Microsoft Announces Native Sysmon Integration and New Windows 11 Recovery Tools
Microsoft has announced significant enhancements to Windows 11 and Windows Server 2025, including the native integration of Sysmon, a powerful system monitoring tool previously available only as a standalone Sysinternals utility. With this integration, administrators will be able to deploy and manage Sysmon directly through Windows features and updates, simplifying large-scale monitoring and threat detection. Sysmon's advanced event filtering and custom configuration capabilities will remain intact, enabling organizations to monitor for suspicious activity, process tampering, and other security-relevant events without the need for separate installations.
In addition to Sysmon integration, Microsoft introduced two new recovery features for Windows 11: Cloud Rebuild and Point-in-Time Restore (PITR). These tools are designed to minimize downtime and streamline recovery from system failures or problematic updates. PITR allows users and IT administrators to quickly roll back systems to healthy snapshots, restoring not only the OS but also local files and applications. Cloud Rebuild enables remote, cloud-based reinstallation of Windows 11, leveraging Intune and Autopilot for zero-touch provisioning and rapid restoration of user data and settings. Both features are set to be integrated with Microsoft Intune, providing enterprise admins with robust, remote recovery and remediation capabilities.
Sources
Related Stories
Windows 11 Insider Updates Add Native Sysmon and Relax Smart App Control Re-Enablement
Microsoft is rolling out **native Sysmon functionality** to some Windows 11 devices in the **Windows Insider** program, integrating the Sysinternals *System Monitor* directly into the OS. Sysmon records security-relevant telemetry to the Windows Event Log (e.g., process creation/termination and, when configured, richer behaviors such as file creation, process tampering, clipboard changes, and deleted-file backup) to support threat detection and hunting; the built-in capability is **disabled by default** and must be explicitly enabled, with guidance to remove any separately installed Sysmon before turning on the native feature. In parallel Windows 11 Insider builds, Microsoft is also changing **Smart App Control (SAC)** behavior so users can **turn SAC off and later re-enable it without a full OS reinstall**, reversing the prior “clean install only” design that permanently blocked reactivation after disablement. The change follows user-impacting false positives (e.g., SAC flagging ASUS Armoury Crate on ASUS ROG Ally), and Microsoft’s updated approach aims to reduce operational friction while still encouraging users to keep SAC enabled unless conflicts require disabling it.
1 months ago
Windows 11 Preview Updates Add Native Sysmon and Fix Explorer/Taskbar Regressions
Microsoft’s latest Windows 11 preview releases for Insiders and optional updaters introduce **native Sysmon** and ship fixes for disruptive **Windows Explorer/taskbar** regressions. Windows 11 Insider Dev Channel Build `26300.7733` (KB5074178) adds Sysmon as a built-in *Optional Feature*, bringing deeper endpoint telemetry (e.g., process creation with command lines, network connections, driver loads, and file timestamp manipulation) intended to improve forensic visibility and incident investigation; Microsoft notes the integrated Sysmon conflicts with legacy standalone Sysmon installs, requiring removal of the older version before enabling the new feature. Separately, the optional preview update **KB5074105** for Windows 11 `24H2`/`25H2` addresses a January cumulative-update regression where `Explorer.exe` could hang at startup—causing the taskbar to intermittently disappear and forcing users to restart Explorer via Task Manager—and also fixes reports of desktop icons being rearranged unexpectedly. ZDNET characterizes the upcoming February Windows 11 patch as feature-heavy and indicates KB5074105 is an early look at what will roll into the broader monthly release, while other referenced ZDNET pieces are general OS commentary/comparisons and not tied to the Sysmon integration or the KB5074105 Explorer fix; an Android 17 feature roundup is unrelated.
1 months ago
Microsoft Windows lifecycle and update changes affecting Windows 10/Server 2016 and Windows 11
Microsoft is warning organizations that **Windows Server 2016**, **Windows 10 Enterprise LTSB 2016**, and **Windows 10 IoT Enterprise 2016 LTSB** are approaching end of support, after which they will no longer receive security patches, bug fixes, or technical support. Reported lifecycle dates include **October 13, 2026** for the Windows 10 2016 LTSB variants and **January 12, 2027** for Windows Server 2016; Microsoft’s guidance is to prioritize upgrades (e.g., to **Windows Server 2025** and Windows 10/11 LTSC options where hardware permits) and, if migration timelines slip, to use the **Extended Security Updates (ESU)** program as a short-term bridge for up to three years with only “critical” and “important” security updates. Separately, Microsoft released the **Windows 11 KB5077241** optional (non-security) preview cumulative update with 29 quality changes, including **BitLocker reliability** improvements (addressing freezes after entering a recovery key) and new built-in capabilities such as a taskbar **network speed test** and **native Sysmon functionality** (disabled by default). The update also enables **Quick Machine Recovery (QMR)** by default on certain unmanaged Windows Pro devices and is positioned for admin testing ahead of the next Patch Tuesday release, but it does **not** include security fixes.
2 weeks ago