Microsoft has seeded Windows 11 version 25H2 to the Release Preview channel, signaling that the next annual feature update is nearing finalization with a focus on stability, manageability, and measured on-device AI integration. The company is positioning this release as a conservative, operationally minded update after a turbulent 2024 cycle, leveraging a lightweight enablement package to activate features already staged in monthly updates. With Windows 10’s October 14, 2025, end-of-support date looming, 25H2 is being pitched as a reliable migration point for organizations and consumers alike.

An enablement package, not a full rebuild

25H2 is not a traditional monolithic feature update. Instead, it arrives as an enablement package (eKB) that flips on functionality already present but dormant in Windows 11 24H2’s cumulative updates. For devices fully patched on 24H2, the upgrade typically requires only a small download and a single restart. This model drastically reduces downtime and simplifies validation for IT teams managing diverse fleets. The Release Preview availability indicates that the build is near-final, though Microsoft will still take feedback and refine driver compatibility before broad deployment.

More practical Start menu personalization

The most noticeable user-facing change is a redesigned Start menu that offers two display modes: Categories and Grid. Categories automatically group apps into logical clusters, while Grid preserves the classic icon-based layout. Larger monitors can now display up to eight columns of pinned applications. Crucially, users can now completely disable the Recommendations section—a long-requested capability that removes promotional and suggested content, delivering a cleaner, more business-friendly experience.

On-device AI agent “Mu” in Settings

A headline feature for the update is an AI agent—dubbed Mu in early reporting—embedded directly into the Settings app. Unlike the more detached Copilot chatbot, Mu is task-oriented: users can type natural-language commands to adjust system settings, such as changing display scaling or configuring voice controls. The agent runs on a local model, promising faster response times and improved privacy by avoiding cloud roundtrips. Initial availability is gated to Copilot+ certified Snapdragon systems with an NPU, with plans to expand to more CPUs and languages over time. For regulated environments, IT administrators should carefully evaluate Mu’s data flows and telemetry before enabling it broadly.

Native debloat tool for enterprise images

Enterprise and Education SKUs gain a long-awaited administrative control: a Group Policy and MDM CSP named “Remove Default Microsoft Store packages.” This setting allows IT to selectively unprovision inbox apps—such as Xbox, Windows Media Player, or Notepad—at the device level during initial provisioning. The policy operates only when new user accounts are created, not for existing profiles, and is exclusive to Enterprise and Education editions, leaving Home users reliant on third-party scripts.

Security hardening: removing PowerShell 2.0 and WMIC

Microsoft is putting Windows PowerShell 2.0 and the WMIC command-line tool on the chopping block, removing them from the shipping OS image entirely. Both have been deprecated for years and are superseded by the PowerShell 5.1 engine and CIM/WMI cmdlets. This change reduces the legacy attack surface but will break scripts and scheduled tasks that still hardcode references to PSv2 or WMIC. Organizations must inventory and convert such automation to modern equivalents—a nontrivial lift for enterprises with deep legacy dependencies.

Driver static analysis moves to CodeQL

The Windows Hardware Compatibility Program (WHCP) is retiring the old Static Driver Verifier and adopting CodeQL-based static analysis for driver certification. For 25H2, Microsoft specifies validated CodeQL CLI and pack versions that hardware vendors must meet to get drivers signed for Windows Update. This shift promises to catch subtle vulnerabilities earlier but also threatens to strand older hardware whose drivers fail the new tests. IT administrators should check vendor support roadmaps, especially for mission-critical peripherals that may lose automatic driver distribution.

Deployment concerns and feature fragmentation

While the enablement package minimizes installation friction, it does not eliminate validation requirements. Microsoft recommends building pilot rings that reflect real-world hardware diversity—including ARM64, Intel, AMD, and Copilot+ NPU systems—and thoroughly testing line-of-business apps, EDR agents, and storage drivers. The removal of PowerShell 2.0 and WMIC demands careful scripting inventory and remediation before rollout.

Feature fragmentation remains a risk. AI capabilities and certain Copilot-adjacent features are gated behind hardware and licensing, meaning users on identical corporate images may see different experiences. IT support desks should document expected feature sets for each device class.

Enthusiast chatter about a “500 KB” enablement package should be treated with skepticism. While the eKB itself is tiny, administrators using WSUS or SCCM often see larger cumulative downloads due to superseded content and packaging. Microsoft’s own guidance stresses that the actual size varies by environment.

Windows 10 end of support and migration timing

Windows 10 will stop receiving security updates on October 14, 2025. For the millions still running it, 25H2’s stability-first posture makes it an appealing upgrade target. The UI refinements are modest, workflows remain familiar, and the enablement approach allows IT to stage the rollout with minimal disruption. However, the required remediation of PowerShell and WMIC scripts cannot be postponed indefinitely; organizations must start now to avoid last-minute scrambles.

Strengths, weaknesses, and the final verdict

25H2 brings clear wins for enterprise manageability: lower deployment friction, native inbox app cleanup, improved performance diagnostics, and sensible security hardening. The on-device AI agent represents a more privacy-conscious approach than earlier cloud-centric demos.

Yet the update is not without pain points. The forced retirement of legacy scripting tools imposes real migration costs. Stricter driver certification could orphan older hardware. And hardware-gated AI features will create an uneven landscape across fleets.

Ultimately, 25H2 is not a flashy reinvention. It is a deliberate, stability-oriented release engineered to restore confidence after a rocky 2024. IT professionals who value predictability will welcome it; enthusiasts craving visual drama may be underwhelmed. But few will miss the bug-prone blockbuster updates of the past. If 25H2 delivers on its promise of fewer regressions and cleaner device images, it will be a quiet but crucial step forward.

Practical upgrade checklist

  • Build a pilot group representing your hardware: x86, ARM64, Copilot+ NPU systems.
  • Inventory all scripts and scheduled tasks that invoke PowerShell 2.0 or WMIC; convert to PowerShell 5.1/7.x and CIM cmdlets.
  • Test EDR, backup agents, and storage drivers against a 25H2 ISO in a lab environment.
  • If using the debloat policy, validate that the Remove Default Microsoft Store packages setting behaves correctly during provisioning.
  • For privacy- or compliance-sensitive environments, test Mu and any other AI features in a controlled setting.
  • Document rollback procedures and ensure image backups before broad enablement.