Windows 11’s latest Release Preview update, shipped as Builds 26100.8106 and 26200.8106 (package KB5079387), quietly advances two of Microsoft’s most visible and controversial platform priorities:
accessibility powered by AI and
practical manageability for system security. The update expands Narrator’s AI-driven image descriptions beyond Copilot+ hardware to all Windows 11 devices with Copilot available, and it begins the rollout of a user-facing toggle for
Smart App Control (SAC) so the feature can be turned on or off without performing a clean OS install. Both changes are small on paper but consequential in practice — they promise tangible day-to-day improvements for people with disabilities and for developers and power users, while also reopening important conversations about privacy, enterprise governance, and security posture management.
Background / Overview
Microsoft uses the Windows Insider program and the Release Preview channel to stage near‑final updates and non‑security preview releases before wider distribution. The March 12, 2026 Release Preview post for Builds 26100.8106 (24H2 baseline) and 26200.8106 (25H2 baseline) surfaces as KB5079387 and bundles a set of quality enhancements alongside new features that Microsoft is rolling out in phases. Two items from the release notes deserve close attention: the expansion of
Narrator’s rich image descriptions and the addition of a
Smart App Control toggle in Settings.
These items follow months of iterative testing. Rich image descriptions were first introduced for Copilot+ PCs and later expanded to more devices in Insider channels. Smart App Control — introduced earlier as a protective, zero‑touch execution control — has been contentious because, historically, once SAC was turned off it could not be re-enabled without reinstalling Windows. Microsoft signaled a future change earlier in January’s preview notes, then temporarily retracted that documentation, and now KB5079387 marks a renewed rollout of the toggle in Release Preview.
This article breaks down what the changes do, why they matter, how administrators and users should treat them, plus the tradeoffs and risks you need to consider before enabling new components on production systems.
What KB5079387 actually adds
Quick list of the most visible changes
- Narrator: Rich image descriptions integrated with Copilot now work on all Windows 11 devices where Copilot is available, with keyboard shortcuts to describe a focused image or the full screen.
- Smart App Control: A new Settings control lets users enable or disable SAC without requiring a clean Windows install.
- Improvements to Settings (About page and device information card), File Explorer behaviors, display reporting (support for refresh rates > 1000 Hz), and various reliability fixes across Hello, Safe Mode, Voice Access, and more.
These changes appear as a phased rollout: some features arrive under a gradual feature rollout and others through a normal rollout path. Availability may vary by device model, region, and market.
Narrator: richer image descriptions, broader availability
What changed
Narrator’s image description feature — which uses Copilot AI to generate contextual, descriptive text about images, charts, and graphs — is no longer limited to Copilot+ hardware. Users can now invoke descriptive captions using keyboard shortcuts:
- Press Narrator key + Ctrl + D to describe the focused image.
- Press Narrator key + Ctrl + S to describe the full screen.
When invoked, Copilot opens with the image ready so users can refine the description with follow-up prompts (for example: “Count people” or “Describe colors and labels”). Microsoft emphasizes a permissioned workflow:
the image is shared with Copilot only after the user explicitly requests the description.
Why it matters for accessibility
- Practical utility: Many images on web pages, documents, and social media lack helpful alt text. AI-driven descriptions can fill that gap by conveying people, objects, text in images, numeric values in graphs, and general layout — all immediately useful for blind and low‑vision users.
- Interactivity: The “Ask Copilot” follow-up model allows a conversational, iterative discovery model that elevates image descriptions from one‑off alt text to an exploratory accessibility experience.
- On-device vs cloud: On Copilot+ PCs, descriptions run on-device using local models for instant responses with reduced data egress. For other devices, Copilot’s cloud‑assisted descriptions may be used, trading immediacy for broader availability.
Limits, accuracy and hallucination risk
AI-generated alt text is a genuine accessibility advancement, but it’s not flawless:
- Errors and hallucinations: Models can misidentify objects, misread context, or infer details that aren’t present. For visually impaired users relying on these descriptions, such mistakes can be disorienting or misleading.
- Complex visualizations: Charts, scientific diagrams, or images with subtle visual cues may require domain expertise; AI summaries are useful but often coarse when precise interpretation is needed.
- Fallback behavior: Narrator will continue to provide basic, traditional descriptions where AI is unavailable; users should be aware of variability in detail and fidelity across hardware and regional rollouts.
Privacy and compliance considerations
Microsoft’s workflow design attempts to reduce inadvertent sharing: images are transmitted to Copilot only after user consent. But organizations must still evaluate:
- Where descriptions are generated: On‑device processing (Copilot+ PCs) has a stronger privacy posture than cloud processing since data doesn’t leave the endpoint.
- Logging and telemetry: Even consented interactions may produce logs or metadata that administrators should account for under corporate privacy policies.
- Regulatory constraints: The release notes explicitly exclude the European Economic Area (EEA) from the feature’s availability in this rollout, a nod to regional data protection and regulatory complexity.
Smart App Control: the toggle that changes the game
What Smart App Control is
Smart App Control (SAC) is an application execution policy layer for Windows 11. It evaluates binaries at launch using Microsoft’s app intelligence to block untrusted or potentially harmful applications. SAC was developed to provide a proactive defense prior to execution — a helpful complement to signature‑based antivirus and behavior detection.
Historically, SAC had a critical limitation: once disabled, Microsoft’s documented behavior was that it could not be re-enabled without returning the device to a known, clean state (a reinstall). That one‑way toggle made SAC impractical for hobbyists, developers, and many power users who regularly install unsigned tools.
What KB5079387 does
The new update adds a
user-facing control in Settings:
Settings > Windows Security > App & Browser Control > Smart App Control settings
From there users can switch SAC
on or
off without reinstalling Windows. That change removes a major management friction point and brings SAC into the realm of realistically usable endpoint protections for a broader audience.
Benefits of the toggle
- Manageability: You no longer need to reinstall Windows to change SAC state, which reduces downtime and preserves user productivity.
- Improved testing and recovery: If legitimate software is blocked, a user or admin can temporarily disable SAC to complete the install and then re-enable it.
- Adoption: Lower operational friction should increase SAC adoption, freeing users and admins to take advantage of SAC’s protective benefits.
Compromise and security risk
- User-driven weakening of security posture: The ability to flip SAC off creates an easy path to reducing protection. Attackers or careless users could exploit that to install harmful software, particularly on unmanaged devices.
- Governance needed: In enterprise environments, the toggle must be paired with policy controls, monitoring, and education. IT admins should treat SAC policy changes like any other change to endpoint protection, with logging, change control, and appropriate remediation playbooks.
- Fragmentation effects: With rolling availability and per‑device variability, support teams must plan for mixed environments where SAC behaves differently across the fleet.
Admin controls and the Copilot uninstall policy
KB5079387 sits alongside other changes Microsoft has tested for administrators. Notably, Windows Insider previews have introduced a Group Policy named
RemoveMicrosoftCopilotApp, which gives administrators a constrained, one‑time uninstall path for the consumer Copilot app on managed devices.
Key details to understand about the Copilot uninstall policy:
- The policy is available for Enterprise, Pro, and Education SKUs on managed devices.
- It uninstalls the consumer Copilot app only when a set of gating conditions are met: both Microsoft 365 Copilot and the Microsoft Copilot app are installed; the app wasn’t initially installed by the end user; and the app has not been launched in the last 28 days.
- The uninstall is one‑time; users can still reinstall the app themselves if they have permission.
Why this matters:
- It gives organizations a pragmatic way to trim AI surface area for licensing or compliance reasons without removing Copilot capabilities associated with paid M365 subscriptions.
- The conditions mean the policy is conservative: it won’t automatically remove Copilot from actively used user accounts.
- For tight security controls, admins will still need AppLocker, MDM, or other device management tools to enforce stricter app controls.
Practical guidance: how to try KB5079387 safely (insider and production guidance)
If you’re considering enrolling a machine or a subset of your fleet into Release Preview to evaluate KB5079387, follow a staged plan.
- Plan a small pilot:
- Select a diverse set of devices (hardware vendors, Copilot+ vs non‑Copilot).
- Include both managed and unmanaged endpoints.
- Document your rollback plan:
- Create system restore checkpoints or image backups for pilot devices.
- Record current SAC state and security posture baseline.
- Train pilot users:
- Explain how to invoke Narrator image descriptions and when to use them.
- Make sure users understand SAC’s toggle and the security tradeoffs of temporarily disabling it.
- Audit and log:
- Confirm Windows Event logs and your EDR/endpoint logs pick up SAC state changes and Copilot uninstalls.
- Monitor for false positives and support tickets related to blocked apps.
- Evaluate privacy posture:
- For devices that may use cloud Copilot, confirm data handling and telemetry settings align with internal policy.
- In regulated environments, validate that Copilot image descriptions comply with required handling of user data.
Short checklist for individual users:
- Confirm your device is enrolled in the Release Preview channel and has received KB5079387.
- Try Narrator shortcuts (Narrator key + Ctrl + D/S) on a sample image to observe behavior.
- Locate SAC settings under Windows Security and review the toggle; do not disable SAC on devices that must remain protected without supervision.
Governance, privacy, and compliance — enterprise cautions
These updates escalate questions that every IT team must answer before enabling new AI features broadly.
- Data handling: Even though image descriptions are permissioned, organizations must decide whether their policies allow employees to upload images from regulated documents or PHI to an AI service. On‑device (Copilot+) processing reduces exposure but does not remove the need for caution.
- Policy enforcement: The SAC toggle is useful, but organizations should create MDM or GPO guardrails that prevent improper disabling on sensitive endpoints.
- Change management: Because SAC and Copilot behaviors can change across updates and channels, include them in your update cadence and risk assessments.
- Training and support burden: Expect initial support volume as users experience blocked apps or mis-described images; prepare knowledge base articles and response playbooks.
Technical verification and regional nuance
Two important verification points emerge from the rollout:
- The Windows Insider Blog posts the detailed release notes for the Release Preview builds and is the authoritative place to confirm new features tied to specific build numbers.
- Microsoft Support documentation (for example, KB5074105 earlier this year) showed the evolving status of the SAC toggle and contains the official guidance and disciplinary notices that sometimes precede or follow Insider-level announcements.
Regional limitations matter: Microsoft explicitly flagged the Narrator image‑description expansion as
not available in the EEA during this phased rollout, underlining the reality that regulatory constraints can delay or restrict AI features in specific jurisdictions.
Critical analysis — strengths, blind spots, and the path forward
Strengths
- Real user impact: Bringing rich image descriptions to more devices is a clear win for accessibility. For blind and low‑vision users, a usable, iterative image description that can answer follow‑ups significantly improves information access.
- Operational practicality: Allowing SAC to be toggled without a clean install removes a long‑standing usability barrier that prevented wider adoption of the security feature.
- Admin tools: The RemoveMicrosoftCopilotApp policy shows Microsoft listening to enterprise needs for control over emergent AI functionality.
Blind spots and risks
- Usability vs security tension: The SAC toggle improves usability but also makes it trivially easy for users to reduce protection unless IT governs the capability. The resulting variability within organizations could create inconsistent attack surfaces.
- AI trust and accuracy: Rich image descriptions are powerful but imperfect. Organizations and users must be trained to treat AI descriptions as assistive information rather than indisputable fact, especially where safety or compliance matters.
- Privacy complexity: Even with user consent, the integration of image content and AI services raises nontrivial data handling issues, especially for regulated industries or where user images may contain sensitive information.
- Feature fragmentation: Staged rollouts, device hardware dependencies (Copilot+ vs cloud), and regional exclusions increase complexity for help desks and technical documentation.
What Microsoft should do next (recommended)
- Publish clear enterprise guidance that pairs the SAC toggle with recommended MDM/GPO controls and monitoring templates.
- Offer transparent telemetry controls and an enterprise‑grade consent/logging model for Copilot interactions used by Narrator.
- Provide a graduated admin policy for SAC that allows organizations to permit temporary disabling under logged, auditable conditions (instead of a full user toggle).
- Invest in accuracy transparency: provide users with an “explain why” and confidence score for AI image descriptions to mitigate hallucination concerns.
Practical FAQs
How do I describe an image with Narrator?
- Press Narrator key + Ctrl + D to describe the focused image or Narrator key + Ctrl + S to describe the full screen. Copilot will open with the image prepared; the image is only shared after you request the description.
Where do I find the SAC toggle?
- Settings > Windows Security > App & Browser Control > Smart App Control settings. Exercise caution before switching SAC off on production systems.
Can an admin remove Copilot?
- A new Group Policy (RemoveMicrosoftCopilotApp) lets admins remove the consumer Copilot app under specific conditions on managed Enterprise, Pro, and EDU devices. The uninstall is one‑time and conditional.
Should I install Release Preview on my daily driver?
- Treat Release Preview as a near‑final staging channel. For most users and enterprise endpoints, wait for the normal rollout or stage the update in a controlled pilot to validate behavior before broad deployment.
Conclusion
KB5079387 and its associated Release Preview builds represent incremental but meaningful steps in Microsoft’s ongoing balancing act: shipping AI capabilities that expand accessibility and capability while preserving security and administrative control. For visually impaired users, expanding Narrator’s AI‑driven image descriptions removes a practical barrier to content access. For developers, power users, and IT teams, the Smart App Control toggle addresses a long‑standing operational pain point.
At the same time, these advances emphasize the need for disciplined governance. Organizations must decide how and where to accept AI‑enabled convenience, and how to ensure that security controls like SAC remain effective in the face of user‑driven toggles. Administrators should couple any rollout with policy controls, monitoring, and clear communication to end users.
If you depend on Narrator for daily computing or manage a fleet of Windows 11 devices, KB5079387 is worth watching closely. Test it in a controlled environment, evaluate privacy and accuracy for your organization’s workflows, and prepare governance rules that let you benefit from the new capabilities without undermining your security or compliance posture.
Source: Windows Report
https://windowsreport.com/windows-1...e-descriptions-lifts-smart-app-control-limit/