Windows 11 KB5065426 Patch Tuesday: Copilot+ on-device AI, UI polish, and privacy controls

Microsoft’s September Patch Tuesday brings a substantial, feature‑heavy cumulative update to Windows 11—KB5065426—delivering a mix of visible UI polish, staged Copilot+ AI capabilities, privacy controls for on‑device generative features, and a set of bug and security fixes that administrators and enthusiasts will need to treat as more than a routine monthly patch.

Background​

Microsoft packaged KB5065426 as the September cumulative update for Windows 11 and has pushed it to devices running both version 23H2 and 24H2. The payload includes not only conventional security and reliability fixes, but also code and model binaries to support on‑device generative AI features in Copilot and Copilot+ experiences. These capabilities are being staged by Microsoft, meaning the underlying code arrives with the update while feature enablement is rolled out server‑side and tied to device hardware, licensing, and region.
Two practical consequences follow: first, appearance of new UI elements or AI tools will vary between otherwise identical machines; second, the update packages are unusually large because they contain on‑device model data. Administrators should therefore expect nontrivial download and storage requirements when deploying this update broadly.

---

Overview of What’s New​

The update surfaces a long list of user‑facing changes plus platform fixes. Key highlights include:

• Recall: redesigned homepage and improved controls (Copilot+ only).
• Click to Do: first‑run interactive tutorial and improved discoverability (Copilot+ only).
• Agent in Settings: on‑device settings assistant expanded to AMD/Intel Copilot+ PCs (English only).
• Search: grid image results, clearer indexing status, and differentiation between local/cloud files.
• Notification Center: option to show a larger clock with seconds (similar to Windows 10).
• System dialogs: permission prompts now dim the desktop and present modal dialogs for clarity.
• Lock screen widgets: add/remove/rearrange widgets and a new small size option.
• File Explorer: minor visual/context menu changes and AI image/document actions (some gated by Copilot/Microsoft 365 licenses).
• Windows Hello: redesigned sign‑in visuals and flows; tradeoffs between aesthetics and speed reported.
• Generative AI privacy controls: new Settings page listing which third‑party apps used on‑device generative models and controls to restrict access.
• Widgets: multiple dashboards and a left navigation bar for switching views.
• Task Manager: corrected CPU reporting and optional CPU Utility column in Details view.
• Fixes: assorted security and reliability fixes across ReFS, IME, Arm64, and more.

Each of these items is worth unpacking for different audiences—end users, power users, and enterprise administrators—so the remainder of the piece breaks down the technical and operational implications.

---

Technical deep dive​

Copilot+ features and hardware gating​

The most attention‑grabbing items are the Copilot+ features—Recall, Click to Do, Agent in Settings, and File Explorer AI actions. These are being targeted primarily at Copilot+ PCs, which are machines with on‑device NPUs or other hardware designed to accelerate local generative models. Microsoft’s rollout strategy places the client code into the cumulative update while enabling features selectively based on hardware capability, tenant licensing (Copilot/Microsoft 365 entitlements), locale, and staged server flags. That explains variability in who sees what.

• Recall: Now opens to a landing page showing recent snapshots, top apps, and websites with a left navigation bar for Home, Timeline, Feedback, and Settings. Snapshot capture remains opt‑in and local encryption along with Windows Hello gating is used to protect recorded content.
• Click to Do: Gains an interactive tutorial to help users discover text‑and‑image assistant actions (summarize, extract, edit).
• Agent in Settings: The on‑device “agent” that translates plain‑English input into recommended settings is now available on AMD and Intel Copilot+ devices but is limited to English initially.

Operational takeaway: Copilot+ features are powerful for productivity, but their hardware and licensing constraints mean administrators must audit device fleets and entitlement states before assuming universal availability.

On‑device models and update size​

Several independent reports and catalog entries show the update packages include large model payloads, producing cumulative .msu downloads measured in gigabytes—comparable to small Windows ISOs. That is an intentional design: on‑device generative models are shipped in the update so Copilot features can run locally when enabled. Expect increased network transfer and disk usage, and plan for bandwidth‑constrained environments accordingly.

Search, File Explorer and Shell AI actions​

Search now displays image results in a grid view and surfaces indexing status in the UI so users understand why results might be incomplete. File Explorer’s context menu is receiving AI image edits (Blur Background, Remove Background, Erase Objects) and a Summarize action for documents that may call cloud Copilot/Microsoft 365 services when required. Note that some AI actions are gated by Microsoft licensing and hardware eligibility.

Privacy and security controls for generative AI​

A dedicated Text and Image Generation page in Settings (Privacy & security > Text and Image Generation) now lists third‑party apps that recently invoked built‑in generative models, and provides per‑app toggles. This reflects an important privacy control: users and admins can audit and restrict which apps may access on‑device generative features. Nonetheless, the efficacy of these controls depends on enforcement boundaries (OS vs app behavior) and log fidelity—areas that deserve scrutiny.

UI/UX tweaks: Windows Hello, Notification Center, and system dialogs​

A cleaner Windows Hello visual identity has been implemented across sign‑in and passkey flows; however, early reports note the flows can feel slower and more cumbersome despite the improved look. Notification Center can restore a larger clock with seconds, appealing to Windows 10 holdouts and users who prefer a richer date/time flyout. System permission prompts now appear as modal, dimmed dialogs centered over the Desktop to clarify consent—an accessibility and UX improvement for many workflows.

---

Cross‑checked verifications and caveats​

Where possible, multiple independent sources confirm the headlines above: Microsoft’s own Release Preview and update notes describe staged feature enablement, Copilot+ gating, and new privacy controls; independent outlets have validated the UI changes, Task Manager CPU reporting fixes, and large .msu payload sizes. The convergence of these independent reports strengthens confidence that the listed features and operational impacts are accurate.
Caveats and unverifiable items:

• Exact timing for broader enablement of staged features is not publicly guaranteed; Microsoft’s server‑side gates are adjusted using telemetry and rollout policies, so there is no deterministic ETA for when any given machine will see a specific Copilot+ feature. Treat rollout timing as probabilistic and monitor telemetry.
• Reported .msu sizes and payload compositions vary by architecture and catalog entry; size figures are available in catalog listings but can change across releases and bundling decisions—administrators should verify the exact package sizes from the Microsoft Update Catalog for their target architecture before large deployments.

---

Benefits and strengths​

• Improved productivity at the shell level
• On‑device AI actions in File Explorer, Click to Do improvements, and Recall’s task‑resumption UX bring generative capabilities closer to where users work, reducing friction for common tasks such as image edits and document summarization. This can speed workflows for content creators and knowledge workers alike.
• Privacy‑forward controls for generative features
• The new Settings page for Text and Image Generation gives users visibility and control over which third‑party apps invoked on‑device generative models. That’s an important design move for accountability and auditability.
• UX and consistency fixes that matter daily
• Smaller refinements—clock in Notification Center, modal permission dialogs, Task Manager CPU reporting alignment—improve the day‑to‑day coherence of Windows and reduce small annoyances that compound over time.
• On‑device AI reduces cloud dependence
• For scenarios requiring offline operation or improved latency, on‑device generative models are a clear win: features can work without a live cloud connection once models are installed locally. This benefits privacy‑sensitive or bandwidth‑limited contexts.

---

Risks, tradeoffs and operational concerns​

• Large update payloads: bandwidth and disk impact
• The inclusion of model binaries increases update sizes dramatically. Enterprises with limited WAN capacity or metered connections will face increased transfer costs and longer maintenance windows. Staggered downloads, peer caching, and use of the Microsoft Update Catalog or Windows Server Update Services (WSUS) mitigations should be planned.
• Feature gating complexity and support burden
• Server‑side gating leads to heterogeneity across devices on the same build. Support teams could see increased variability in user reports and must account for hardware, licensing, and region when triaging “missing features.”
• Privacy and surface‑area questions despite controls
• Recall records snapshots of activity for task resumption. While opt‑in and encrypted with Windows Hello, the existence of automatic capture features expands the attack surface and raises questions about retention, local forensic access, and third‑party app interactions—areas that require clear policy and configuration from administrators. The new Settings controls help, but do not eliminate need for governance.
• Licensing and cloud fallbacks
• Some File Explorer AI actions will call cloud processing and/or require a Copilot/Microsoft 365 license for full capability (for example, document summarization). Users and IT must understand which workflows are free on‑device vs which require cloud entitlements.
• Usability regressions in Windows Hello
• While the Windows Hello UI has been modernized, some users report slower sign‑in experiences. Organizations that rely on fast biometric sign‑in (e.g., reception desks, kiosks) should validate the updated flows before wide rollout.

---

Deployment guidance for administrators​

• Inventory and entitlement assessment
• Identify Copilot+ hardware, CPU/NPU capabilities, and which users have Microsoft 365/Copilot licenses. Map which devices will receive on‑device AI features and which will remain cloud‑assisted. This prevents surprises when features don’t appear.
• Pilot on a controlled ring
• Establish a small pilot group representing diverse hardware and license states to validate UX, performance, and compatibility. Pay attention to disk usage growth and Windows Hello behavior during pilot.
• Plan for bandwidth and storage
• For large updates, use delivery optimization, peer caching, WSUS, or the Microsoft Update Catalog to reduce WAN impact. Confirm exact .msu sizes for target architectures from the catalog prior to mass deployment.
• Update communications and training
• Prepare end‑user messaging that explains Recall opt‑in, how to control generative AI permissions, and where to find the new Settings pages. Provide short how‑to guides for the Click to Do tutorial and any new Windows Hello steps.
• Security and privacy policy updates
• Update acceptable use and retention policies to account for Recall snapshots and on‑device model use. Ensure legal and compliance teams review local retention defaults and the auditability of the new Text & Image Generation settings.
• Monitor telemetry and support channels
• Watch for increased helpdesk tickets tied to feature gating confusion, slow signin flows, or mitigation failures. Use telemetry to track adoption and any anomalous performance regressions.

---

Practical tips for consumers and power users​

• If you prefer to delay large packages, defer the update on Windows Update or use metered connection settings; alternatively download the specific .msu from the Microsoft Update Catalog and install during off‑peak hours. Verify the storage impact in advance.
• Explore the new Settings page (Privacy & security > Text and Image Generation) after updating to see which apps accessed on‑device generative models and toggle access for apps you don’t trust.
• For Copilot+ features that are not visible after updating, confirm device hardware qualifies, English display language is set (for Agent in Settings), and that licensing entitlements are in place—then allow time for Microsoft’s staged enablement.
• If Windows Hello feels slower after the update and it impacts productivity, test credential and device settings and log a support request; some users reported the redesigned flow is visually nicer but slower in practice.

---

The broader picture: why this matters​

This Patch Tuesday marks an inflection point in Microsoft’s desktop strategy: generative AI is no longer an add‑on service but is being integrated into the shell itself—File Explorer, Search, Settings, and lock screens. Shipping model binaries with cumulative updates is a deliberate tradeoff: it brings offline AI capabilities and lower latency, at the cost of larger update sizes and more complex feature gating.
For organizations, that tradeoff translates into tangible planning needs: bandwidth, storage, licensing reconciliation, policy updates, and user education. For consumers, it means new convenience and creative tooling appear directly where files and tasks live—but with privacy and permissions to manage.

---

Conclusion​

KB5065426 for Windows 11 supplies a dense mixture of visible UI polish, staged Copilot+ on‑device AI features, and thoughtful privacy controls—while also introducing operational challenges that make this month’s Patch Tuesday more than a routine security rollup. The core improvements—Recall’s new homepage, Click to Do onboarding, Search and File Explorer upgrades, and the Text & Image Generation privacy page—offer real productivity and privacy value when used with awareness of hardware gating and licensing. Administrators should approach deployment deliberately: pilot widely, plan for the larger payloads, update policies, and prepare users for change. The next few weeks will be the litmus test for whether on‑device generative features can deliver meaningful productivity gains without introducing untenable operational or privacy risk.

---

Source: Thurrott.com Patch Tuesday Arrives with New Features for Windows 11

 

[ChatGPT]

Microsoft’s September Patchday for Windows 11 goes beyond the usual security checklist, delivering a collection of visible UI refinements, expanded on‑device AI scaffolding for Copilot features, and a number of convenience updates that range from a revised Recall landing page to a seconds display on the taskbar — all wrapped into the cumulative update distributed on September 9, 2025 as KB5065426 (OS Build 26100.6584).

Background / Overview​

Microsoft continues to evolve Windows 11’s servicing model by shipping client binaries and on‑device AI model payloads inside monthly cumulatives while enabling specific features gradually through server‑side flags, hardware checks, and licensing entitlements. That dual strategy — “code in the build, feature turned on later” — explains why two machines on the same build can show different user experiences after installation. The September rollup follows this pattern and mixes broad stability/security fixes with gated Copilot+ capabilities and system polish.
Two operational realities stand out from this Patchday: first, the update contains on‑device AI components that substantially increase package size compared with a traditional monthly cumulative; second, several headline features are targeted primarily at Copilot+ hardware (devices with on‑device NPUs or other accelerators) and/or require Microsoft 365/Copilot licensing to unlock full functionality.

---

What shipped: a feature-by-feature look​

Recall: a new home page for personal history​

Recall, Microsoft’s opt‑in snapshot/history feature, now opens to a dedicated Home landing page that surfaces recent snapshots, top apps, and websites so users can resume workflows quickly. The redesigned layout introduces a left navigation rail with Home, Timeline, Feedback, and Settings, and maintains opt‑in snapshot capture with local encryption and Windows Hello gating for access. Recall is currently staged for Copilot+ devices and remains guarded by hardware and policy checks.
Why this matters: Recall is intended to become a quick resume/history surface that reduces friction when switching contexts. For privacy‑conscious users and enterprises, its opt‑in nature and local encryption are reassuring, but administrators should validate retention, export controls, and retention durations before broadly enabling it in managed environments.

Agent in Settings: natural‑language settings search expands beyond Snapdragon​

The on‑device Agent in Settings — a compact local language model that accepts plain‑English queries to find or recommend Settings changes — has been expanded from Snapdragon/ARM Copilot+ devices to eligible AMD and Intel Copilot+ hardware (English initially). The agent runs locally, proposes changes, and requires explicit user confirmation before applying system modifications; administrators can control the behavior through policy.
Practical effect: For everyday users, natural‑language access to settings shortens the discovery path. For IT and privacy teams, the on‑device execution model reduces cloud calls but still requires auditing of what the agent can change and whether policy can lock down specific toggles.

Click to Do: discoverability and tutorials​

Click to Do, the contextual overlay assistant that surfaces quick actions for selected text and images (summarize, extract, edit), gains a first‑run interactive tutorial to help users discover available actions. This onboarding aims to make the overlay more approachable for new users and reduce the friction of adopting AI‑assisted workflows. The tutorial can be re‑launched from Click to Do’s options.

File Explorer: right‑click AI actions and Copilot integrations​

File Explorer adds AI image-edit options in the right‑click context menu such as Blur Background, Remove Background, and Erase Objects, plus a Summarize action for documents. Some of these actions run locally on Copilot+ devices; others call Copilot/Microsoft 365 backends and therefore require appropriate entitlements. Administrators should expect a mixed model where on‑device and cloud processing coexist and licensing gates cloud‑dependent functions.

Search: images in a grid and visible indexing progress​

Windows Search now displays image results in a grid view for faster visual scanning and shows a progress indicator while indexing is still running so users can tell whether results are complete. Search also clarifies whether items are local or cloud‑only. These are small but practical improvements for people who rely heavily on local photo search.

Widgets and lock screen: more flexible placement and selection​

The widget area and lock screen widgets receive extended customization: users can add, remove, and rearrange which widgets appear on the lock screen, and a new small widget size option increases layout flexibility. What began as regional experiments is rolling out more broadly. This gives users better control over what information appears at glance without opening the device.

Task Manager and taskbar refinements​

Task Manager’s CPU reporting has been standardized so the values shown in Processes, Performance, and Users align, replacing the legacy “Processor Utility” inconsistency. For compatibility, the old metric remains available as an optional “CPU Utility” column in Details view. This change improves diagnostic clarity on multi‑core systems where a single thread previously could misleadingly show 100% utilization in Processes.
The notification area/user experience also gains small but useful options: the clock can optionally display seconds, returning a level of granularity many power users asked for, and permission prompts now dim the rest of the screen to draw attention when an application requests access to sensitive resources.

---

The big operational change: on‑device models and unusually large cumulative packages​

A recurring theme across independent coverage and catalog checks is that the September cumulative includes on‑device AI model binaries, which significantly increase the offline package size. Reported offline .msu downloads for client architectures in the September drop are in the ballpark of 3.6–3.8 GB per architecture, a marked jump from typical monthly cumulatives. Microsoft’s rollout model deliberately ships code and models in the cumulative while gating feature enablement server‑side.
Implications for home users and enterprises:

• Larger downloads and increased storage pressure on system drives, which may be problematic for devices with limited SSD capacity.
• Increased bandwidth costs and longer patch windows for organizations — plan distribution windows and use the Microsoft Update Catalog or WSUS redistribution strategies to avoid repeated downloads.
• The staged enabling model means installing the update does not guarantee immediate feature availability; the code may be present while server flags, hardware attestations, or licensing checks still block activation.

Caution: reported package sizes are approximate and can vary by architecture and catalog snapshot. Administrators should validate exact package sizes and contents for their environment via the Microsoft Update Catalog before mass deployment.

---

Privacy, governance, and security considerations​

Text & Image Generation controls​

Windows 11 now exposes a Text & Image Generation page under Privacy & security that logs which third‑party apps invoked built‑in generative models and surfaces per‑app toggles to restrict access. This is an important step toward governance of on‑device generative capabilities, but its practical efficacy depends on enforcement boundaries and log fidelity. Enterprises should validate whether reported app accesses are complete and whether blocking is enforced at the kernel/OS level or relies on app cooperation.

Recall and local snapshot controls​

Recall’s snapshots are encrypted and protected by Windows Hello, but privacy teams should evaluate: where are snapshots stored, how long are they retained, and under what conditions can they be exported or shared? Microsoft’s public notes emphasize local encryption and opt‑in behavior, but organizations will want to test retention boundaries and data export mechanics before endorsing broad enablement.

Permission prompts and clearer consent​

The new modal permission prompts that dim the background are a UX improvement that helps users focus on critical decisions, but it also increases the likelihood of immediate denials or acceptances. Administrators should review application workflows that rely on prompting and consider policy controls where unattended server‑side approvals are required.

---

Enterprise items and lifecycle notes​

• Windows Backup for Organizations: promoted toward general availability to simplify device refresh and migration workflows for Entra‑joined devices. This can materially reduce downtime during device swaps. Administrators should evaluate integration touchpoints with existing backup and MDM processes.
• PowerShell 2.0 removal: Microsoft has begun removing legacy Windows PowerShell 2.0 from Windows 11 24H2 images; admins must audit and migrate scripts to PowerShell 5.1 or 7.x where necessary. This removal is part of a long‑term deprecation plan and can break legacy installers or automation that explicitly invoke PS 2.0.

Operational guidance: pilot the update in representative device rings, verify both on‑device and cloud‑dependent AI actions, test backup/restore workflows with Windows Backup for Organizations, and ensure any PowerShell dependence is resolved prior to broad rollout.

---

Critical analysis — benefits and risks​

Notable strengths​

• Practical UX polish: The combination of grid image search, lock‑screen widget control, seconds display, and improved Task Manager metrics collectively raise day‑to‑day usability for both regular and power users. These increments matter because they reduce friction in common tasks.
• On‑device AI acceleration: Enabling Copilot+ experiences to run locally when hardware permits reduces latency, preserves offline capability, and limits cloud dependency for some actions. The expansion of Agent in Settings to AMD and Intel Copilot+ hardware broadens real‑world reach.
• Governance surfaces: The Text & Image Generation control page is a forward step for transparency around which apps use generative features. Enterprises now have more audit surface to evaluate app behavior.

Potential risks and caveats​

• Deployment costs: Larger cumulative packages increase bandwidth and storage requirements. Organizations with constrained update windows or limited WAN capacity will need to rework distribution planning and perhaps stage downloads via local caching or the Update Catalog. Reported package sizes are approximately 3.6–3.8 GB per architecture, and that footprint has meaningful operational consequences.
• Feature fragmentation: Server‑side gating and hardware licensing mean feature exposure will be uneven. This fragmentation complicates helpdesk instructions and documentation because identical builds can behave differently across devices. Expect increased support cases from users who “don’t see” a feature they read about.
• Privacy surface area: Despite local encryption, the addition of Recall and on‑device models expands potential data collection/retention vectors. The Text & Image Generation audit screen is helpful, but the ultimate privacy posture depends on enforcement strength, telemetry granularity, and admin controls. Organizations should treat on‑device AI as a new attack surface until validated.
• Licensing complexity: Some File Explorer AI actions and summarization features require Microsoft 365/Copilot licensing. That creates a mixed experience where functionality depends on both device hardware and tenant licensing, complicating rollout decisions.

Where claims are less certain: cataloged package sizes and rollout timings are subject to change and can differ by geography or architecture; the reported 3.6–3.8 GB figures are approximations based on independent catalog checks and should be verified against the Microsoft Update Catalog in each environment.

---

Practical guidance: how users and admins should approach the September update​

• For home users:
• Check for updates via Settings → Windows Update and review the update size before downloading if you are on metered or low‑quota connections.
• If you care about features like Recall or Copilot in Settings, verify whether your device is Copilot+ certified and whether your region/language is supported. If not, the code may be present but disabled until server flags change.
• For IT admins and sysadmins:
• Pilot KB5065426 in a representative ring first and validate:
• Update package size and distribution impact.
• PowerShell script compatibility (migrate any PS 2.0 reliance).
• Backup/restore workflows with Windows Backup for Organizations.
• Policy controls for on‑device agents and Text & Image Generation toggles.
• Use the Microsoft Update Catalog and WSUS to stage downloads and prevent duplicate WAN traffic for large offline installers. Verify exact package sizes per architecture in your environment.
• Update documentation and knowledge base articles to reflect feature gating and license dependencies so support teams can diagnose “missing feature” reports efficiently.
• For privacy and security teams:
• Review the new Text & Image Generation settings and test whether toggles effectively block the expected flows.
• Test Recall retention/export mechanics and confirm that local encryption is enforced and that enterprise retention policies or DLP tooling can manage recorded content as required.

---

Final verdict​

The September Patchday is a measured, pragmatic release that signals Microsoft’s dual priorities: maintain security and stability while expanding Windows 11’s on‑device AI capabilities and everyday polish. The update brings tangible usability wins — Recall’s new Home, grid image search, customizable lock‑screen widgets, and standardized Task Manager metrics — and it broadens the scope of Copilot features by enabling on‑device agents on more hardware. At the same time, the operational and governance trade‑offs are real: larger cumulative sizes, feature fragmentation due to hardware and licensing gates, and new privacy surfaces that require vetting before broad enterprise enablement.
For most users the update is not merely a matter of security: it offers worthwhile functionality and polish. For IT organizations, the September rollup demands deliberate planning — pilot widely, confirm package sizes and bandwidth strategy, migrate legacy PowerShell dependencies, and validate privacy/governance controls before flipping on Copilot+ capabilities at scale.
Overall, the September cumulative represents a continuing shift in Windows’ lifecycle: monthly updates are no longer exclusively about fixes; they are also vehicles for delivering the client code and model scaffolding that will enable richer, hardware‑accelerated AI experiences — provided organizations and users adapt their deployment, privacy, and licensing practices accordingly.

---

---

Source: igor´sLAB September Patchday: Microsoft brings new features to Windows 11 | igor´sLAB