Microsoft has released the optional non-security preview update KB5064080 for Windows 11, bringing the long-awaited Windows Backup for Organizations feature to the Release Preview channel. The update, which bumps the OS build to 22631.5840, also packs a collection of targeted reliability fixes addressing pain points in File Explorer, device management, networking, and storage. This release marks a significant step for enterprise IT teams planning large-scale device refreshes and migrations, as the new backup capability promises to slash reconfiguration time by automatically restoring user and system settings during enrollment.
The update landed on August 14, 2025, via the Windows Insider blog, with the official support article published on August 26. KB5064080 is not a security patch but a combined package that includes a Servicing Stack Update (SSU, KB5064743), a bundling that improves installation reliability but complicates rollback because SSUs cannot be uninstalled independently. For IT administrators, that means a carefully orchestrated testing and deployment strategy is essential before pushing the update broadly.
Windows Backup for Organizations: A First-Party Accelerator for Device Lifecycle
The headline act in KB5064080 is Windows Backup for Organizations, now listed as “generally available” in the Release Preview notes. Designed to integrate tightly with Microsoft Entra ID and Intune, the feature captures a curated set of user and device settings—not applications or user data—and restores them during Autopilot enrollment or a standard Entra join. Configuration categories include system settings, personalization, accessibility preferences, network and Wi-Fi profiles, File Explorer tweaks, Bluetooth pairings, language and time formats, and even gaming settings. The promise: a user who receives a replacement PC can be up and running with their familiar environment in a fraction of the time it would take to manually reconfigure everything.
However, the feature’s boundaries are just as important as its capabilities. Windows Backup for Organizations does not back up installed applications, app binaries, or full application state. Those remain the domain of Intune app deployment, MSIX packages, or third-party management tools. It is not a bare-metal recovery solution; traditional image backups and enterprise backup appliances are still required for disaster recovery. The restore flow is strictly tied to Microsoft Entra–joined devices (hybrid join may support backup-only scenarios, but full restore demands Entra join and the correct Intune enrollment policies).
Administrators enabling the feature must toggle it on in the Intune admin center under Enrollment → Windows Backup and Restore. Prerequisites include supported Windows 10 or 11 builds, Entra join, and Autopilot configured for user-driven mode if that deployment method is used. One glaring caveat: while the Release Preview announcement calls the feature “generally available,” the official Intune documentation page, as of late August 2025, still carries a “public preview” label. This discrepancy suggests that tenant-level availability may be phased or gated; IT teams should verify actual enablement in their own portals rather than assuming immediate access.
Beyond Backup: The Full List of KB5064080 Fixes
Microsoft packed several operational improvements into this update, many of which address helpdesk friction points:
- Removable storage policy enforcement: A long-standing compliance gap is closed. Policies intended to block USB and other removable drives now apply correctly, preventing unauthorized data exfiltration on managed devices.
- File Explorer reliability: Two fixes target common complaints. First, Explorer no longer erroneously displays only a single folder (such as Desktop) instead of the usual Recent/Recommended content. Second, performance slowdowns when numerous SharePoint sites are synced into Explorer are mitigated, a boon for hybrid workers who regularly traverse cloud file mounts.
- SMB over QUIC latency: Unexpected delays when accessing remote SMB shares over QUIC are reduced, improving file access for users connecting without a VPN.
- ReFS stability: A rare hang condition that struck when deduplication and compression were enabled together on ReFS volumes is resolved. This is critical for storage hosts and backup servers that depend on ReFS for integrity and space efficiency.
- Input and Unicode compliance: Extended Unicode characters—particularly rare Chinese glyphs—render correctly, and the Chinese (Simplified) IME receives bug fixes aligned with GB18030-2022 standards. These are essential for localization and governmental compliance.
- Narrator accessibility: Incorrect announcements regarding Windows Hello facial protection controls are now fixed, improving the experience for users relying on screen readers.
- Wi-Fi reconnect after Group Policy refresh: A glitch that could prevent automatic Wi-Fi reconnection following a GPUpdate is resolved.
- Remote Desktop camera enumeration: Cameras added or removed during a Remote Desktop session are now properly enumerated, aiding collaboration and teleconference scenarios.
These fixes, while individually small, collectively reduce the drain on IT support resources in organizations that manage fleets of devices.
Operational Risks: SSU Bundling and Preview Channel Caveats
Adopting any Release Preview update carries inherent risk, and KB5064080 is no exception. The combined SSU+LCU package means that rolling back the update is not as simple as running wusa.exe /uninstall. Administrators must use DISM commands with precise package names or restore from a system image, a process that demands preparation.
Moreover, the update’s “preview” status means it has not undergone the broadest compatibility testing. Historical precedent shows that preview builds can regress on specific hardware, clash with third-party drivers, or trigger unexpected behavior when endpoint detection and response (EDR) agents or storage filter drivers are present. A robust pilot phase is non-negotiable.
For Windows Backup for Organizations itself, the gap between the “generally available” tag and the Intune documentation’s “public preview” note is a red flag. Microsoft often rolls out cloud-backed features with feature flags that percolate gradually. An admin who rushes to deploy may find the toggle missing or the restore workflow malfunctioning. Verification in a non-production tenant is strongly advised.
Deployment Roadmap for Enterprises
IT teams should treat KB5064080 as a strategic enabler but not a routine patch. The following pragmatic checklist can guide a safe rollout:
- Isolate a pilot cohort representing 1–5% of the fleet, covering diverse hardware, driver stacks, EDR agents, ReFS servers, and heavy SharePoint users.
- Prepare rollback procedures before deployment. Document DISM removal steps and ensure image-level backups are current. Have offline recovery media ready.
- Validate Windows Backup in a lab first: In a test tenant, confirm Entra join, enable the backup/restore Intune settings, and run complete backup‑and‑restore cycles. Note exactly what is and isn’t restored—especially application settings and user file paths.
- Test all critical scenarios: Verify removable storage policy enforcement, File Explorer behavior with many SharePoint sites, ReFS deduplication/compression loads, SMB over QUIC performance, Remote Desktop camera handling, and Wi‑Fi reconnect after GPUpdate.
- Expand gradually after 1–3 weeks of incident-free monitoring. Track helpdesk ticket patterns and upgrade success rates to catch regressions early.
- Set end-user expectations: Communicate that the new feature restores settings, not apps or files. Users must still rely on existing backup and deployment tools for their data and software.
Security and Compliance Considerations
With any cloud‑tied configuration sync, data residency and access controls come into focus. Administrators should audit where backup metadata and settings snapshots are stored, ensuring alignment with regulatory requirements such as GDPR or local data sovereignty laws. Conditional access policies in Microsoft Entra must be reviewed to prevent unintended elevation during restore operations. Additionally, the restore process must be incorporated into incident response and disaster recovery drills, with clear recovery time objectives (RTOs) and chain‑of‑custody documentation.
The Verdict: Pilot Now, Deploy Broadly with Care
KB5064080 is a compact but consequential update. Windows Backup for Organizations fills a genuine government‑shaped hole in the Microsoft 365 ecosystem, offering a native way to slash reconfiguration labor during device refreshes. The supporting fixes—especially those for File Explorer, USB policy, and ReFS—will reduce helpdesk noise in managed environments.
Yet Release Preview flights are not final bits. The SSU bundling raises rollback complexity, and the feature’s fuzzy availability status demands tenant‑level verification. For organizations already committed to Intune and Entra ID, the payoff is real: faster time‑to‑productivity and fewer configuration errors. But that payoff materializes only when pilot rings prove stable, rollback paths are clear, and the backup feature is fully understood as a settings‑only accelerator, not a comprehensive recovery solution.
As the Windows servicing cadence continues, expect the new backup capability to graduate to the production channel in a future quarterly update. Until then, a cautious, test‑first approach will separate successful deployments from disruptive surprises.