling the +1 ApplicationVersion marker that identifies restore‑capable devices.

Notable strengths and real user benefits​

• Polish and user comfort: The visible extension of Dark Mode into legacy file‑operation dialogs removes a jarring daily UI mismatch and reduces eye strain for users who work in low‑light environments. Early hands‑on testers describe the change as a marked improvement in perceived polish.
• Productivity integrations: Copilot and on‑device AI actions in File Explorer and Click to Do make common tasks faster and reduce context switching when they work on-device or within licensed Copilot workflows.
• Enterprise tooling: Windows Backup for Organizations offers a first‑party restore path for Intune/Entra tenants to speed device refreshes and onboarding (with clear limitations), and PowerShell removal reduces the platform’s legacy attack surface when migrations are complete.

Risks, caveats and items requiring caution​

• Staged enablement confusion: Admins and testers must not assume feature parity across identical builds; server-side gating means experiences may differ, complicating validation and user expectations.
• Accessibility regressions: Incomplete theming or missing focus indicators are real accessibility risks that must be validated and reported promptly.
• Licensing and data flow: Some AI capabilities require Copilot/Microsoft 365 licensing and may route data to cloud services; organizations must validate compliance and contractual implications before enabling.
• Rollback complexity due to SSU: The inclusion of an SSU in the package makes rollback more delicate; maintain recovery images and test rollback procedures before broad deployment.

---

Conclusion​

KB5064081 (OS Build 26100.5074) is a pragmatic, pilot‑oriented preview that brings together meaningful UI polish, early-stage AI integration, and enterprise housekeeping. It signals Microsoft’s ongoing push to weave generative features into daily Windows workflows while proceeding cautiously through staged enablement and telemetry‑driven expansion. For end users the most visible win is a more consistent Dark Mode experience in frequent file dialogs; for IT professionals the update is a reminder to accelerate PowerShell migrations, validate MDM OOBE enrollment logic, and confirm recovery readiness before larger rollouts.
Treat this preview as a testing and validation milestone: pilot widely, validate accessibility and automation, confirm privacy/compliance for AI flows, and prepare recovery plans for SSU‑involved packages. The underlying engineering approach — ship the code broadly, but toggle features gradually — gives Microsoft flexibility to iterate quickly while limiting risk, but it also places the onus on administrators and testers to verify behavior across their device fleet and to plan remediation where legacy dependencies remain.

---

Source: Microsoft Support August 29, 2025—KB5064081 (OS Build 26100.5074) Preview - Microsoft Support