The Windows 11 22H2 release demonstrates that Microsoft is embracing the Everywhere Workplace, with new features and capabilities to support remote workers and BYOD deployments.

What enhancements should IT admins pay attention to? These are the features worth taking advantage of – and since Ivanti UEM solutions support devices on Windows 11 22H2, customers can roll out the latest OS to their whole fleet from day zero. Stay tuned for updates on support for new management features.

Productivity enhancements for end users

These collaboration and productivity features – many of which employees can personalize to their liking – are particularly useful for employees working remotely or while in transit. 

Group apps into a folder on the Start menu. Employees can also personalize the Start menu to add more apps or recommendations.

Add and view favorites on the File Explorer home screen. File Explorer tabs help organize content to quickly switch between multiple projects.

Avoid distracting notifications. Focus assist is set by default to activate automatically under certain conditions. Employees can adjust and extend focus time from the Focus Assist settings on the taskbar.

Improve video and audio calls with Windows Studio Effects.

Make Teams meetings more accessible. Live captions make video meetings easier to follow.

Security enhancements for IT

IT teams are acutely aware of the security threat posed by unmanaged devices and access to corporate data from personal computers – but they also need to accommodate employees’ expectations to be able to work from their device of choice. Many of the security enhancements in the latest Windows 11 release take aim at closing that gap between employee experience and security requirements.

Windows Defender Credential Guard is now enabled by default with Windows 11 Enterprise, providing virtualization security to protect against credential theft.

Credential isolation with Local Security Authority is also enabled by default, providing extra protection to new enterprise-joined Windows 11 devices.

Hypervisor-protected code integrity is also enabled by default on all new Windows 11 devices.

Microsoft Vulnerable Driver Blocklist safeguards against advanced threats and ransomware attacks.

Configuration Lock for Secure Core PC lets IT lock down security policies so they can’t be changed inadvertently, closing the window of opportunity for an attacker. IT can set monitor settings to ensure that devices comply with company security policies and automatically revert changes immediately.

Smart Apps Control identifies trustworthy apps using threat intelligence signals and only allows processes to run if they are predicted to be safe, perfect for BYOD devices or small businesses. (Enterprise customers can use Windows Defender Application Control or AppLocker).

Enable passwordless authentication with Windows Hello for Business and a unique identifier, such as a biometric element.

Enhanced Phishing Protection in Microsoft Defender SmartScreen detects difficult-to-observe password phishing attacks and takes immediate action to prevent further compromise, informing employees right away that they need to change their password and automatically alerting IT of the incident.

Windows Autopatch keeps Windows, Microsoft Edge and Office deployments up-to-date and optimizes secure productivity.

Windows 11 in-product messages let IT communicate targeted information to the end user, for example providing direction during device setup in the Get Started application or sending messages to the lock screen or desktop.

Learn more about Ivanti UEM

To learn more about how Ivanti UEM solutions support modern management and BYOD use cases, visit the Ivanti Neurons for UEM for Windows Device Management page or download the detailed datasheet.