Windows Backup for Organizations Hits Release Preview with KB5064080

Microsoft has quietly moved Windows Backup for Organizations from preview into the Release Preview channel with the optional, non‑security cumulative update KB5064080 (Build 22631.5837 / OS Build 22621.5840), pairing a cluster of targeted reliability fixes with a strategically important enterprise feature intended to streamline device refreshes, upgrades and reimaging at scale. (blogs.windows.com, support.microsoft.com)

Background / Overview​

Microsoft published the Release Preview announcement for Windows 11 Build 22631.5837 on August 14, 2025 and the Microsoft Support entry for KB5064080 (OS Build 22621.5840) followed with the official non‑security update page dated August 26, 2025. These notices list a short, focused set of fixes across File Explorer, device management, input/IME, networking and the file system — and call out Windows Backup for Organizations as new and “generally available” in the release notes. (blogs.windows.com, support.microsoft.com)
The technical framing is important: KB5064080 is an optional Release Preview flight, not a cumulative security LCU issued on Patch Tuesday. Microsoft bundled a Servicing Stack Update (SSU, KB5064743) with the LCU in the combined package, which improves installation reliability but complicates rollback because SSUs cannot be uninstalled independently from the combined package. Administrators therefore need a tested uninstall/rollback plan before broad deployment. (support.microsoft.com)
This article summarizes what KB5064080 delivers, verifies the scope and prerequisites for Windows Backup for Organizations, analyzes operational impacts and risks for enterprise deployments, and gives a pragmatic rollout and compliance checklist for IT teams.

---

What KB5064080 actually fixes (and why it matters)​

Microsoft’s official changelog highlights a set of narrowly scoped but operationally meaningful fixes. The following summarizes the most consequential items and the real‑world scenarios they address.

Key fixes included in KB5064080​

• Windows Backup for Organizations — New! Microsoft lists the enterprise backup/restore flow as generally available in this Release Preview build. The feature is positioned to preserve user and device settings across reimages or device replacements to reduce time‑to‑productivity. (blogs.windows.com, support.microsoft.com)
• Device management / removable storage policy — a fix that ensures policies intended to block USB/removable drives are enforced correctly, closing a compliance and data‑exfiltration gap in managed fleets. (support.microsoft.com)
• File Explorer — fixes two disruptive conditions: Explorer showing only a single folder (e.g., Desktop) instead of Recent/Recommended content, and performance slowdowns when many SharePoint sites are synced into Explorer. Both are frequent sources of helpdesk tickets in hybrid/cloud file scenarios. (support.microsoft.com)
• SMB over QUIC — mitigations to reduce unexpected delays when accessing SMB shares over QUIC, improving remote file‑share access without a VPN. (support.microsoft.com)
• ReFS stability — resolves a rare hang condition when deduplication and compression are enabled together on ReFS volumes, a high‑severity issue for storage hosts and virtualization/backups that use ReFS. (support.microsoft.com)
• Input / IME / Unicode — fixes rendering of extended Unicode characters (notably rare Chinese glyphs) and corrects issues in the Chinese (Simplified) IME; the changelog explicitly references compliance with GB18030‑2022. These fixes matter for localization and accessibility. (support.microsoft.com)
• Narrator and accessibility — corrects incorrect Narrator announcements related to Windows Hello facial protection controls. (support.microsoft.com)
• Network / Wi‑Fi — fixes an issue where Wi‑Fi might not reconnect automatically after a Group Policy update. (support.microsoft.com)
• Remote Desktop — fixes camera enumeration in RDS/Remote Desktop sessions when cameras are added/removed mid‑session. (support.microsoft.com)

These changes are targeted at reliability and compliance pain points rather than introducing consumer‑facing features. Independent coverage reproduced the same changelog and called out the same items, confirming Microsoft’s published list. (neowin.net)

---

Deep dive: Windows Backup for Organizations — what it is, what it isn’t​

Microsoft’s enterprise backup offering is intentionally scoped and built to integrate with the Microsoft cloud management plane (Microsoft Entra and Intune). Understanding its design boundaries is essential to avoid misusing it as a replacement for full backup solutions.

What Windows Backup for Organizations does​

• Backs up a curated set of system and user settings tied to a Microsoft Entra identity.
• Restores those settings to a new or reimaged device during device enrollment, reducing reconfiguration time after hardware refreshes or OS upgrades.
• Covers categories such as system settings, personalization, accessibility, network and device settings, File Explorer preferences, Bluetooth pairings, time & language, and gaming settings — aimed at preserving productivity‑relevant configuration state. (learn.microsoft.com)

What it does not cover​

• Does not back up installed applications, app binaries, or full application state. Application deployment and reinstallation remain the job of Intune, MSIX, app‑management tooling or third‑party packaging.
• Is not a bare‑metal or full‑disk image recovery tool. For disaster recovery, traditional image backups and enterprise backup appliances are still required.
• The restore flow is tied to Microsoft Entra (Azure AD) joined devices and requires Intune configuration for the restore policy to work as designed. Hybrid‑join may support backup‑only scenarios, but full restore requires Entra join and the correct enrollment options. (learn.microsoft.com)

Prerequisites and admin controls (verified)​

Microsoft’s Intune documentation spells out the prerequisites and the steps to enable backup & restore in the Intune admin center. Key prerequisites include:

• Devices must be Microsoft Entra joined (or hybrid joined, with caveats).
• Devices must run a supported build (supported Windows 10 / 11 build baselines are listed in the Intune doc).
• The restore workflow must be enabled tenant‑wide in Intune’s enrollment settings; Autopilot must be configured for user‑driven mode if used. (learn.microsoft.com)

Importantly, the Intune page still lists the feature as public preview at the time of this writing (August 20, 2025 in the doc header) even as the Release Preview build notes call it “generally available.” This signals that tenant‑level availability may be phased, gated, or require admin activation — a nuance that administrators must verify before assuming GA behavior. (learn.microsoft.com, blogs.windows.com)

---

Verification, cross‑checks and caveats​

Multiple independent sources corroborate the core facts: Microsoft’s Windows Insider blog announced Build 22631.5837 with the Windows Backup for Organizations callout, Microsoft Support published the KB article enumerating the fixes, and coverage from industry outlets reproduced the changelog. The Intune documentation details how to enable the organization backup/restore flow and lists prerequisites and enrollment controls. Together, these sources form an authoritative cross‑check on feature scope and technical requirements. (blogs.windows.com, support.microsoft.com, learn.microsoft.com, neowin.net)
Caveat: Microsoft’s Release Preview labeling of the feature as “generally available” does not guarantee immediate, tenant‑wide enablement. Cloud services are often rolled out with backend feature flags, tenant opt‑ins, or staged backend deployments. The Intune page’s “public preview” note and the practical need to toggle restore enrollment in Intune are both clues that admins must confirm actual availability inside their management portals rather than assuming GA for every tenant. Treat the Release Preview mention as an availability signal that requires tenant verification. (learn.microsoft.com, support.microsoft.com)

---

Strengths: why this matters for IT​

• Faster time‑to‑productivity: Restoring settings automatically during enrollment reduces desktop support workload and shortens the time users need to be fully productive on replacement devices.
• Tight integration with management tools: Because it is built to work with Microsoft Entra and Intune, the feature can be managed via existing policy and enrollment controls and audited through the management plane. (learn.microsoft.com)
• Targeted reliability fixes: The other fixes in KB5064080 address issues that commonly generate helpdesk tickets (Explorer display, SharePoint sync slowdowns, removable storage policy enforcement, and ReFS stability), making the update operationally valuable to many organizations. (support.microsoft.com, neowin.net)
• Localization and compliance improvements: IME and Unicode fixes plus GB18030‑2022 alignment matter for multinational deployments and government/compliance contexts. (support.microsoft.com)

---

Risks and limitations — what to watch for​

• Preview volatility: KB5064080 is an optional Release Preview update. Historically, preview builds can regress on specific hardware or when interacting with third‑party drivers, EDR, or storage filters. Pilot testing is essential.
• Rollback complexity: Because the package contains an SSU (KB5064743) bundled with the LCU, rollback is more complex — SSUs can’t be removed by a simple wusa.exe uninstall. Organizations must be ready to use DISM removal with precise package names or restore from images. (support.microsoft.com)
• Scope limitations of the backup service: Windows Backup for Organizations saves configuration state, not application binaries or user data — relying on it as a single source for recovery would be a dangerous misstep. Continue to use full backup and app deployment tooling for business‑critical data and applications. (learn.microsoft.com)
• Tenant gating and licensing ambiguity: The Windows Insider blog and Support page describe the feature as generally available, but Intune’s article still references preview status; practical availability may depend on tenant enablement and licensing. Confirm with your Microsoft representative or validate in a test tenant before production use. (blogs.windows.com, learn.microsoft.com)

Where claims or rollout timing could not be independently verified for every tenant (for example, whether your specific Intune tenant already has the restore toggle enabled), treat those items as conditional and verify directly in the admin portal.

---

Recommended deployment plan for enterprises (practical checklist)​

• Identify a pilot cohort (1–5% of fleet) representing diverse hardware, drivers and usage patterns:
• Include machines that mount many SharePoint sites, ReFS servers, devices managed by EDR vendors, remote users relying on SMB over QUIC, and endpoints subject to removable storage policies.
• Backup and rollback readiness:
• Ensure image backups and tested restore processes exist for pilot devices. Document DISM removal steps and keep offline images ready in case combined SSU+LCU rollback is required. (support.microsoft.com)
• Validate Windows Backup for Organizations in a lab tenant:
• Confirm Entra join, Intune prerequisites, and enable the backup/restore settings in Intune (Settings Catalog and Enrollment → Windows Backup and Restore options). Run full backup → restore cycles on test devices and document exactly what is and isn’t restored. (learn.microsoft.com)
• Test critical workflows:
• File Explorer navigation & SharePoint mounts, removable storage enforcement, ReFS dedupe + compression heavy operations, SMB over QUIC performance, Remote Desktop camera enumeration, and Wi‑Fi reconnect after Group Policy refresh. (support.microsoft.com)
• Expand in waves:
• Move from pilot to broader rings only after no critical regressions for 1–3 weeks. Monitor telemetry, upgrade success rates and helpdesk ticketing patterns.
• Communicate and document:
• Tell end users what the feature does and, crucially, what it does not do — emphasize that app reinstall and full file backups are still the responsibility of existing deployment and backup tools.

---

Security, privacy and compliance checklist​

• Data residency and retention: Confirm where backup metadata and configuration snapshots are stored and whether that satisfies your regulatory regimes; cloud storage of configuration state can have jurisdictional implications.
• Access controls and auditability: Audit who can trigger restores, who can view backup metadata, and ensure Intune/Microsoft Entra conditional access policies align with restore flows to prevent inadvertent privilege escalation. (learn.microsoft.com)
• Combine with existing backups: Continue to use enterprise backup tools for user data and application state. Treat Windows Backup for Organizations as an add‑on for configuration state, not as a replacement for application or file backups.
• Test restore governance: Run tabletop exercises that cover the restore process, chain of custody, and recovery time objectives (RTOs) so restore operations fit into existing incident response plans.

---

Operational verdict: who should test and when​

• Pilot immediately if your organization:
• Manages devices with Microsoft Entra and Intune and is planning large device refreshes or migrations (for example, Windows 10 → Windows 11 migrations), or
• Is frustrated by recurring helpdesk tickets tied to File Explorer/SharePoint sync, removable storage policy enforcement, or ReFS instability.
• Defer broad production deployment until:
• You validate tenant enablement for restore, confirm vendor compatibility with critical drivers and EDR agents, and establish rollback procedures for combined SSU+LCU packages. (support.microsoft.com)

In short: pilot fast, expand cautiously. The feature is strategically useful and the KB addresses meaningful reliability problems — but operational discipline matters because Release Preview flights can still expose environment‑specific regressions.

---

Final notes and recommended next steps​

• Verify whether Windows Backup for Organizations appears in your Intune admin center and run at least one end‑to‑end backup/restore cycle in a lab tenant before relying on it for migrations. The Intune docs contain step‑by‑step configuration instructions and prerequisites. (learn.microsoft.com)
• Keep an eye on Microsoft’s Update History and Release Health dashboards for any emergent known issues related to KB5064080 and the bundled SSU (KB5064743). (support.microsoft.com)
• Maintain your existing backup and application deployment pipelines; treat Windows Backup for Organizations as an accelerator for user settings recovery, not a replacement for enterprise backup or app management.

KB5064080 is a compact but consequential release: it bundles practical reliability fixes while signaling Microsoft’s push to provide first‑party tooling that reduces labor during device lifecycle events. For organizations already invested in Microsoft Entra and Intune, Windows Backup for Organizations promises meaningful time and cost savings — provided admin teams validate tenant enablement, test restores end‑to‑end, and maintain robust rollback and compliance guardrails before broad adoption. (blogs.windows.com, learn.microsoft.com, support.microsoft.com)

---

Source: Windows Report Windows 11 KB5064080 Preview Update Brings Windows Backup for Organizations