Microsoft has pushed a Release Preview update for Windows 11 that eliminates a severe storage bug and introduces a new enterprise backup service. KB5064080, published on August 26, 2025, advances OS builds to 22621.5840 and 22631.5840 and targets a range of reliability issues while previewing Windows Backup for Organizations for the first time in a public build. The package landed in the Release Preview channel for Windows Insiders and functions as an optional, non-security update—a prelude to fixes that will later roll into mandatory cumulative updates.
ReFS stability fix ends hang from deduplication and compression
The most impactful repair in this release addresses a rare but critical condition on ReFS volumes. When administrators enabled both data deduplication and compression on the same ReFS volume, the system could stop responding entirely. The bug triggered a full hang, forcing hard resets on file servers, virtualization hosts, and backup appliances—any infrastructure that relies on ReFS for resilience and storage efficiency.
Server operators often pair ReFS deduplication with compression to maximize space savings on secondary workloads. The combination is supported by design, but an edge case in the file system’s metadata handling caused a deadlock. Microsoft’s fix reworks the internal locking order so that compression and deduplication operations can proceed without stepping on each other.
IT teams managing ReFS volumes—especially those used for Hyper-V VM storage, Scale-Out File Servers, or backup repositories—should apply this update as a priority in pilot rings. The fix reduces operational risk during routine optimization jobs and avoids the kind of surprise outage that can cascade across dependent services.
File Explorer regressions get corrected
Two long-festering Explorer bugs receive patches. First, users reported that File Explorer could unpredictably show only a single folder—usually Desktop—instead of the full navigation pane. The glitch appeared intermittently and often resolved after a restart, but it broke workflows for anyone reliant on frequent folder switching.
Second, heavy SharePoint synchronization slowed File Explorer to a crawl. When many SharePoint document libraries are synced via OneDrive, Explorer’s context menus and navigation tree spent excessive time enumerating remote metadata. The update lightens the enumeration load, reducing latency for hybrid workers who bounce between local folders and cloud-synced libraries daily. For enterprises with hundreds of synced SharePoint sites, this fix directly cuts into helpdesk ticket volumes.
SMB over QUIC timeouts and RDS camera fixes
KB5064080 also mitigates timeouts and unexpected delays when accessing SMB shares over QUIC. SMB over QUIC is increasingly used for secure file access across untrusted networks, and even short hangs degrade performance for applications that stream data or open many small files. The patch adjusts the transport’s reconnection logic to prevent stalls that were especially noticeable on high-latency links.
On the Remote Desktop side, the update repairs camera enumeration so that USB cameras plugged in or removed during an active RDS session appear correctly. Previously, hot-plugging a webcam could leave it invisible to applications inside the session until the user disconnected and reconnected. The fix ensures that Plug and Play events propagate properly through the RDS virtual channel stack.
Removable storage policy enforcement restored
A compliance-sensitive bug blocked proper enforcement of removable storage access policies. Even when Intune or Group Policy explicitly denied access to USB drives and memory sticks, the OS sometimes allowed read or write operations. The loophole exposed organizations to data exfiltration risks and made it impossible to rely on the policy setting for regulatory controls. KB5064080 restores the enforcement path so that the policy block works as intended. Administrators who depend on this control should test the fix immediately with their endpoint security stack, as third-party EDR agents can sometimes override or interfere with native policy handling.
IME localization and accessibility refinements
Input and display issues for Chinese characters receive corrections aligned with the GB18030‑2022 standard. Certain extended Unicode characters—including rare Chinese symbols—rendered as blank squares in text fields and applications. The update also fixes an IME bug that produced empty boxes when users attempted to type specific characters. For organizations operating in China or using Chinese-language interfaces, these fixes eliminate visual gaps and input errors.
Narrator, the built-in screen reader, now correctly announces the label for a Windows Hello checkbox. The small change improves accessibility during sign-in configuration, particularly on devices where Windows Hello is being enrolled for the first time.
Wi‑Fi reconnection after Group Policy updates
A networking fix ensures that Wi‑Fi reconnects automatically after a Group Policy refresh in affected scenarios. Without the patch, some devices would drop the connection and never re-join the network, requiring a manual reconnect or a reboot. The bug could leave remote workers stranded after a policy sync, so Microsoft’s correction restores the expected auto-reconnect behavior.
Windows Backup for Organizations emerges as a new enterprise capability
The release notes flag Windows Backup for Organizations as “New!”—a signal that Microsoft is broadening access to its first-party backup and restore tool for enterprise tenants. The service aims to give IT departments a managed solution for capturing device settings, app lists, and user data during migrations, refreshes, or recovery operations. Unlike the consumer-focused Windows Backup that shipped with earlier builds, this organizational variant ties into Intune, Entra ID, and tenant-level policies.
However, the “New!” label does not guarantee immediate availability for every tenant. Microsoft typically gates such features behind staged rollout rings, licensing prerequisites, and admin enablement. IT pros should head into their Intune or Entra portals, check for the feature flag, and run a full backup-and-restore cycle in a test tenant before enabling it broadly. What appears as a simple toggle in the release notes often requires deep validation of which settings persist, how Wi‑Fi profiles and network shares are handled, and whether the restore process conflicts with existing provisioning workflows.
A note on Secure Boot certificates
While not a change delivered by KB5064080, the official support page includes a prominent reminder: Secure Boot certificates used by most Windows devices will begin expiring in June 2026. Microsoft has been rolling out updated certificates through Windows Update for months, and most consumer and unmanaged business devices should already have them. IT administrators must check the Secure Boot Playbook for Windows clients and Windows Server to ensure their managed fleet is prepared. The Windows Security app can display current certificate status. This advisory will grow more urgent over the next twelve months, making it a sensible addition to any roadmap even though it sits outside the direct scope of this preview update.
Known risks and compatibility considerations
Preview updates are inherently less battle-tested than Patch Tuesday cumulative packages. Community archives show that some preview flights have triggered black‑screen RDP sessions, Wi‑Fi regressions on specific NIC chipsets, and even the deletion of restore points. While KB5064080 did not attract widespread incidents in early Release Preview feedback, the potential for driver or security-agent conflicts remains.
Third‑party EDR and antivirus software can intercept storage policy enforcement and ReFS filter drivers. Organizations running hardware RAID controllers with vendor‑specific deduplication engines should coordinate with their storage vendor before deploying the update on production ReFS volumes. The combined SSU+LCU packaging simplifies installation but complicates removal: the Servicing Stack Update portion cannot be uninstalled in the usual way and requires DISM operations to roll back the entire package.
Testing and rollout guidance
Administrators should follow a disciplined ring‑based deployment:
- Identify a pilot cohort that spans consumer laptops, corporate managed laptops, ReFS servers, SMB‑over‑QUIC clients, and devices that use removable storage policies.
- Create full image backups or restore points and confirm that rollback procedures work.
- Execute targeted tests:
- Run simultaneous deduplication and compression jobs on a ReFS test volume.
- Mount multiple SharePoint libraries and stress File Explorer navigation.
- Connect over SMB/QUIC from a remote client and measure latency.
- Apply a removable storage block policy and verify enforcement with and without third‑party agents.
- Hot‑plug a webcam during an active RDS session.
- Walk through a full Windows Backup for Organizations backup and restore in a lab tenant. - Monitor telemetry—app crash rates, kernel bugchecks, update installation failures—and keep helpdesk alert queues open for at least a week.
- Expand to a wider validation ring before pushing to broad production.
Final assessment
KB5064080 is a quality-focused preview that cleans up genuine pain points. The ReFS hang fix alone makes it a must-test for any organization using the file system in production. Explorer and SharePoint improvements will reduce daily friction, while the restoration of removable storage policy enforcement closes a compliance gap. Windows Backup for Organizations signals a strategic shift toward first‑party device lifecycle management, even if its full value depends on tenant readiness.
Because this is a preview update and history shows that even the most benign-looking patches can interact unpredictably with third‑party drivers, pilot validation remains mandatory. Administrators who apply the update with the described testing discipline will gain early relief from several known bugs; those who skip the pilot run the usual preview‑flight risks.