Insider Windows 11 Canary Builds

What’s new in Build 25314​

Access Keys in File Explorer​

We are adding access key shortcuts into the XAML context menu in File Explorer. An access key is a one keystroke shortcut that allows a keyboard user to quickly execute a command in context menu. Each access key will correspond with a letter in the display name. It’s part of our effort to make File Explorer more accessible. To try this out, you can click on a file in File Explorer and press the menu key on your keyboard.

NOTE: If you see the “pizza” icon on the command bar in File Explorer that denotes you are previewing the Windows App SDK version of File Explorer, you will not see this feature yet.

[We are beginning to roll this out, so the experience isn’t available to all Insiders in the Canary Channel just yet as we plan to monitor feedback and see how it lands before pushing it out to everyone.]

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Files, Folders, and Online Storage > File Explorer.

File Recommendations in File Explorer​

File Recommendations are coming to File Explorer Home to bring users the most relevant file content right to their fingertips. This feature (as pictured below) will be available to users signed into Windows with an Azure Active Directory (AAD) account. Files that are recommended will be cloud files associated with that account, either owned by the user, or shared with the user.

[We are beginning to roll this out, so the experience isn’t available to all Insiders in the Canary Channel just yet as we plan to monitor feedback and see how it lands before pushing it out to everyone.]

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Files, Folders, and Online Storage > File Explorer.

Introducing LSA Protection Enablement on Upgrade​

Local Security Authority (LSA) protection helps protect against theft of secrets and credentials used for logon by preventing unauthorized code from running in the LSA process and by preventing dumping of process memory. Starting with on upgrade, we will audit for a period of time to check for incompatibilities with LSA protection. If we do not detect any incompatibilities, we will automatically turn on LSA Protection. You can check and change the enablement state of LSA protection in the Windows Security application under the Device Security > Core Isolation page.

LSA protection records whether programs are blocked from loading into LSA in the event log. If you would like to check if something has been blocked, information on the logs recorded is available here.

Feedback: Please file feedback in Feedback Hub (WIN+F) under Security and Privacy > Logging Into Your PC.

Narrator Outlook Support​

Narrator will now retrieve updates to its Outlook support when Narrator is started. You can learn more about the work we did for Outlook in Chapter 5 of the Narrator User Guide. We have not added any additional functionality to our Outlook support, but this work will allow updates to the Outlook experience to be made through the Microsoft Store. You will receive a notification after the download is completed to inform you that the update has been retrieved. With this change, Narrator’s Outlook support is limited to U.S. English only. Other languages will be supported in a future flight.

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Accessibility > Narrator.

Changes and Improvements​

[General]​

To increase security in Windows 11, starting with this build and later we are disabling the Remote Mailslot Protocol by default. The legacy Remote Mailslot Protocol is a simple, unreliable, insecure, and unidirectional inter-process communications protocol between a client and server and was introduced in Windows NT 3.1 and will be deprecated in a future Windows release. If an application attempts to open a Remote Mailslot session over the SMB protocol, you may see one or more of the following errors:

• 3025 ERROR_REMOTE_MAILSLOTS_DEPRECATED
• “The requested operation failed. Remote mailslots have been deprecated.”

If your application still uses Remote Mailslot, contact your vendor about updating their software. The legacy Remote Mailslot is not secure and should not be used under any circumstances. If you need to temporarily enable Remote Mailslot, run the following command in an elevated PowerShell console:

What’s new in Build 25370​

Support for vTPM in Hyper-V on Windows on Arm (Arm64) builds​

After upgrading your host OS to the latest flighted build (Build 25370 and higher), you will now be able to upgrade guest Windows on Arm VM’s to Windows 11 Insider Preview builds as it will detect the TPM 2.0 requirement.

Changes and Improvements​

[Networking]​

• Added support for bridging adapters via command line via netsh.
• Passpoint Wi-Fi networks will now support enhanced connection performance and will display a URL in Quick Settings to provide information to users about the venue or event.
• We added WPA3 support to the Phone Link instant hotspot feature for more secure connections to a phone’s hotspot. Also made fixes to respect metered connection settings, reduce duplicate profiles, and show the phone’s display name in the network list.

[Settings]​

• We have added links to advanced properties for network adapters and internet properties under Settings > Network & internet > Advanced network settings.

• Link to advanced properties for network adapters in Settings.

For developers​

You can download the latest Windows Insider SDK at aka.ms/windowsinsidersdk.

SDK NuGet packages are now also flighting at NuGet Gallery | WindowsSDK which include:

• .NET TFM packages for use in .NET apps as described at ms/windowsinsidersdk
• C++ packages for Win32 headers and libs per architecture
• BuildTools package when you just need tools like MakeAppx.exe, MakePri.exe, and SignTool.exe

These NuGet packages provide more granular access to the SDK and better integration in CI/CD pipelines.

SDK flights are now published for both the Canary and Dev Channels, so be sure to choose the right version for your Insider Channel.

Remember to use adaptive code when targeting new APIs to make sure your app runs on all customer machines, particularly when building against the Dev Channel SDK. Feature detection is recommended over OS version checks, as OS version checks are unreliable and will not work as expected in all cases.

About the Canary Channel​

The Canary Channel is the place to preview platform changes that require longer-lead time before getting released to customers. Some examples of this include major changes to the Windows kernel, new APIs, etc. Builds that we release to the Canary Channel should not be seen as matched to any specific release of Windows and some of the changes we try out in the Canary Channel will never ship, and others could show up in future Windows releases when they’re ready.

The builds that will be flighted to the Canary Channel are “hot off the presses,” flighting very soon after they are built, which means very little validation and documentation will be done before they are offered to Insiders. These builds could include major issues that could result in not being able to use your PC correctly or even in some rare cases require you to reinstall Windows. We will offer limited documentation for the Canary Channel, but we will not publish a blog post for every flight – only when new features are available in a build.

Our Canary Channel won’t receive daily builds; however, we may ramp up releasing builds more frequently in the future.

The desktop watermark you see at the lower right corner of your desktop is normal for these pre-release builds.