Microsoft’s April 2026 Patch Tuesday for Windows 11, delivered as KB5083769, breaks two long‑standing frustrations: Smart App Control no longer demands a clean OS install to change its state, and the sfc /scannow system file checker finally reports accurate results instead of false corruption flags. The update, which pushes Windows 11 25H2 to build 26200.8246 and 24H2 to build 26100.8246, also modernises several Settings dialogs, improves File Explorer reliability, and adds offline installer availability—but the SAC and SFC fixes are the ones that will matter most in day‑to‑day use.

Smart App Control Loses Its Clean‑Install Crutch

For the first time since Smart App Control debuted in Windows 11, you can now toggle it on or off on an existing installation without reinstalling the operating system. Previously, the feature’s settings were greyed out once Windows was up and running; the only official way to change them was a full reset. That rigidity made SAC a powerful but impractical security tool for anyone who wanted to experiment with it or who found it blocking legitimate software.

SAC works by checking apps and files against Microsoft’s cloud‑based reputation service, blocking anything that appears malicious or potentially unwanted. It is effective, but its aggressive posture can interfere with niche developer tools, custom enterprise applications, game launchers, and anti‑cheat software that don’t carry a strong reputation footprint. Until now, getting past a false positive meant either living without the app or biting the bullet and reinstalling Windows.

With KB5083769, that trade‑off disappears. You can navigate to Settings > Windows Security > App & browser control > Smart App Control and flip the switch. The option is rolling out gradually as part of Microsoft’s controlled feature rollout, so it may not appear immediately after the patch installs—but when it does, it makes SAC a genuinely manageable security feature rather than an all‑or‑nothing gate.

sfc/scannow Finally Reports What’s Real

The other headline fix is less visible but arguable more important to the health of the Windows support ecosystem. The sfc /scannow command‑line tool, a mainstay of system repair tutorials for decades, has been quietly misleading users by flagging errors that didn’t actually exist. Microsoft’s own guidance still places SFC at the end of a two‑step repair sequence—run DISM first to fix the component store, then use SFC to check and replace corrupted system files. When SFC generates spurious error messages, it erodes trust in the entire diagnostic process.

An inaccurate SFC can send help desks on wild goose chases, waste hours of troubleshooting, or convince a user that a perfectly healthy machine is broken. It can even trigger unnecessary reinstalls. KB5083769 corrects this behaviour. After the update, sfc /scannow should only report problems when there really are problems. That’s a small code change with an outsized impact on both IT confidence and self‑service repair.

What This Means for You

The practical implications split neatly by audience.

Home users and enthusiasts

If you’ve ever had Smart App Control block a game or a trusted utility, you can now disable it temporarily—or permanently—without the nuclear option of a Windows reinstall. That lowers the risk of enabling SAC in the first place, because you know you can back out painlessly. Similarly, if you’re the type who troubleshoots your own PC, a trustworthy sfc /scannow means one less reason to doubt the built‑in tools when something feels off.

Power users and IT professionals

The SAC change turns a one‑way door into a revolving one. You can pilot the feature in a small test group, gauge compatibility with your software portfolio, and adjust settings without redeploying images. That makes Smart App Control viable for enterprise evaluation—and, if it proves too noisy, reversibility is now built in. The SFC fix, meanwhile, restores confidence in a tool that many support scripts rely on. When you’re deciding whether to escalate a ticket, accurate diagnostics save real money.

How We Got Here

Smart App Control has always had a clean‑install dependency. Microsoft’s documentation described it as a feature that makes a one‑time evaluation of the system at setup, building a baseline of trust that couldn’t be easily undone—ostensibly for security purity. In practice, that meant that if you disabled SAC during a custom install, or if Windows decided your hardware wasn’t suitable, you were locked out. The April update unwinds that assumption, acknowledging that usability and adoption matter as much as theoretical protection.

sfc /scannow’s inaccuracy was a quieter, more persistent bug. It likely crept in during the continuous development cycles that characterise modern Windows servicing. As the operating system’s component store grew more complex, the tool’s reporting logic fell out of sync, leading to false positives. Microsoft has been gradually improving DISM and SFC resilience over several feature updates; KB5083769 seems to be the final nudge that aligns the output with reality.

Both fixes arrived via the monthly cumulative update channel, which now serves double duty—delivering security patches and forward‑carrying non‑security improvements tested in earlier preview flights. This reflects Microsoft’s strategy of moving the platform forward incrementally, often without waiting for a named feature update.

What to Do Now

First, install the update. KB5083769 is mandatory and will arrive automatically via Windows Update, but you can also grab it from the Microsoft Update Catalog as an offline .msu installer (5.1 GB for x64 25H2, 4.6 GB for 24H2). If Windows Update fails or you’re managing a fleet, the catalog is your fallback.

Once installed, verify your build number in Settings > System > About. For 25H2, you should see 26200.8246; for 24H2, 26100.8246. The SAC toggle may not appear right away—Microsoft stages these features using Controlled Feature Rollout. Check Settings > Windows Security > App & browser control periodically; when the “Smart App Control” section shows active toggles, you’ll know it’s live.

For the SFC fix, there is no toggle—just reliable diagnostics. If you ever need to check system integrity, the sequence remains dism /online /cleanup‑image /restorehealth followed by sfc /scannow. This time, the output should be accurate.

Admins should also note the Secure Boot certificate information now displayed in Windows Security (Device Security > Secure Boot). Microsoft is refreshing expiring boot certificates, and this section will flag devices that need manual firmware updates. In most cases Windows Update handles the transition automatically, but the visibility helps avoid surprises.

Other Notable Changes

KB5083769 brings a collection of smaller improvements that collectively polish the Windows 11 experience:

  • Settings app refresh: Legacy dialogs for local account management, the About page, and other areas now match Windows 11’s modern design language and support dark mode. The Settings home page loads faster, and system updates download more quickly from the Advanced page.
  • Microsoft 365 integration: You can now upgrade or cancel Microsoft 365 subscriptions directly from Settings > Accounts instead of being bounced to a browser.
  • Stylus tail button: If you remapped the Copilot hardware key to open a different app, the stylus tail button now respects that preference and launches the same app.
  • File Explorer: Toggling “Unblock” on downloaded files works more reliably. Voice typing (Win+H) now works while renaming files.
  • Remote Desktop phishing protection: Additional safeguards against malicious RDP files, rolling out to both Windows 11 and Windows 10.
  • High refresh rate support: Monitors with 1000 Hz refresh rates are now supported.
  • USB4 power saving: The USB4 controller can enter a low‑power state when the PC is asleep and connected to a monitor.
  • Baseline printer support, Safe mode taskbar fix, Start menu GPO fix, Windows Hello Fingerprint reliability, Reset this PC repair: A handful of targeted bug fixes round out the release.

Outlook

KB5083769 is not a flashy feature drop, but it is a foundational maintenance release that improves the practical security and reliability of Windows 11. The Smart App Control toggle will likely boost adoption of a powerful but underused protection layer, and the sfc/scannow fix rebuilds trust in the system triage toolkit. In the coming weeks, watch for two things: how quickly the SAC toggle reaches all eligible devices, and whether the SFC fix meaningfully reduces the volume of “phantom corruption” support requests. If both land as expected, this patch could quietly become one of the more appreciated Windows 11 updates of the spring.