Microsoft’s September Patch Tuesday cumulative update for Windows 11, KB5065426, marks a significant shift in how the operating system delivers AI capabilities. Over a gigabyte in size on many architectures, the update bundles on-device generative AI models, a redesigned UI for key surfaces, and new privacy controls that put users in charge of which apps tap into local AI processing. But the sheer heft of the package and the company’s staged rollout strategy mean that not every PC will feel the impact equally—and administrators have new operational hurdles to clear.

Both Windows 11 version 23H2 and 24H2 receive the same KB identifier, and while the security fixes are applied immediately, the feature set is enabled gradually via server-side switches tied to hardware eligibility, licensing SKUs, and regional availability. This approach, while familiar from previous feature drops, creates a patchwork of experiences across otherwise identical machines. For IT teams, it’s a call to action: know your fleet’s hardware and entitlement state before users start asking why their colleague has AI image editing in File Explorer and they don’t.

Copilot+ Features Arrive On-Device—If Your PC Qualifies

The headline additions in KB5065426 are the Copilot+ capabilities: Recall, Click to Do, and the Agent in Settings. These were previously limited to Snapdragon X-based Copilot+ PCs; now they expand to AMD and Intel models that meet the NPU threshold. But here’s the catch: Microsoft ships the client-side code inside the cumulative update, then flips a switch remotely to activate the features on eligible devices. That means even after installing the patch, you might not see them for days or weeks.

Recall gets a revamped homepage with shortcuts to recent snapshots, top apps, and frequently visited websites. A new left navigation bar provides quick access to Home, Timeline, Feedback, and Settings. The feature remains opt-in, encrypts snapshots locally, and requires Windows Hello for access. Click to Do now greets users with an interactive tutorial the first time they invoke it, walking them through text and image actions (summarize, extract, edit). The Agent in Settings—an on-device assistant that interprets natural language to recommend settings—finally arrives on AMD and Intel Copilot+ PCs but is still limited to English as the display language.

These features demonstrate Microsoft’s commitment to local AI: they run directly on the neural processing unit (NPU) without a round trip to the cloud. For users, that means lower latency and offline capability. For organizations, it means the feature set is gated by hardware procurement decisions made a year or more ago. Companies that skipped Copilot+ certified devices won’t see these enhancements at all, short of a hardware refresh.

The Price of Local AI: Updates Grow to Gigabyte Scale

One immediate consequence of shipping on-device models inside the cumulative update is the ballooning of package sizes. Independent reports from the Microsoft Update Catalog and early testers show .msu files measuring multiple gigabytes—comparable to downloading an entire Windows installation image. The exact size varies by architecture (x64 vs Arm64) and the specific version branch, but administrators should brace for a transfer and storage footprint well beyond a typical Patch Tuesday update.

In enterprise environments with bandwidth throttling, metered connections, or branch offices connected via WAN, this can disrupt update cadences. Microsoft’s own delivery optimization, peer caching, and tools like WSUS or the Microsoft Update Catalog become essential to mitigate the impact. IT teams should also evaluate disk space on clients: the installed model binaries will consume precious gigabytes on the system drive, potentially squeezing users with small SSDs.

Search, File Explorer, and Shell AI Actions Get Smarter

Beyond the Copilot+ exclusives, the update bakes AI into everyday file interactions. Search now presents image results in a grid layout, and a status indicator lets users know when indexing is still in progress—so no more second-guessing why a recent file doesn’t appear. Results clearly distinguish between files stored locally and those in the cloud, a subtle but helpful differentiation.

File Explorer gains context menu entries for AI-driven image operations: blur background, remove background, and erase objects. A Summarize action for documents leverages cloud AI (and likely a Microsoft 365 Copilot license) to distil content. These features appear directly in the right-click menu, lowering the barrier to quick edits and summaries. However, the fine print matters: some actions require a Microsoft 365 subscription or Copilot license, and not all file types are supported. Users who don’t see the options should check both their license entitlements and whether the feature has been enabled on their device.

Privacy Takes Center Stage with Generative AI Controls

A new Settings page at Privacy & security > Text and Image Generation lists third-party apps that recently accessed Windows’ built-in generative models. Per-app toggles let users cut off access immediately. This is a direct response to the growing number of applications—from photo editors to meeting summarizers—that hook into on-device AI. It gives individuals and admins a clear audit trail and a kill switch.

While the controls are a welcome transparency measure, their effectiveness hinges on how faithfully applications disclose their AI usage and whether the OS can intercept all model invocations. Early signals from Microsoft’s documentation suggest the feature covers the Windows Copilot Runtime and associated APIs, but third-party apps using their own models directly on the NPU may not appear here. Security teams should still treat this page as a valuable layer, not a complete solution, and layer it with endpoint detection and response (EDR) monitoring where sensitive data is involved.

UI Polish: Windows Hello, Notifications, and System Dialogs

The visual refresh in KB5065426 touches several longstanding interface elements. Windows Hello gets a complete redesign with smoother animations and a more modern credential picker that can switch between passkeys, PIN, and connected devices. The trade-off, as noted by early testers on Thurrott.com and echoed in community forums, is speed: the new flow feels slower than the old, more utilitarian one. For kiosks or devices where rapid biometric sign-in is critical, this is a regression worth testing before broad deployment.

The Notification Center now supports a larger clock with seconds—a feature Windows 10 users have long missed—toggleable from Settings > Time & language > Date & time. It’s a small quality-of-life improvement that makes the system tray more glanceable without opening the full calendar.

System permission prompts now appear as modal dialogs centered on a dimmed desktop, forcing user attention before granting access. This change aligns with accessibility best practices and reduces the risk of accidental consent.

Lock Screen Widgets and Widgets Board Get More Flexible

Lock screen widgets become customizable: users can add, remove, and rearrange them, and a new small size option allows more information density. The Widgets board itself gains support for multiple dashboards, each with its own set of widgets, and a left navigation bar to switch between dashboards and the Discover feed. Microsoft claims Discover is “more organized, personalized, and engaging,” though these feeds often come with the usual caveats about promoted content and advertising.

Task Manager Accuracy Fixes and the Details View

A long-standing quirk in Task Manager’s CPU reporting gets patched: the Processes and Details tabs now align correctly. Additionally, the Details view introduces an optional CPU Utility column—previously only available in Processes—giving power users a consistent metric across both panes. These fixes resolve discrepancies that could mislead performance analysis and are a welcome, if overdue, correction.

Under the Hood: Bug Fixes and Security Patches

As always, a Patch Tuesday update carries the month’s security fixes. KB5065426 addresses vulnerabilities across the stack, including issues in Resilient File System (ReFS), the Chinese Simplified IME, and Arm64 performance optimizations. Microsoft hasn’t published any zero-day mitigations specific to this update at press time, but the cumulative nature means all prior fixes are bundled. The usual reboot is required.

The forum discussion emphasizes that administrators should not treat this as a routine rollup: the combination of large payloads, staged features, and privacy changes warrants a closer look. The original Thurrott.com article echoes this, noting that most features are “gradual” and that the Windows Hello redesign, while prettier, is slower.

Benefits and Strengths

  • Productivity at the file level: On-device AI actions in File Explorer and Click to Do reduce context switches for common tasks like image editing and document summarization. Knowledge workers and creators can stay in flow.
  • Privacy-forward design: The Text and Image Generation settings page is a meaningful step toward giving users agency over which apps use local AI models. This auditability is critical for enterprise compliance.
  • Offline reliability: With models stored locally, features like Recall and image editing work without an internet connection, improving responsiveness and privacy.
  • Iterative polish: Smaller refinements—the larger clock, modal dialogs, accurate CPU reporting—accumulate into a more coherent daily experience.

Risks and Operational Concerns

  • Update size and bandwidth: Multi-gigabyte downloads can saturate branch office links and inflate maintenance windows. Organizations must plan distribution carefully, using peer-to-peer caching and scheduling.
  • Feature gating complexity: Heterogeneous enablement leads to user confusion and support tickets. IT must document which features require specific hardware, licenses, and regions.
  • Recall’s snapshots: Despite encryption and opt-in, the feature retains a record of screen activity. Enterprises need clear retention policies and legal review, especially in regulated industries.
  • Windows Hello speed: The modern UI may slow down sign-in on devices where speed is paramount. Testing and rollback options (if the old behavior is recoverable) should be part of the pilot.
  • Licensing entanglements: Some File Explorer AI actions require cloud processing or a Microsoft 365 Copilot license. Without proper entitlement mapping, users may encounter paywalls unexpectedly.

Deployment Guidance for Administrators

  1. Hardware and license inventory: Identify which devices have Copilot+ NPUs and which users hold Microsoft 365/Copilot licenses. Map feature gates to this inventory to set expectations.
  2. Pilot ring expansion: Include a mix of hardware generations and license states. Validate performance, disk usage, and Windows Hello behavior before rolling out broadly.
  3. Bandwidth mitigation: Use Delivery Optimization, BranchCache, or WSUS to cache and distribute the large .msu files. Download from the Microsoft Update Catalog to get exact sizes and schedule during off-peak hours.
  4. User communication: Brief users on new features—especially the opt-in nature of Recall and the privacy settings for on-device AI. Create quick guides for Click to Do and the updated Windows Hello flow.
  5. Policy updates: Update acceptable use policies to address Recall snapshots and generative AI usage. Ensure the new privacy page is incorporated into periodic audits.
  6. Monitor and adjust: Track help desk trends for feature confusion or sign-in slowness. Use telemetry to gauge adoption and spot regressions.

For Consumers and Power Users

  • If the update’s size is a concern, defer installation via Windows Update’s pause feature or download the .msu manually during a low-traffic period. Check your system drive for sufficient space.
  • After updating, visit Privacy & security > Text and Image Generation to review which apps have tapped into on-device AI. Toggle off any you don’t trust.
  • If Copilot+ features don’t appear, verify your PC’s NPU eligibility, set English as the primary display language, and confirm your Microsoft 365 subscription status. Be patient—server-side enablement may take time.
  • Should the new Windows Hello feel sluggish, try removing and re-adding your biometric credentials; some Reddit threads suggest a reset helps, though results vary.

The Bigger Picture: AI Becomes the OS

KB5065426 isn’t just another cumulative update—it’s a milestone in Microsoft’s strategy to weave AI into the fabric of Windows. By shipping model binaries with the monthly patch, the company ensures that Copilot+ features can run on-device at scale. However, this approach forces every updater to carry the weight of those models, regardless of whether their hardware can use them. It’s a bet that the value of offline AI and instant responsiveness outweighs the cost of larger downloads and storage.

For enterprises, this update is a wake-up call to get hardware and licensing aligned if they want to participate in the AI-enabled shell. For consumers, it’s a glimpse of a Windows that doesn’t just react to clicks but anticipates needs—without sending every interaction to the cloud. The next few months will reveal whether the operational friction of multi-gig updates and feature gating are worth the productivity leap, or if Microsoft needs to rethink how it packages on-device intelligence.

As of now, the update is available via Windows Update, WSUS, and the Microsoft Update Catalog for manual download. Users should reboot to complete installation. With each Patch Tuesday that carries features of this caliber, the line between a simple security update and a full-blown feature release continues to blur. KB5065426 makes that line almost invisible.